3dbe8515ba80bfa3283596b53e65b661cf218eb9129c017aa5de00c41a1244f0

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02e95830171d49ab810971e2e98459d6_JaffaCakes118.html
Size

213KB
MD5

02e95830171d49ab810971e2e98459d6
SHA1

787cd792add896551f1d2caf92e415385c73514e
SHA256

3dbe8515ba80bfa3283596b53e65b661cf218eb9129c017aa5de00c41a1244f0
SHA512

679ed700f468bc2031c4a3f9a02f266f3f258e124e7f483d630d00882994b51a14ed496ce811afda3f0d05a6b16b9b8396ff2c23c94335ec867892ddbf1fbb7d
SSDEEP

3072:SAJmgVZm9j/yfkMY+BES09JXAnyrZalI+YQ:SAHcKsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83A0BC41-0476-11EF-8F9A-6A55B5C6A64E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420371121"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2332	1924	iexplore.exe	28
PID 1924 wrote to memory of 2332	1924	iexplore.exe	28
PID 1924 wrote to memory of 2332	1924	iexplore.exe	28
PID 1924 wrote to memory of 2332	1924	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\02e95830171d49ab810971e2e98459d6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78e3243509015255599278818435393f

SHA1
0baf1532f9a354877377e2d3234c2871a5da6ddc

SHA256
001b50092455caf3dde88347a05fe6b44fb9fdb89bd16c42d8fbfee3370daf64

SHA512
c6884b52b41495d3fc36873abd95eee9b41dbe9ce5179f62355e1c918a05c5e7fdc2da7b2f02854e5081a33a0146849f0fc7f4cbf708c9bb56c1b0e669bb8234

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f587f407733845170f5e88c2db3da0ce

SHA1
04dfb8246f91bb8889625db7ac6461098332a1ea

SHA256
de4808fd366029f92cb7c2e482c10094a800ed098daddc749971a581a9b139b9

SHA512
2b15a75718e2629ad73d8c071dbf94d89392731d3ea4a6c3638ffabe01840950b1b6ec316c974544d97f431bf7e7e5d0fefed9f87d519d8fe7e4532349f2638c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4520e934837d3e532bfcfbf525efcdf5

SHA1
e8037d23050d83e072c69272405f8d6143797fb1

SHA256
25d54f2b59556b863554e8aba7374a98f4d2ed3cf4b066f50c0d8cec9b04e3cc

SHA512
7a4f449b72c5b6f11e5a8aaa7e00b21748b770c3a577aac1e9a5f632bf5ad673f41f0c6ca030209b46a395173e69a152d541cdbe2748ffd32b186d2ce4fc3ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ed051f4df6b087e5467ae79e83c226a

SHA1
cc661ac15a2a91ab3f457a1b9926396f5ba06320

SHA256
ed6bafb795a75038e898589904983092eec08f05ab2a8ee76b3fe42e2ff53c73

SHA512
b167645d3ec57c15036951cf4ca609ed8ad042722ad85d79d2f6dcde810889c50e9753243fc15cd9774ada1495d6d4978a866c3653265298e24de46523bbb9b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
054cab1e98fcff8b9134988e9a715b95

SHA1
3c2cd4aa6c8c4a0ba9a8c80559d983f1567ef91f

SHA256
571f992669247c402d63dc047018cc572e1d5874573f86cc78cba0ed778b021a

SHA512
f3af7957280ea30df747d956fa4b64c3eb57d35a30271d3b202a6318d185f8a60745f3c57f9db8d3797bc052d315a17e694efef9efbaa159d07be4ef87ab3a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0b56edc2520ef46d3b3014aaf57535c

SHA1
79c41eb763ecb1a4510c77b55bc5bc059ce18fd2

SHA256
8e3fe58f56a860d729a549544b43ea2687f81449f4cdd7dedc302b080fb067b7

SHA512
614be683af278f42a08c6f7d2188eff1ed3bfc3787c32bfe5379172e59a6b82ebc15315f9aecebb1385b7ee3e88a032fac3e60cc22b84e71bb4cea400478a356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ce4a4829287bfbb66005492feb93d80

SHA1
548b806571350d38d96f444e17a58c6d8098eefa

SHA256
1a7ef37f2002492785f7f7e26504f1f28b86aadae80e5a6f976476d6947dbb36

SHA512
ea5d4da177d326c8d9445cddfe53802ae8bc8d018f1cc86424529c6701b7c8ec31fc36b9043634feeea22e1246539f5a9adc4c988a0efffd8cff73085c7e2d28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
811e13133a858aee0e6b7ac8c739b369

SHA1
e0442e67410f060ace2c44f5b9c9aaeba641f36a

SHA256
cb19935964ffbab98741441d5c7b156fec41384e565c2c2166c24750e9d1c34a

SHA512
72c4b4c07152db358324c68566ecccdced4d5be1ae6cfb9dd1a79f8fddcac2c197d340c661bb20246e6a1c91057b8717efdfbf13d067119877414bd10d8bc42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0ad7203cd46895a269ff0251ba75d83

SHA1
495dbaff4b83fbed120b92bf348edce38b57024f

SHA256
1039e70eea6d9eaf66e16316b6fef16862e3337cb893fbc5b5fff48c3235c460

SHA512
1af3e5ff56620577ea9b56eba0ca53c8144807dc75250f4a70d99557961fe9bcbcc83664fb10ebb734db8f63786eb1eafc63212315dbccebf1065c0ca127758d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b03b5f2338f3132e41dae22086db015c

SHA1
917c9e8ea95b917df0a942b2849b83e5f63fb82b

SHA256
5eb730f1527047763d370f281b919a618c2fedc7227f7a62e68b7ace6886ccd6

SHA512
1ebe4c4637a772d23a6e626f3fba17debdb4801a59f510e1c201033595a2aea872d9b3382e30dd3c4c2bf09b13948291888fe4f9ee6d861f2e4b3270ad8b7b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c57e63c37c5c64fa552a6855606825ed

SHA1
0a3bd5a9fa6ff94f8b556c96313738c4a27d9261

SHA256
e2ec89d4689c9f7d8b559ec383dcb01dc5404319532ba95dc2e13b4d926852f3

SHA512
283d0dad64e103d9dfe4e5f527e53012837e5e3ea01876035283c63af41c82fd83270d44758a2286b6af0a5e17e12a48fbbce764d5a33a24ea93e8cb7953440c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a08d506bb6c9e6a3011b1f51288d08e5

SHA1
06bd3c3c67efecbefd6ee0e50c6fd6d1dd738a31

SHA256
1f58cc9d14cc963825e3bee21cb0779bdc6537c86986c40bc8130347f484404e

SHA512
de13bead3277de4cf374e29af189577a508539714ecf57f5d41dc969e777a7643a098fbbcac62c36772f7fc591ebbad614749e3f6cb2239bf402bde5c357e130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8bf8f0342493caf91e104eb9aa0a199

SHA1
4f620d10eea72e6f345aa0901445a0cdae6eea40

SHA256
1bd66394b672ff32cfbcb599e2ed96f9d19fada3ccd3742eef4e57489cd4dfc7

SHA512
82b9a466f6300d62c4f2f049cad0e1c9288e2f5d860360876eec44a1a4b59e6fcabc70b2e2aab8758dbbaef7d4e1d9142c3bd3066f572717d9c431e31bb74ecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a56b4ee499e63454d5cf0794afefc07

SHA1
de538660b3da2485a9d823aeea355f07cf027c5d

SHA256
9998399eae95a4afa254fd12feb7bab66e122cfd6b4768fde360dbadb79a9c1e

SHA512
13e5571f552d1a87e87ca4c4bc71ce4eb5c2d359e542f94c02d7d5bcf1d335cc71f044443ece27be6fa91b81560a248c16c9b7e2c986fedcbe9adbce6571cb15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77534f12c0eaee94c3fe20974bd2c908

SHA1
b6ed910c09bb12c3885d24d2176dbb447489e58f

SHA256
9fcb7aeb2c6c16440a2e002b759632dbbf8caecbc9459785f69cbbaf3b9b8ace

SHA512
8d197dc81ceaf7c193a5d48673483c9ec4de8670f5978f16e200a9f4c8a2619b52668653fbd5d33c2a19509e6442e7ce94e255b5e879b7de8416ef995a49c7ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fe4666bd269cb99a66703c70d589cdb

SHA1
754160081234d5c2bfc65c15cadb4751a5537faf

SHA256
b35cf6682d7ce16822a3c57d37f0b3172c58a6b0a530ac1e22dc72da9bd6f0fe

SHA512
1d351a80a484cb78f63e2083587e5876788c9df0e8738535899d5ee36bad78d725627888bea4154f4896fdbd16b5732f603793f261d2360476d406f2dd3fcec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
849004336d2c39fb41569f251424550e

SHA1
4c299080f861b23ed41570c5f9fa834d2da11102

SHA256
a7ef02a8d51c8b33e1eed19ceeaadb1936bd084c92c4b793a6f58cf5234d24ce

SHA512
36e305d4b3082c2092dc2aaf66f438181a4c1a9ebde61360c0bc270be711fc487b64f8b9e3249cdb1f0c652b4e6f3cdc27f0e1d5e09471fc4cb4743223d15caa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
460b085a5a5b7e4a13d7ce731e42fd1e

SHA1
248ee56d2fe87024ece3860bfcaaf26ec56a229f

SHA256
76169c31d0c0214752e75c012922b42835c990db61e2eb49aa12d10ca4ad70b3

SHA512
c15cc680789a3c6229e46f4e12dbd7274c282acc6d685571b704ef642b08d276c395ab25b7cd9efae164ffc4c0623c0ebabd019852d2c9bfe24ade318f3cc6ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
936f86a3d3c87e024c0298a0d856c7d2

SHA1
79c19a90352e6ae3dced3af82ccdc005dcf37525

SHA256
bdf4e7a0a4f69aec588a90db45673f3ea0ede40ca947ec24d010339e1617f705

SHA512
66857225c3e92bce631d0561ddd3244f4f67651c4187b36281b1210fafce14f3a379f1c5b546be9f2cfe6ebd06e6afab8b8ee4169242c549c4c75f68b5789a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2223.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22E0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar22F5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit