28bc3380aa797d40e89b728f8774f9b3575c5e7cff7921d5ac52b510168449e2

Analysis

max time kernel
139s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 10:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05082b908c6681935076cea1eb4a37c0_JaffaCakes118.html
Size

141KB
MD5

05082b908c6681935076cea1eb4a37c0
SHA1

18f3266718d6d35b12aa9c5df953c87ab7d7e452
SHA256

28bc3380aa797d40e89b728f8774f9b3575c5e7cff7921d5ac52b510168449e2
SHA512

ce7ece4ced26e634c391fbddec5f08fe0283381818ba872e8045720a8bed93750ba18d0ccab5271e5ab255a34d108667a5fcc6adcac79be7f03cacbb3a5ebc64
SSDEEP

1536:SJ7SPx8ybiWx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:SBybdx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6B41931-054D-11EF-92F7-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420463629"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2856	iexplore.exe
2856	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2380	2856	iexplore.exe	28
PID 2856 wrote to memory of 2380	2856	iexplore.exe	28
PID 2856 wrote to memory of 2380	2856	iexplore.exe	28
PID 2856 wrote to memory of 2380	2856	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\05082b908c6681935076cea1eb4a37c0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
018a0b650e314092d790b8a47efc4d42

SHA1
7a6e3e26ae402122fa1b89d2edc112965f8dacff

SHA256
0f3e1b94ed68d1a5f818d7e8b89e869268dbfebe4e9aed79ffa8698860c98a3a

SHA512
0d7743e8f6ee166cbbba1865d0deb0c3acc85b3301c595c90d5b25d67e23d0f24b7fc03c5c6de35cf8f95b7f6026c2e8114723cc8c5b075d9c8d5cf034bb4d70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ead1c802a10a34522531d68f9249c81

SHA1
6b86cb38b270a31263deebd115226b281488d218

SHA256
12dd817cecc79c8cf2f1d23386104469d016fccb2e7bcf372db28458b66d7fb0

SHA512
1bcc202ed83a4fdec00c7cca97dbc2a6fcc9bcaf3dfd7bdc670071d2dc8faac23bc0dfe4e4a3df1ed89a7bc563154b2e7d5928ed38f831e581e7d8a6d7e4df84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1588e952499b10206da9f0b3689d3c65

SHA1
b0e60951b984d7e0b0577f5da523e0497b102985

SHA256
31db4d3443118ff08e8f27565976ed6f04c1ac6cd14299dcd5941c60ed47cf04

SHA512
1e53a64b3d8a3706fbf90545268077e76977289a502c45d9ef11788a5f9a1f8eb5db7258a5a774b9a314f28003b6b38b7078a96085fd5775285ae1bdcd165d8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29700979a8bd28f4e090dfe5218754a7

SHA1
3edec874e10dc6d6efb593b9d99368d96d51433c

SHA256
885d74a59244386298908ed8bacff4cd57f486420f4b0f6123e2f8121f65facd

SHA512
681766a7f27bb3afda9cc5a1b59a99e232ae098f1e8c49d0cf5bfbd191f8e5387fbb96d087e351daec5f9c366eb57c1e6235f657e3c8c3159e9f037f19d6fef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8127c7d431fe5e26b26a0d72eda017e4

SHA1
621e2b76683606a9cba43fc39ba8fe75fe919231

SHA256
b18453b4c4996099b675d78626043743b82221d58f83d8b6520f09ac1b80328c

SHA512
1a4e212c7623ad265b1fad02ad979fb80ab399d766cdfd144172b09e85f5ddefc2729f624fb4082278a995fafca9eaf6414f8d9983cd8afc4f82d71d9b6f8e03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8fd8641e03c82901a96789a054b07b5

SHA1
ebc12404cfb7cc5ae498bdbb14e920ba28155eba

SHA256
4100486c3c5479e545be3faeff5ce49c3ae323298972fc3ba0333d036968189f

SHA512
23770328bae437fef22dab1ae8c9e1d6135328ab6cfaa439fe3fbb729acdf47bb918ce6df2659142f7ab1c8211afea5de24e154e6386bed254c3630540721bbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61cf875dcfbf19fd9e4990b405587f24

SHA1
36e93ab7fa0bfca427977b74d55141eeb12ef339

SHA256
388357810853616c635e3ebdc1f27d92e885dbe597c2cb862d109caef327252e

SHA512
0c666276ca5dae66817ba787df8ad83e151901a10e74045fba60de94a4b6fe30e5e248ae17cdae300eaa26bd36f4b751d9b18779a98d71e0f4171badce6f6334

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2e9f2f385dcadf75a5c0656d808c849

SHA1
735b605c5da13cdb84357f21ea171ffdebe3970f

SHA256
7ce6c4c84016c0a1ef7352e0b515eadb8b85ee275f27579ad7747018318f23b3

SHA512
019e06dcab89d4a9758dd9d6cd3f5c1a909fb0bd772bf661c306e825f8fb4aae26e502b19670b27ffe58168be1c2738462f38a113d281c797507d6181a780038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
310196fb55f213b3f197fe3062fb983b

SHA1
433b01ccdf5a0a4593d66cb880bc65b82907a2b9

SHA256
ceed39886e9af40ec7a1005972ffa671601dfd7249805b65738e82c4ba8560e0

SHA512
36722a29f5808f666bcd62ec020f19efc251a0135dd8da00191d9a6094b42d026640eed18ecb2a3af47e3a6ef9a6687d4bc035ed5f7259072091ec69da638236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68834e4d38dc9e8667da5e6f024c1231

SHA1
5e8bbfa79e6338d0d16d4429d2b511450592372a

SHA256
5ebafb985b96f575e7c3b31beb1da2cbc2a91c025f4c374dca752bc276e84005

SHA512
84e9a5d57d7fb1e49bc766a9305ba8d611dfe1ccf9c2816b7f42a6567503f14fe98ec2c54ca094ed1a2069e765c17dc0af97621ab5573b7393daf78720a2382d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76aae8ebacedd96a90c3fefdd82072ab

SHA1
bc0a82f3cbc8c4172dfb5710a770767f58a8bbc1

SHA256
97530926c212c93dc035a67dc1edee3667b176f5133470bc942f6f1316fce7b3

SHA512
4f9ec2ea2b57d7cbf37c0abb147dcbb7389104800ba087c5ec173064074cdb8d1c8915c018244d526584f4992a33241b3d15ae769bf34005203aeef8399c4302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fef848cbe732f09dc9412944b6f7bd54

SHA1
26e20efbb9bcd9215c671ab0f96d9edd4d3f7f5d

SHA256
ce644a68202796f11b65921323d2673aa63036f9128f55a1b8cd043d5448f2cd

SHA512
259ac50a8b3e18b635fdc515847a0412ff0d86defd6337d1ca9873c7ac87bf57aa29118fa77bcafc343bf97cb213490e54bfd767c5b733c58e4b5724521af793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf28462a317193217a05b217355e2ebc

SHA1
b889971ae8717bb80674ff250143a32d8b8dd34f

SHA256
573f757a254d0cfed4f38e29d663d367263998deaedb1baf0c5910a0f17101e6

SHA512
3156dedd4a53d5e8ce82f1563b3f9572b96a93a0c7dcaae017d7fff0520102213bf8d7b16c61e4abc9bb41650a50e8b1b8b2f7a8ed035c824eeb6f13deed26b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
866a89ed596f16c6f0bc6b435f1062b3

SHA1
f59a196c736065cc089a799d1aae69db24de2a9c

SHA256
02290222495aed7143f8a862032567c53b60862c52ecc9470309f7b3d24e694b

SHA512
a0e8a0191f17f9dfb928f4488fe82d8855ac7d61591a140812684044b5e31b04ba6b9512b8b3ecef4a8c496866bb4d3546c1265bc7a7ca078c7fff0a560948ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d02f94ccde1949e5c4ddbba06a4b8f37

SHA1
69c0b477a1e0bafe8e8e03e842d929f7e9cd7699

SHA256
2fbb5d757342276e2d04aa836461a15e6a61f4661c711b602f435150bf77dd8b

SHA512
f8376e2383ad40a5d61f1fb858ee6e776e1917b6847c0a86471fcd57309a74f4e32bc81d7c2c3b9d9689e5aacf60f71a7799ac237084837ae51052b56dd1b0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cbd4c9f9d32434d1c057223ee10bfa1

SHA1
794a475ef86036f2552faf54da2f3665b3660a6e

SHA256
2fe746c573573ac87f01208e7430f0d82af9f6eaf1b070b2f222714924d9ccf3

SHA512
c3d2a5d537973e472770d58ae1aa13b0eeae1b3ba60c1c57e2bbd78b559c71a5f097edd86c7cb504cf4987330a94a4301fa715bcaf7b7f542a517086a971989c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bba0c24cb58b2e07ca3b493833f6751

SHA1
d94814fcde69dbd22c0b8af6847ab182da25a003

SHA256
c98956e9e14bc41f9fcf792d97b8f431c6b30adff3e65002ed6f5d1d7bd8fe54

SHA512
14d3a9908810cd63759967b304810d031cf03263a74d27965358b15e55e8b28cf1bc881fce43be53b755fc7b279dad3eb34adbc25d0debc30428cbb6c1a61309

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab64A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar71B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit