9270e0a6a35c7fd37dacbf13afc8defc9ee8709b860addbdea9eb9501bb9b605

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

081ed156d4629ae7a403d6aa3898970e_JaffaCakes118.html
Size

127KB
MD5

081ed156d4629ae7a403d6aa3898970e
SHA1

f08b00b56c840e39b4b3b5d9f37e49aacb85dfb9
SHA256

9270e0a6a35c7fd37dacbf13afc8defc9ee8709b860addbdea9eb9501bb9b605
SHA512

e7e32787a8974bb6d5d6955c8082686b6561074d75ae429d84fb1bd498ad068ad3498323dfb21116863bb697a6d8eb0b5cba154b0a31d5328eb7a19e21e25184
SSDEEP

1536:HKUjbO6QVL80E7sTWRfa7m6gblrd3X8ihZ69bgLcXmNRSJOD73laNbjpOtza94pX:HKUjvG8rMAcXmNRSJHn0O4pvOOtff

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4E760B1-0646-11EF-8951-5E4183A8FC47} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420570517"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
756	iexplore.exe
756	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2336	756	iexplore.exe	28
PID 756 wrote to memory of 2336	756	iexplore.exe	28
PID 756 wrote to memory of 2336	756	iexplore.exe	28
PID 756 wrote to memory of 2336	756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\081ed156d4629ae7a403d6aa3898970e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9688a03006b5f30108bcae0f1167f8ae

SHA1
43c03dbd87ebd12aa26a47e119120f13cfdd602a

SHA256
aca25e4e2e95b6a4dfe19c8d379ebbc4ff90578cd831ea9472d4ec7f98088360

SHA512
9c74f856ea86aa074025cd665074c1591af9b2fdab348867adb7be9cb08121a8bdfb9e541383e730bac6842a039bc34e93cdbb5dd5f3632c4572a6ca483421b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_52A940BB9460A4D8B06AFDEB9AFD2659

Filesize
471B

MD5
eec6c10037381743ae853eb1ae4eb9ee

SHA1
50461c766ce72131bd3735e792675cc2c2b2c311

SHA256
31a1be32bb15e6269e275d271bfa4eee19a74ed7f68b3857feeafe812120ac13

SHA512
6091c26325ca108926e6fe336f8f8ee552ae0062bccf29215f7da8e796e1eefe99191d62837f2296aca992ea1ee0160b3605dd4827bcd73aa96abb2223709d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a2b2f5f4b633e91902afe370a68ec01b

SHA1
543351a2809fae2e35801311273327ba25fc6d00

SHA256
edd7e43429104bc509b986b3662abf5033dad3a91e4abf65cccb845fb764edeb

SHA512
fc988fdcd73538af384e68bd770f4030c44cdd7feb8c528722dd601e19c09204a28e0ef60bbf101ecee9eabd87784d9530f8619cc71e8abd5f2b4cbeb440c27e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
77a23400b7c39872bddcea406383eb3d

SHA1
369e5f69d1ad6ae3db1046de6a0f262c11289af0

SHA256
dcff12beb317a85bdb4b789cac7e7fdf71794fabc564db802cd889efbad316ae

SHA512
9b4baf038a387012c6a9b0fb485798c737607c179485f01a93aa87fbadf91a22fd54f3069237885023b626c115bd190291dadd989136bec1ad2f475a06f1ae33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34027a0379dcb83e7c61feaa94da15b8

SHA1
1d44a9a6f101854ffa44a9dd44ccf7a1a6f6081d

SHA256
d535a516d3ddb23136ba6d6e17704133f5e3275ae2e8f5af9c5dedf8d110e8c3

SHA512
766b7e6dbdfe4c405da3fd2b9cab54ed85239eeb71956211b844f1cc10a6dac2865562f814c6be4302c1a3b69778bf8651826c42b84d8e5689e3fcf288bf3cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
979a90d07891b7098cc082c5567f4fcb

SHA1
a98460ad524aea77131a8ba86b6b495f81461a6e

SHA256
d00d3c0aa216e8485e4ecca611a9b0daa71b803ce009d4b5f5181389f584215d

SHA512
1c8117699669a2f0833054504253f3df64fd2a71aee355f24411ff3c0655b1daa4add08e09f0555d9823439deea84b5fb663cbdfe799b16fab1a7bd795f8afd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5a6b2ff1f831acec8427ac15a12f3f3

SHA1
66942ae0c69e579b381796d5ef45b557cca6e35f

SHA256
b49375b85d68c6cd57afdfd1c1d334f60f4de83716b1ac79dcedb6accc8759dd

SHA512
4c89117a1b02944b3991b39726f86a0dc0137fec14c15bd0075cb77de0c42a3ae9de34f171d95c9947757d650594c8b8bbb6fbc367a2e2c19a8571c4d0d2efa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
062440136d4fcf991e347ee16cbf9cd4

SHA1
e20b5815b59daadb09c447dde893a5dc3fac58fe

SHA256
7ce684893c7ec1c3ad6842af63ab5d3532afe4f29a73e93388189ae9fb1f09ac

SHA512
1ca4bed6a1e57e56e7fda9fce23ea11264c3901278114c793ba68e26ef5b470aa1a40f691bbc034854e7100dadc819171885499a30e5d2daaf43b610233e5924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb9dba4fbb8f903782f1579fe936a951

SHA1
02d4bd7a31fd81fe4cc9bdc16dd2a1db5040cc09

SHA256
a98ea81707379b9dc0b9db42647ceda4a9f82af250584c9ead6ad28f23d59586

SHA512
24ccbd28496f5c212c82456c9e8304338c7c32fa05fcf819e97b32ab37fef5565a44068548175ba965f163bc8d5fe885c45e6b7b3fc8dfa7e6a87e55f0bcdfc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ec1d4ae345b66bbd3fe2eb9b432ac55

SHA1
a7d41c0c68622c91b76207d7780e582417d6a52b

SHA256
edf6648c9ede4e04fb917a9b9b52b7e34a2aa343a8e09b646c426fa9cfc8e45d

SHA512
11a273178ea7af10a862e8b1bd4224b27db8ae0d6d2cdd5ee1b07cc33e8bc9bf25ac86eedd21307c19dc431db07de49218b91bb4af29c4c0da8b27b5b1b0173f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ca8d71ac5ac7c42e84b93da6eecc570

SHA1
a9f9149a32e9d5cc2c1a24f7127604388d6f03f7

SHA256
f58483120e7728fb1b268a25d40304f40262651a1f8b6637bf59fa44a8317981

SHA512
3069549e85bf2c7f3c7dee76abd83050e4bae30b65eb8b87a0f34f4d916029219cb9451871a4c685000e4a9bc8c8da3a689c5a3c58b45dcf19034b4f49b91353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34aaca094f0436c462590b280dd97124

SHA1
2312356e7939f1f1e82193ca035ab82e69fe60bb

SHA256
24b352dba63e3d1bbbeda96f942c3d5a362fcb42c6061cd51b462778f7c4346e

SHA512
ebdaef3c5c5c2b35e97acf16f8b2ac2255213cd66ddb754aa14515faa61d98c0440fc264c6dfb9c25e98c1aa5e237cefd6931480f5fe831eab5be0b80dab38ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c523561c31c81a64df1f206b1e1e575c

SHA1
5bbed1f1bcfbae026607302e4a931af37ad36a46

SHA256
51b7a20e2dc71a0dcdf46abd48eb9a1072637a20c4b18eb06abf23e3ef606dba

SHA512
cabe675ff56c7c0d5b57b36f334a5f458e8f4a17a759301965e0f1510e850eae2fdabd077d862418717ea54015524df715a23ce28e9438a195af4148290541b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb5cfd97d5044964377f7ccd10feebe6

SHA1
a0ddab6553d263f236a938361bf7bdd10a29dc29

SHA256
e183b420e433402047c96f992bb5d5094fcc22d95775a61c14529ef44f03abbd

SHA512
e943196eb232b029949b1339a6da79466cee41baf683a643e5fb001aabc505f4ba9e3dc1c9f00adebe574d0ff96ffd1192d56e57a2a7d116caf848c6fb76f0f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
2023c091ec534b7cc42bf4e4943cdef1

SHA1
27d65de9770f36e506abab707dbf669fa8c9441c

SHA256
d9de422870ce3a3a87e12a766c5ba79ca7edb72a77df7906b66df413ab0249e5

SHA512
e00ef2175364a9ad6aff52389f4ad3e5b7939882c95da54224bafbe32bb15303cbf4d9bfd95d8a3c963e1ff6a429490d954fb6401d4d62c5fdcb0670d9f1b11f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
abbaa973eedd25d77776ddb106cf298c

SHA1
a8c08c8bb6f5ebd0c7a46a44104db0bae20bda39

SHA256
bc1420db2176396ac3527d8b9c5dd47561f2ab595e3f9897648e48a4725bc24a

SHA512
d4d5aa373fbf6c5709db6182a38c9bb20fc3bcb3377fc1a9a153cff170c0073f6568f774814b447253e4840fa39437a249a873012d8d09a1410999950e3c7284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
535a77768c53a63c8866820dae93d2dd

SHA1
82d59a1da3b5c6c03947938a05db5b20903b1750

SHA256
5930eadbc2c851b206139286f5fa4457157e03befa06e54d056cb32690fa7147

SHA512
e73bcb9177925fb89721ca240e4a503826a6a5dc0c04d94d80e169564949a1cde40bb04c39c72e1ce9b9dc23a99e85c1c65f76f0cefde6cec04166f4dee2c926

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFAA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFAF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit