7d10bfd1737958ab1b6d6aecf561e0edb32d8d966f8d7f87cc573f9bdc6242e0

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/05/2024, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b3ec86a48f9b75f04ee7b32c0fc9c79_JaffaCakes118.html
Size

312KB
MD5

0b3ec86a48f9b75f04ee7b32c0fc9c79
SHA1

f0944632bd79837269d94fc82c9c155b7f4899c3
SHA256

7d10bfd1737958ab1b6d6aecf561e0edb32d8d966f8d7f87cc573f9bdc6242e0
SHA512

901405e0b5a5bc65fbc5fe38e18e78aadb57ffc1375b9555a072d0e307f8eb94733b5b87a8660df65205a2c5d907d1cc064d2cd78304e76bc127b79f95ea523e
SSDEEP

3072:8XQ+ghjhSkfrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:z+ghjhHzz9VxLY7iAVLTBQJl/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{87895CE1-0782-11EF-8EEA-EE2F313809B4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420706135"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1364	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1364	iexplore.exe
1364	iexplore.exe
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2848	1364	iexplore.exe	28
PID 1364 wrote to memory of 2848	1364	iexplore.exe	28
PID 1364 wrote to memory of 2848	1364	iexplore.exe	28
PID 1364 wrote to memory of 2848	1364	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b3ec86a48f9b75f04ee7b32c0fc9c79_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1364 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
75bb8f12e422d2f693a714e5cf3e3689

SHA1
08eb1c4c999452f72a1722aac3211c83072baedc

SHA256
560d2896cdf905b020687ffc07e42071019ac9033160068110fcdca66d826dd0

SHA512
3d7c458d4983054c09b57ff6d3eb1b4f7839872833b264f34ef5fcd1f4d3154bc4fe7f50b2eefa32765c080e3e7acff15fff5e418e194d3451edd65295190660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20de4c59dc9f09fc1758f8b376767f36

SHA1
57b2be16cd91d14f25b0b80c87153029a0c0d736

SHA256
3be7cac6caa52f931ffaf478df766d36c74d71cb7d74b80afd72b9be13c6ffd2

SHA512
8ff66fa938fd04488d4ac142057f41e85d65e3650f5571de5cdd7b5c2914cfc4a97d5ca61e01875535a9ff929fa16e2d84a2b52d8b12f96e2323c54192e4def6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1259bbe2d21dcb65456ffff4e586b340

SHA1
d38c90194b3bb392b65ea5b4209ea90ab641a265

SHA256
e3c7c9208740b10374ed28a350b7ef5494e5916bea400dbce1fc964d80bf0efa

SHA512
a74c6004e53fad80e634894c852f512612206ef53cfb6898024d37efcccb169952824b0bffff1ebad8785046e08d45e3e252f8a9a88b118d90cbf7d848cf2516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10ffbedcabc98a34215a3065ad778a56

SHA1
d4701f7ab52d4e2b317a0bd65b6459fc1adcd801

SHA256
e1bd4a36eb05907a11159b37dc00a67e4911e686672603e87e00516b26f39ca9

SHA512
44013a9b6496347e6db7852fde424e899b007819e9ac3634acf566403ba231f4448becd8f3bb13c0673b8c7bce3fbde4e1daf7c52121b3cec5900afa4fcd9692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd9702582de40df56833fd6830fa161d

SHA1
6da435fd8a5152e6ecd9adea8d3916a63b826149

SHA256
cae99304c0274bd103a2ee35d9911f0741900af04b9be07a61eb53e603521a24

SHA512
f645b3962d906214feb4bab23423929b6bc04d5968f0d37059a67a6ff375f78a4dec4803bf204a82bd5521626690447fc55a416b5df06c103abeabe8b8cc00e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce5f3f452fc94e1ee01ebd68c44d8e98

SHA1
f21b3b6d08aefe84342a44353644746f46be89d0

SHA256
b9767fd1a17dd4ca6d471830d5fde3f0e44cb09df1963a241b40c4f9dda733ed

SHA512
d5e14ffb34884089b7a8efa962eb91e71716deff3090e5095b39194b2ef2cd7e44ca342eb35a6f32b6afa3da77b465ab32dd673fc812268522091a6a749bbeeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b6cb8e02adca8546e8b19292b46c62

SHA1
b75ae595764e49d29224c837521a0bcaf9f84b50

SHA256
fff6adf102b2e941fbe3ec47cfb75f446fb9d4f0066ec8aba021e7faf2b17df1

SHA512
a0026daad5a023a0315ee75833a902d9fef779c685bb40ff17d9aab05ed5b174bbe433ac35622828f114f378cd72f6c6de06984fbda9b3a4cd29e47d3c5a4bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2681dfa9cbb5edc33fcb753d4395aa2b

SHA1
a16b95312c4b69a31ff843858d024aed0b4710e3

SHA256
e1f7efd20947417e4c7a827cc78a401292925f362114700a0daa8a7c0408cbf3

SHA512
47a84a371b34b0c9a3e9a1903790d4614c9fd0bd1854c335aae3103045cdebdbe6bbcf1068fa0785a6007c40ef024cdbf0362e2c3728b5266ee0b4ed803f3ee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
179440cdba984f874f45cab17cf69cc3

SHA1
5342742a6bcc6cde5f50fd4ff31cb189fc1bea85

SHA256
79495a18fb4ee4e40f912674c1c233edca9b593811e9fd00fdf673b30a98b9b8

SHA512
085879302e2963463ff4b54f37a80de31095309ef4dd0815302eabc03503162e6e0fa2fc50e8b31469fc7e2668f587072b65525d189c1477ad5b17a9349f6cc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf170abd9f107da2a8b77cfa389138b

SHA1
0e70629169cc022755d0bd98cbde77c1ae054f2e

SHA256
4e1f094be406173329bc817cf0ecb24390d438906399ccf5b93707c604e47e15

SHA512
4ace1887ca6b2108915cba27912f71e2b14e8ed4e2d444f2b5528d156c0a1040d9fb275e05db3217f3272db5c1ed489845bd851e9defd778d2b9690004df66c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f73aee178d4802da8c3e831b68c65821

SHA1
cb969b6cdbac17aa04a1e54ed91b61ade30fb775

SHA256
d51784da06f768a66f4149722b1b7b6cbfcb070fbcd4f5655878ce0519789bc9

SHA512
898e7f91ade1c295b57d060d42c025f44effbb914c63513f4d502fa5ab73ab4438e70306436e2965127e169e717c8591ef94b24a2458d047b594a29b1da9f79a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e3a1a07c093831a763bd3e82e3bf0d1

SHA1
59ca6d81f17da05b1ffc06b2ef187d68ac641613

SHA256
ecb067e94d1dc4ffc595bcd6e5fc37eddf53803249ffd097e691b0d2d462ce9e

SHA512
cdb8618e61182e8807ba976cb55e0c5ecc859eb4d6f3a6f267d604dc1acb50df56fc57799accc327c8a5f11f9fb333227d95c9c7b5c367a05b90ced77e1df3d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a9718acd65faa879698376d83d4d5506

SHA1
8f2ec500e3acb51695f2137de8fe3a851098d8d9

SHA256
f8631c6ed1c7e64de268b3629ee557fad18b6e185dc93aa6d324affbf1a65e5e

SHA512
c031df911e439ef7d60a3cf49ca14bc1f55b9d7dd625853c1b1203782b98948749e9f7f1d56066ae5b72ec8a8f25fc4a170438fbbf39603009cba96ee21eb44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AE5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit