e8b2334fa3670b9d4e2f3704f1f7a053b19784a60123ac38337ba4f8049dd820

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 06:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0dcbe40ff631bd4cb9bc79666d02ddfa_JaffaCakes118.html
Size

104KB
MD5

0dcbe40ff631bd4cb9bc79666d02ddfa
SHA1

9cfb8a71c649b4ca716e4c04b9e5993050705f8b
SHA256

e8b2334fa3670b9d4e2f3704f1f7a053b19784a60123ac38337ba4f8049dd820
SHA512

6d6e340a72b8ec6702612a4c46653a92573b1038fdc35b6042e89ecb4dbceced88282c915d827f7edfd4bbb76b7689e97481ed2fd3b95cb43964ce88537d878a
SSDEEP

3072:jUcjvG8rMdcXmNRS/RHHCERBBpRkR8O4ttE8:xrXmNR8lRkR8N

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B25FF51-0850-11EF-8004-DAAF2542C58D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420794510"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1148	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1148	iexplore.exe
1148	iexplore.exe
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2240	1148	iexplore.exe	28
PID 1148 wrote to memory of 2240	1148	iexplore.exe	28
PID 1148 wrote to memory of 2240	1148	iexplore.exe	28
PID 1148 wrote to memory of 2240	1148	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0dcbe40ff631bd4cb9bc79666d02ddfa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1954f91d1857433a6e671fc2134627c4

SHA1
6ec0f77b96e790e17142ddafd79cf8a0d7873da0

SHA256
1900c86cf885b5a30f4c6978db628caa35291d0ea1c37ada12638fadadb66467

SHA512
ca48210f22c6391ab07e05f4cb06729673713214ec81d6934fdade2df472f2f6af013bdb7dbaf3baaf678e771a01604a654b22ec696f3f9a93fe8e73b77ba129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_52A940BB9460A4D8B06AFDEB9AFD2659

Filesize
471B

MD5
015a51e6ec5e3a5e70b018bf1ebd2abe

SHA1
dc327e911299c421c2c490fb8a46f43231e1b695

SHA256
164c50d9efbb1bed92d88c0bb40e39f6de437a55deac592f0856234f1272ba36

SHA512
9d07c9ea3415170e414c9625873e559ef4f0521442a7effd3b56406c0e3dbf6bc230051ffda416cab9737c52e98965a76c21b2793f65ba2c4ca418106e842daf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f07205ecd853b9c5c9a2cb242e5d8c17

SHA1
48e589ea941525448d8c91400f4d986fa96c59e4

SHA256
cedb27ed5ebf54c11c17fb4aa875342814dd196d31689cb73814c0b3f44e0df2

SHA512
8809917a6c5fd0acc611fa6ef55434d22dc73bbb4dfc59ac5166038ade3f6858328ae5dca93873b9adbace4054514a40d378973fc2acf2f9394c2ed9e5a8f3cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
182d287f3bd516bd1ca9b073e224855e

SHA1
1919f2e2e331f781d772e7fe0a18d5f01799260f

SHA256
a0a828c2ef4f152a23decc6b8e3455bf1aeb9b43028420366d62ca62373817c2

SHA512
20665bb36f772f5a13fd75125546e4f2ed58dee3f688a90408eef312660647ff2201493b5cb178442ce36a1b575a25f7cf1ac691fded0336f573435bfc32be2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27e9ee5facdcc06cec585a48f74f1424

SHA1
c06e76f17e195399be2237c08fe1ad7ab2fbc433

SHA256
3620be61a300383306942fcfc86d079fd57917c622b6ee53ba8162c82db297a9

SHA512
9ebd602964bd2f17316cdbfde6c8a5495969d0ad121ab8525edddd7c961b042e487af640f970c653bd4cb3e5179d7faa866af0f6b61ebcb75cca8c47aeb02371

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f44c40b9d2b165057d75d298fb1d1af4

SHA1
5ba1b84572da0aae45c566fefc7d16683ec1991a

SHA256
94d400a85282e8e1e561e1454251339a697848a8d4d83637cd0a5aa17b9c39af

SHA512
bbe943fdebb13352ed580a67d02d2eb0718703eb8d0bba379dbaa4719954fa4fc22cad23672ba412b838250cd568dc47a9b775898951bc7d4407c4978c9df3ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b2737721a91a1bcc2f5272fd8e7b98e

SHA1
a0e0eea0c1acf00eed4898e573d854ebb586d458

SHA256
287687dc63926cedf5d0f91622d4a9b4178ef7b7d0e5ad09007d806598deedb6

SHA512
53807c9876231a7ead69184031d079eb0b904deb769d4fa75f88a6aa116a6a746f91dfcc6b5ea4c1aedc0b3244d13a5c16031da326cd33f7b2cb6752be0b0740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef7768e8eeffd8417544800e0518dcbb

SHA1
9637f08a493280297c9522876eda0e48fb0e2214

SHA256
9a34f7eb4d999454ee33e98d331060f439a4c47635afc1dcec527121118d96f7

SHA512
97182d355d1801e8de28ca1bce540caba0f0538b0c8ead75d4ed38b9e0691cceb3a4504a03f7794ce22d66cc56f4a808a339e471e15806e321b715e8effea7b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f10bae6a391d63a3b4a3b81b30d2ccd1

SHA1
c2b73ab841485b4903c8834776c8ffb9928a53cb

SHA256
a90113d50220828a6ab9849dc78c60c5f98765d957daeaef325ff8784edc64d0

SHA512
8fece2eb279b5ed3b494934a20f9e0859d4bf43287bb29f32b0fada045268b27c72ec490b10b845474ec799c492ed66722b8654197a84c1a9a885bc3a7dce0f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c83c18f111cc76a5ac5fbbd987e4a70c

SHA1
12d465fe0e0dc92d73c00552eb30e1f148e09b50

SHA256
0b9c0137c417b7eee7bb702d19c519cbc0ff1fdcbbd039f8b0534b0210e04140

SHA512
8ebcfb28d4a5894d458f05d32c7b80559bc85d7701893f8a118b6fd9808f863509c8e22d501cd7d4f0124de4c6100e38ce808742ea2d651db3911c3c0f873e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b81ffc1364a802a0122c8de2627144a4

SHA1
edbbf4ad8d90dae57472f71d88221835ab5b4f20

SHA256
9fd7f9f4de1e1f5076f8ec577273f77699b0c988de04d36d9186074a5aad42de

SHA512
2e5b1c9d8bc308410b443f0fded63ebbd3752f3cbf1478f3181ff2f6575522de272625c1b67a5b4f066f260997bd9a51e430b95039f00f4be97898e5fd14c0d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7ddeb7bc1401046fffb9d24b546489a

SHA1
cafbeea81ddbaee6e8bc0c1f5e46f89b26ddb7b6

SHA256
942caed4f25eb027132a862464294340b051c47abb23914073a9ef9501f16c89

SHA512
262ce90970e9148c378bf589ce3b8da6a5e72e16240e00f21f88b1c0f9c91f70c43d9e1a4ecd0a5042b0182f8b08eb44431fc0357cc0621e48f240009e2fa184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ead20b245a15fcda2295d455be143fc5

SHA1
5dd68e21a474600ffb65abde39dffd41826d1dab

SHA256
14371d660bfb08419f89af8684a872cdc7195dfd435418563d64569c75f04ea5

SHA512
c45a8ba90be7d41eb2888641d9cad6198b64029c8a1e6a70cd53d31408828462c599d0533d9e6aa6e290021f08696c1d3188794a5c99ecb1f84d3a14006015ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a70f10c453cdb953be41598394675e17

SHA1
27c472722afa38b2bb50145825ac7af89561423b

SHA256
1b171208daf45fb9a221529dd3a159723ec7ca3d73425af37fd33284c41cf415

SHA512
b01108738b201be9246f73422c1f7b592ea77db34a024712dcd4ac9553f385bb2f92aefa3cc402c155107d9458dc3ffa1bb273b31c97e47d71861b67d41a863c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38ff736269ad651bba3806aa1790d00b

SHA1
7aa80b5590e63667f86565099107eedaa9147555

SHA256
4c458f9c1fd67ae8ca3a9aa32e61117cb1c55d33a40b929275da9b908cc5b8ba

SHA512
1818c92098a927051015b270caf9fe29c9b10ce33ff2f18d701516084be54fb4f76e5fafa4535068c506c84b5cbabb0b3f08f267f1df6523c7dfb218fd01613c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
2d0c4a96ae95d5a61fd54cb0fc475e0d

SHA1
c493ca8b29d9f0ce319e80719a13d749f08e3013

SHA256
3c1626c8b6d5082c27a0fa49a8be0e521025095113e46a867cec316a10d83c24

SHA512
b2529ba189f4255b4a7c674d6f72f4ea02247f08e64a222173d06a76e1f2968f25d5ec494035997f77a9587c918f2e153c611d9843cadbaac176322005beb3bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
5d0ef3cc78e00dee339048581cc32eb5

SHA1
640ae27460b25d7e815a47b0ed1a60a2392f933e

SHA256
4aca87a999d8bb3ae549759ffe010228dbc3ee6e444ad61ab60a57445f6cd13f

SHA512
5868a661a4cebc7c99bd851ba2820da499c7041987d1339d2e9469cfa292f57bc9f21df5c0261f6f6bcf9866feb79989e76c63e7102a75601ab4e8cf6f2313e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_52A940BB9460A4D8B06AFDEB9AFD2659

Filesize
406B

MD5
0117399475715b7975746446c74a7ec9

SHA1
293dbde8cc651762bab647f262b7735f988fd0af

SHA256
15df691bbd61015cc3bdab98b0e91dd959f24309367792606f8b77b616f8ad21

SHA512
d600715aff2deeff9c2eca46663d734189e8d38cb166034b9f158e2114ba9c499a27c5ef3a7a374bce4fe1fb3fb432f524e1e4cebdcfb0a8b6b603be5bd1744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\cb=gapi[1].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD1D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD6E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit