8cf12271f5973d982d348a45611fd8cc505e79f4e0538229bf39e32168a00524

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fc6e29dfbe29b4456f87b93be4f24a7_JaffaCakes118.html
Size

35KB
MD5

0fc6e29dfbe29b4456f87b93be4f24a7
SHA1

eb486098a8e73cfc4ee08d79f6cca1e38cd6b981
SHA256

8cf12271f5973d982d348a45611fd8cc505e79f4e0538229bf39e32168a00524
SHA512

991353a352d36aea3b27a01372574aa174e7ab70fc333df35c02319d2d961cbed79cc1484f34b8b21cc895c615bd6d5516a738207762bfc89d90cb780477b196
SSDEEP

384:aIUgdb53Yk25vgdXpHR4eOUchArtA6P6iYrKSP+EBzD:aIT9g5vgdRUiTK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6521A2B1-090E-11EF-A4DC-6EC9990C2B7A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420876158"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1924	iexplore.exe
1924	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 3040	1924	iexplore.exe	28
PID 1924 wrote to memory of 3040	1924	iexplore.exe	28
PID 1924 wrote to memory of 3040	1924	iexplore.exe	28
PID 1924 wrote to memory of 3040	1924	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0fc6e29dfbe29b4456f87b93be4f24a7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bba102e47fbc1dd68be13a8a6622e7f2

SHA1
30c1c83fdec2e4831878acaefea6ff3dbb2b42f1

SHA256
6e3fb9e6df14ff2a0a67516bfafeada21229f20f669ef6e24e9a1063ad552520

SHA512
a24167915ccefc0a6d0da1c083386f8d7c73aa3e4c2b520ea576e44c18b86367002b557352ae1abf2226b410f3c4dd518dd5270fce24248e386c12213ed3126c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
407470330973854e7e0910832c737a8d

SHA1
0e7438206815aa73df0510249f581ac4c2da8102

SHA256
dd065bede8823395d6731afa70a21ce336c0e44e1025b1696066583059e1a626

SHA512
4587b9aa8dcb3cc956efb26bdbed8972d32254264672a6a9fd596eb1d128002623b8ff19011a7ba68a9bb76a9a10990b7364f493ef87c484631c701e6c70fbe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1efeef621d3e2ac3abd66691850a7c86

SHA1
d38df437e759aee4ababf3e0685dc85b8afb28db

SHA256
87b3db3134edc6158a8ddf890d5d562af31259b3b68ffc157b1fd86babfdd441

SHA512
cbd63efb3e757376c01a26e0a0470cc0856a29676636cdb3f791401e59ae197258535f87d0b341dd12e9a8c254aa0032976eb9cfda999efab278d87c8415d218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb431f9b7b0afd93068647a7cde3a959

SHA1
4683f34175edb9e4479cd4e710f247fa9a88e625

SHA256
a5bce94c05c164dd6b36c8d3d55bee03d9a9953f6d2490e722259ca10be44243

SHA512
829bbb2b8820421eb5f71edd778807b6ff59d4ab0c3093dc353f07bdb873e171cccaa9ab94e53b5a8f3621d6ffc5740c484ec95bd4031edb5ef728114403098a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7ab0b04b6a322099510a2ecf9079c0f

SHA1
1ca3911946d68dcea1bdf26fe3ba632922dcfd4a

SHA256
eec2005dd1846974d94712944abf7b2785a322a1c3da44dff67c483afdc1777f

SHA512
e2b62f67e9b00a3268a6d73c8cbbfcee7818f0fa0d37ec5d4e57121045f5eefd154d305b2caf1eff31466c9ec95a9887297c747bab9867f38e60671ef95771bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
788b3f5c7aaf32c74037f85bc4fc0802

SHA1
00233f17c400da7e708c3a30aaa7621e221ee6f1

SHA256
212a05f5ac356e15f529a24aa3527a9522f41c7663c68048105fd5d74b174d04

SHA512
37a1febb6bfb801ce03ee20d168c3317259a3eb4cb836583ad4b898fb78a9112eae3deb18e9399a391017a1b5ebd03ee8536c1ada8de204f91ee3e4ab498d594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ff7c98166c9eb5c4cc25592c9461dba

SHA1
fa116ea29b1321fcec4c0a12e0dc62b9f64943dc

SHA256
aef574345fbc58f78fbcc4ef131f18941072528d4867f79d111866610f6dde2a

SHA512
b65ffe383fee61f1332945523496c1f6a5e24f0db3d23afa445b1a6b46722346daa0fffe3d74b22ea00e7bebd0e96dfbe76cb9c3a57325213356e6fdcf34bf4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87e5d0ad6769cb41063faade0277f9a5

SHA1
16b93ec7fff770e661ac5dd59ec74b8898dafaca

SHA256
674cba9afbdf7be2a68184c9656ee29354c51f28edd228ae76b2b41ac0f93197

SHA512
baf9234db8679bde982dbe3f4e10c58da838b99dc6aed1d5e428c7e8b984b020a53d77fa4a37ba141e3bc01b835322d016daaee13ae40c52b7895693a8bee777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28e29fde8dac302ba03b113d05834510

SHA1
d332dd90b78135d3e3694ff86b0339bf26be47d5

SHA256
6786ae86ead70a9927adcd7a58dbb12a8532c9b355ff3f657443157247b1ea49

SHA512
83b05bc26cec3d04361fb59b4e2683a7c440b6f4d2863064b1e589232b9e9c4637b622d1c71d993c7f66eef2e64c442211fb70c1c25b2d9ec7ef15ca649cb4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1d3b1f8fd29f9ac1fe709ab289d9891

SHA1
d9fbf5f9479939450a5383212a3e8cf141ace8a4

SHA256
5f7d5e79b563f1c5d74b251fb41ebc5c5eded9f12d1dbb83d35b6266587c568a

SHA512
55f8982f7797e7717194c42304b4363fd1ba30c703840b249f96cd49eb0eff937f2df4cd5124584b34732e0649ba72e4f487627d4906eb5ce77a464f76b311fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32fa03daf810fc50c028e6d635117d8b

SHA1
c8d013cfed57ec2c24b258fc14dd4ce0f1e19115

SHA256
b3d305a3d14e7f788787f0ddaeb32e9960fcfe608dd8b3006c9e03c5edd2af53

SHA512
c0fb94a87ccf5df15e65119288bffdb022dc1cf07550fe4f01c7833af91aac4599d1f4972c9b3f8170223bc13072fbefb554b485ea9d54cc30b6cd6fcf731d0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
41d1d35a836601df1c17f4539ba0f3ce

SHA1
0f8f20bbb4cac91a9248fdaaa0fa90e3fc68b69d

SHA256
5df69b563d9ba25d112403f1909d79397f981d0e7d5505bf2d825ea0408f9203

SHA512
3c279e7f0c1eb017dfe753213b6a877b219804edab21bd5028e5b0ab50dd758533b0d4f29177d3d7ef7e9f9aa26fb8cde21f917679d9d685962aba145f408c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\css[1].css

Filesize
192B

MD5
3058d74d4a2975d9531f70e1582aa831

SHA1
66a92ef2b82a21e12f765e3346f15c1ce30b519a

SHA256
3cd785051331aa1737ce786fd107c6115fd8dd47edb356c9f3d6862de43f816a

SHA512
0222daa192d810eb251f1014fae7be6192967cab6d63ff192334c159cffa2522fe3ce37bb3a84a7237053806b9ba66fcda3881bb05aba008f9bdcc8cf072c280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\plusone[1].js

Filesize
54KB

MD5
fb86282646c76d835cd2e6c49b8625f7

SHA1
d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

SHA256
638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

SHA512
07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab140E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1102.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1290.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit