3bb91c5d30a12e863c830e92db6f075ecae89c5b194509e9eeaba4316936fe76

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fbfa551b83080bc13835546ac2c1958_JaffaCakes118.html
Size

89KB
MD5

0fbfa551b83080bc13835546ac2c1958
SHA1

a1e23fc2dbe24a8e49fb7da976391499cbf12782
SHA256

3bb91c5d30a12e863c830e92db6f075ecae89c5b194509e9eeaba4316936fe76
SHA512

6f53e36b599b745e26a0dfcfb2ea167cee0ae16ea9d4a93491ee4b4cc29def271d47a2e9e81573faaf7ef4aa7ecca769653175a79f2fb316c734c08c1003bc91
SSDEEP

768:RzMGRNr6+bprZ3504V5mpeivt6nukB2Fu0+iWlUWYLVjAuwmamWrJaXSlqTn3uF0:HprZ35bUDt6Jw/WlNOVjAJmEblqbuF0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{095BD6F1-090C-11EF-8745-52ADCDCA366E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420875146"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2776	iexplore.exe
2776	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2468	2776	iexplore.exe	28
PID 2776 wrote to memory of 2468	2776	iexplore.exe	28
PID 2776 wrote to memory of 2468	2776	iexplore.exe	28
PID 2776 wrote to memory of 2468	2776	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0fbfa551b83080bc13835546ac2c1958_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5f8a57d43d2c9bb4f19fac37d4a16bc7

SHA1
b592a28d89ca394d25ab1e92406033d468ea2ec1

SHA256
e19d65c0440adf6d57d81481145b5e61ff4f291c81136e610d3d0926dec85faf

SHA512
51c5ef2b2f2843c991107848e3739814e219676aafc1edf4be7618166912036c22487f05d64cc3c2ce85585c1b474c2e841a0d15450fd3631891e27965a58a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_52A940BB9460A4D8B06AFDEB9AFD2659

Filesize
471B

MD5
5e0452610ea581da719929504537b73c

SHA1
9df767f84ee95a6df5c697ef5e330692f93b0c60

SHA256
c972c3bcea1048230d54235a2690f2a3dd0ad7816526097f4c1a11202d3b965a

SHA512
6f74ae52bc018f15886238f4bb6cc3c54d1bc41630f2deccb7276ab97804fa7204c3cba9987ea000a92961c178701597483480593ae41f0b192849c74026e038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4131051b707702aeb479b4ebd8d1ea4f

SHA1
470cab325b911d51a62181119aa0f533be2e0523

SHA256
8a7689e4c1fdcdaddae860eadd6d1c835ca03fa87df35b43d93d51ba7613793a

SHA512
205afa168dfda1f99ab533e3fbadb8b948250bd8c90eb2dd9212a3d099382c700664669ac9f45046fc1502b04461df803c2546a7ea479c79f00229b9d67080f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
200beb76031624dc93893061f6730c86

SHA1
e1b2066a13b9528965c553e1210d21f42b874078

SHA256
3bc1d68547894ce29394331acbde0f9e292c93a694323bb6cf50767b6f81fafa

SHA512
4fc5470056d123266c2ab40757e3c43c2edb66b4fb9caa7160dea8ca3e585a4f5024a3f03dbd6d88da259f2a03cabbe10d8dabcc540d4ce2710151fcae247191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
85d989424f003ab02a82f8e145663dda

SHA1
49dba4504b18406ab6670a08b6f5bfe09a4175ef

SHA256
cf1dec30d90365e6c7f1552889c0506cd9504a55aa9ad82f63a947550a3a8583

SHA512
c692ca6599abddc5920ef1f226e67f4befa014b38ef178984db040337085f2ed333e9eab8423a877293c610d56a9f2140caa6d115b00669e231dbc905f645e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8cf9b94442749625537fe737da485426

SHA1
0e7d22f723afd0e4cc9cd26125eb4606222e8118

SHA256
7d16dd9c9cdf2e9a2ad71154998826ce68bd60cdb4a5bc8ef367887739e84943

SHA512
ba238d40cad0d5d14bed13d9afba0155c95818342b8517caee94c3a37f2be48dd1b17e567669e073bb23b87e74ce24d97c8a32d6a22ed416939a1e5e3bca684b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f58fa64a449a6358e8b0797d6de0c0d3

SHA1
64207730b8693c78963fc7fdb8c80f712c4a7b18

SHA256
91894727e470bd9c4b00bc7769dedbf5ddda17a38949874e4335a76ac9ede419

SHA512
3d7d30699b6ec7fa173316d6073578b2cebc958def47d546744e343af7c39ca24e19845a6ca2e28f9f7950a45aa1cdda080262ae4f199746d3c421115ffcd073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8939ddadd707b9742b0adb73d2d06da3

SHA1
f2c708f8f759372e5be70ef58d81dca42203f6a0

SHA256
dd56e1a9eb983adc5e786433b2360f3d62e195ac7f36e88fdac0b32db1bbeb4e

SHA512
8a53ae5d5b1bc431b76462828654f8a4d398a9dbc3e816a57a49f4a368862bfe2c62a651f056846e4ecd6aabc574f414367e9f41bc6b0f14dd458ac2a85f9489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
29ceeb29e27a0cf96bad79e30dae632a

SHA1
c52ed01cb87c47044c81de1e87ce1e891813255e

SHA256
117734ca0b753da6084271692aebd9901b610e82734e1984ab478f1c0c3350e5

SHA512
28e49beb874e820f655a2d941d13cba2670a7580f859c40e625586458690130cad3d626c198794afe6da3b7be247857a11f71f7fae9958da90c3c4bc30ce98b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f88fda59fb9ca1ffd4bcf4aae7acedc8

SHA1
cfddcc20b4531a119085a37705afeeeee250e7f2

SHA256
c9fc1387cd2a99e643001aed771e0c3dcc1eaad7d9e037be9fb991cf27a484e5

SHA512
867c1cebb5b76baef9de8cb178623442d5c9b11cd03915a45dcdeab63a7a25a613a7917e50d260851b2a174a66d3e1d314248b58c1b183307f8411d9f855494e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
69bca85ce4c22677709e0a79be5fb7ba

SHA1
5a7c6599e298dbf242b7d961453c43cba7aacb9c

SHA256
0a51c0492acd478e7812c728ab535d40bfe411ccdaa7f0efb41aefeb3909da14

SHA512
c9f4df309c9cd181fc9d40b59f415c8660ede3bbedb778df77a273890b460ef60021dff5b2a2bf5191ca2b48813a072badf94d74b9b20e198f6808da344b1583

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bb76a08dcbce465abde16bfeb15970fc

SHA1
911d6f1fa4771674cf2c4523062a9c5a027b42a4

SHA256
d80825613343aae6cf62b082827bfb40baf210787433cb4a82442d6b968e390c

SHA512
3b16ec00294fb18957e0f540e9ca29040304180c1f4d51845bfc31a3ffc0014e364d9fd3c3d38250aa4d7d66603d0fbb68a427b246155f84cc339ba403c9c444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20f9d2a15bb4a1d1110db4c0fbfbb8b9

SHA1
1689e0acda054c6fddc4c6d90b46336e41c941bf

SHA256
aa53a5fc94cecf7b069d97ef6997fe78b355e0181aabf4492f01e1f7c383229e

SHA512
21f55cf7bd28caf01c9727d82dada60b81b6ac24191fc076d8239c5faed14e8590d1e06bd2ab47c3679e950dfa342d326ba21e4e92d3b431ebb71b0af9175d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bbe1e646176834833d8de7b35ed4e497

SHA1
f4710ef4b1c9361dfc88644fb7d48bbb7f981def

SHA256
c1953c1cc25ba8d2c8d82bb8a54a65529c5bead3956038567fe9291ba8cc391d

SHA512
909049971ebef20cec73b874a946ce3a4411ad1649775772d8e06c5d475c59165335f45c997e92d9b8a4a4bec2fb1ef6cb54e81f9dba7b357a6ffecb109bab30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1A64.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A76.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BF3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit