f324086092673f68e5547344709968f519c5a8cc1655eef2ad2546b11c033bc1

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

108574304696ae16afd5202c722e7ac9_JaffaCakes118.html
Size

144KB
MD5

108574304696ae16afd5202c722e7ac9
SHA1

72252992edef068c42fa7f863b71ff58f4457097
SHA256

f324086092673f68e5547344709968f519c5a8cc1655eef2ad2546b11c033bc1
SHA512

3318cebfe08550d00b1f0622cc5d7fc023680d3a64833c5a745445d279cf7e636448e11bd1fb1df378994767724bf75944aff5f4b4ac20b3e9a710170037d513
SSDEEP

3072:SMslDlx7dyfkMY+BES09JXAnyrZalI+YQ:SMUDlx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE1AA801-0948-11EF-8AAC-6EAD7206CC74} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420901218"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2340	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2340	iexplore.exe
2340	iexplore.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2736	2340	iexplore.exe	28
PID 2340 wrote to memory of 2736	2340	iexplore.exe	28
PID 2340 wrote to memory of 2736	2340	iexplore.exe	28
PID 2340 wrote to memory of 2736	2340	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\108574304696ae16afd5202c722e7ac9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2c2752e1e945b0b02ef22068fc248ed

SHA1
a2614e9039267747a6cd18dbcd2d5d4838dc6444

SHA256
957bea43738a63431e851765d9c815661c6c5a4a5ea7682bd889d6165aa44120

SHA512
76dd5b97d7fc336c27235a55ff2841185ff37c27936d11892d8a5b22cf7af8e567f54663bca1dbafd14400c48fe159320c4e429a40e6528eea6bf39f5c7e5a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b767e47a7b37369966feb2cb4e28fc7

SHA1
028274ec26002bbb96ccff7c3ebf30e62a4fb142

SHA256
3601e8df2566566ea7d51088adcc28e3bffabb02a72fe7cc58147c9324c0ab14

SHA512
101c9d9b1e3810305656cd21d7c022fc37ad0e4200a6b025e36e098bd5639fc3d618f24af7d24ed08738e37af29aa6b7d0dd74de39331c40f8a335d25d94006d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e38c6ce99f1cf41e5d6563cb6af4c4a

SHA1
532a5366459fd72380f97783e9df2367eb493849

SHA256
ddaee11c01f613332d088a73a23f2832a597b539de1327c10eef5b487d4e7eea

SHA512
16210460fce637c94bff176edb0e6ee44588477fc0971933c95adb5317e8a89e4d053ae4d3eda444f2c248bac46ae29f53d29d0a51b99bfb153ea1d3d87f705e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2010becea6b78ee97821566fed1e97cc

SHA1
3aee9437da895189e5bca2e63de571f38a01a5ac

SHA256
b5d648fa1ad80b0e5e5827147076f7775f153e278c130b6ab4d8a8a760e8cf92

SHA512
0657149614d558a17129777a5de5dceb88df586b84628943c90bed7eedf745d0de0ca23921119b4a09151da0b45aedbc00904a2156d877f547efc820943d8145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96909f7778e07ae031833033d121249f

SHA1
970087161e56000fdee01a157cdb8ce7235b53f1

SHA256
1b3c3c0d1363a33f7c95f3a8df8a82aa499eaff02b6ebf710907b285c438ec4e

SHA512
9b96375553f42014575f18fbf41759eb865adafb8e4349b3a5af91247b653a94a509e3174552274c1a374f23ed08013a9b4248028dcf379cf75e6328cdfea0f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e8b7f31f8929bc056f28a5894f5b7e6

SHA1
d03d0d1449df7f26e07b6a55bccab1347d9e73db

SHA256
a853e28caf8ba036b752f323f21380c41c7da836577060650e9d34006ef76c13

SHA512
c82ad5b9e670acf74556dda2fe8b237ed3beea23d1440490f05895f2e7c0f5b241bb551fc61b5a4398c6b20327e1405a9af23138da150cc6f060d3b387a97b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49d522b45657f44451d63c6043f6c1a4

SHA1
5b07bb9b385c386ea5126edb75387bfd10b505dd

SHA256
d39f86d2788553852365dddae65117347e41889b75e5f9553dcedcf9c8303288

SHA512
1ee6fca6bb397c77e37761a2699698001bfd27c460fabfbee7a8dcf6d1f910161afd5f2e348ecf69963e9179867687416db33a5fe156bf34b482cce3159aa785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c709c30771db6cd32cfc621125d49c2c

SHA1
351b96f998552841ec8efbcf46e9f4bab3e8fd35

SHA256
5b0c9ac2ef1ffba276f3c20e4fff603087c37e222a1e99953bde7728eab7752c

SHA512
d15332eecf918b98e37c4cf0e5374a7fdd426c066d9b54dc9f11c755818188493f328bbabbe2a3453764fdee76e197257a09ce7ed87fff96543abefa62d469c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
495eadddb3e4c7f128374cfae339490b

SHA1
10698b7d7aa8c79b500956c3ae95a6885f989529

SHA256
91927d30b57e770714848f08938f472a550e470c6e6e65c924f21e9446b43d47

SHA512
4551a273a1b26ce82856ad6d5e03aeb9aace8cd49c4d929fe3c0070bcfba8c5485e6b31875e8f9ef013edec07dcec6966a33b6ba252804ee63f0d67d0e8aee76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bad359c35d8e2359ab4f88fc5e9bd27

SHA1
334f71f94ca32a5b33449d8629f64550ba0aed7f

SHA256
644dfd9b0849beaabb1f2870c91544ccf9b755e93ed44d77f46868ee26fc232d

SHA512
70cee86966275d7983054cf351c8c3a37157f7151353636dd5a0970b7d98c55a47d926de1daaeebd07b06acb4ad8c901fbae67f81428927f553e451983363d06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9293e457ec8451e4b8eff9f924932b7a

SHA1
24272dfb0bf5a13d07db40a74fba6cbd1c4129ba

SHA256
8f1227a7ca6df31c0620263ea3cce5dc873a97c9f124ed9190155d8517b455f2

SHA512
c8ba4bec4ac74db3a2b2ff2f1b031262068b4e763c7bb53c98f802fb933606395613f0a5f8fe5ab8560be44005b8defed3944f8780e55c82366de9a71d1220a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
555e4907f961c5a952ccc109dda26ee8

SHA1
855eb7111458052941da2ea22e6ed5f472cd7d07

SHA256
8135e2b09ac055a5cb6789d5ae1412a470a2f0903c23bbc35e87ec0e6e7712e1

SHA512
a73c19b31b71e978be1e2a17b824ac54321f5644056857f83e72fb66ff93cddaf438e6cd79a0229a46788ffc297a69d1132e45768ed844a9bd23110070a2c0d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5de6670861dbb1eae905a1c07de33067

SHA1
1c62de01e5cbb455930714d2bf87898564437317

SHA256
48d01b02eef08ae9a99ab97fa39032ec3597845c0faa2ae67b450862bd0886a1

SHA512
c4801ee99eeae5fd8300107b062db809300ac789252d9dd0d2a76d5acda400c05b443d8e910b99a86517621e5a7321b5294e2ee350450eb2045d245bcf5b72fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
478ac8fd04dc3be0bceb263e4e5a96d8

SHA1
52f248569282e3f2a31b8affbe6599220504f7ff

SHA256
b683193cd6bc438931f72d4bd9576b86c77b44929c90305734fc6294117fb200

SHA512
da32bb6acffda6207e2d442d7bece05808308f1bcda117e8fc5e7e851f4e519823d7831ec281723ca74eb4d3be4c8aba27d76f1e1a08093ca8f96867207dab53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47956def8826a04c80185a967a1e13da

SHA1
ce5b91adebcea0249850cfcb31f776d4ee6d129b

SHA256
b92be7c21d1381f0ea2cb9879bc922dfec2f2d6268e856232ca73422c10cfc2c

SHA512
64ef25df25ab8df50e862e0f8c98697761d692ee49cd161ed8a1e0120026af2a0ada318d568e4272d66e128bb0da970505b536b173395a32d216dd96b9633809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c30819c58b804b33c18b742f3158a55

SHA1
bbac5cbaa7e065395237907c67ae1e7ada0b1c12

SHA256
8a3039135c91e3a60b5b2c8166fb705554b188ae00d858895ab4d0f5b4cda36e

SHA512
4272a1d1ec4af043f3337e25d7761c86bf1d2c416794b97bb91a810682111486487220ef4343bdf7569a75969fbf1fd85b47a49454d6c324e939fc4cfa51e288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b9ee6ca7df2d246c6aaf5715e39c662

SHA1
9f0d1e3d09bd8498a86003111b075e54fb6cc61a

SHA256
3461d531a8d16e3814d676458c63cd9ee21fda50c7d656cdb26e12056f030c02

SHA512
daf769f45ac0c41e56e21e5538e3dd59fd79e1a71c4711a62beda9ea41244a87c752c51375cd002f535620339c38f28d49e580a495758c04399ca8859cad2dc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b767006f4f160518dfff7b8f1963b09

SHA1
da3534e7565db74c13b2892fdf0307bda133ccf2

SHA256
7c22efc31749c46681ed7fcc771ad8f3de21d059d5c2d5bfec3524350a387842

SHA512
aaa1dbfc3fa250e61a6a164dd86f3dd6b7911c65e85c077cf70a588ee815b9ccf9dc5121a35fb33f58e553a3456764277f9144d1b3ed5387c0fde00461d3f212

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17C7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1899.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit