cbd7212e284100cadec0a6bd4c8615d06791e7a9d671296c5b3d2499be67d7c5

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11148a03fa762256a46cfe80f57f347d_JaffaCakes118.html
Size

29KB
MD5

11148a03fa762256a46cfe80f57f347d
SHA1

2010e236bd4042e114f4d27fe09456166dca126a
SHA256

cbd7212e284100cadec0a6bd4c8615d06791e7a9d671296c5b3d2499be67d7c5
SHA512

ea26aae3b1533bf02a892e8c1ee900eaff6577d5829957dc876b2611b5814c1c54b0272b8cbeae897fc105d59fa09cda1f759af355639045bb3673f46b9ea796
SSDEEP

768:CHEXzTBXxzjIwwFGtzQFVTXE3zozd88QKlqW66MPe1K+kq:C4TBXNjIwwOz9Y66MPe1K+kq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420920509"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8645511-0975-11EF-995F-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2292	iexplore.exe
2292	iexplore.exe
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1376	2292	iexplore.exe	28
PID 2292 wrote to memory of 1376	2292	iexplore.exe	28
PID 2292 wrote to memory of 1376	2292	iexplore.exe	28
PID 2292 wrote to memory of 1376	2292	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11148a03fa762256a46cfe80f57f347d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f28a3064996fb194ae846f29f0bc7173

SHA1
dd18b8e335f43c34bf4d3002173c0d2a498c15b4

SHA256
992cbbd9f10d17ce2525036d01872d16857c242682d8029dde1c8cab23c3c199

SHA512
60f8725f7738a15736026c44f4c7a7a411e0e2726c00590dab8f4640fe16ff6ba919b48dbc92cdffc6c6b9a391906f899c51d4b1a346d930ee5dac8766a6643c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f751e777d010c6afa72b8dc22e5f6c2

SHA1
c21ff4319ce66aa82f64ab9b95aac69d335c0df5

SHA256
98e9c30b2aa075f73813dfd7be573b63613afc3aeb86ae203c4c6a4a199ddcac

SHA512
eec15b4a38c99d90f1c989aa960ecc850d96078cfd6caf5e8de1543fd80a8dca8e6ff974f6da82b32b8f26c9bc96a7c6fc756287aa7ca6f3f70f8c9f97d16d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84079b423bd581e62a82879589e092c3

SHA1
361cae6a45065bdb0df8d249ae6dd2ab52bbca84

SHA256
faf31b4ea2eee3897739389afb3b6f761150b4f5b799ea2caeb9e0db1d3cc414

SHA512
651900bf3be1efee3659a435b6d0c9acd13b4ea642265089aa020f7ab2e33744af0802556021333ce6f5a38db7535bb21f4d9578934bf6d7b1b70e4cd7d60552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60f99c23365b46d4136980af2ecf55c1

SHA1
e42571cdf5a3bf6a69076f32dc48d170cd734442

SHA256
c13e745aa2784470ff918b4b147d414e7f54068362c7873eecc578eb661f3853

SHA512
e9b71e282804cc0b6b9dda415958680c3b266445b595385960eb50c220d83a204773ff260250aec0c517e78611ba1df88b061a05eeec7b9adb21f6d9599d2d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
110884896992227ff6e0e102affe0c99

SHA1
859e904775a4a9615aa0e291a259902e0bbbaa93

SHA256
ce66fdb092bf81896111d2121d423bb0975c276e2c7e97487957a49399cbf2d5

SHA512
96331ae41546d136d3a2968101fc0dcc9befcd0326f9d343c62576e9cab66e0cf5bb36ecf022d65d4fadc9c9b52844d40e2fc9b9b558a863d9995c32ce35a356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e5f933da6def30497222f8e15e956cf

SHA1
b8899dddcf7c199ccf97ebe4fd8d326027d21532

SHA256
60574c73bf6eff7d36e491580ea3fcf4fececa437cbd9aa32ea89aae84d760f7

SHA512
5a7eb0b047014a7c1366f32e9f8d33194dec91dfc2c3b0557bef0be4716b25cba4b2abfa3f451f41be6c8a245be5940f298d56f8ae464d0b541ef097f22e5c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc4f77f71ead01f4395e84fd3f90d446

SHA1
ea59c07168b6c740b2bd9d97abbe67dbf7497884

SHA256
b38b67d6b2ee06e0ccb5b6c0869d6fb2b5b28e02490c2be02b82a53d2b93f12b

SHA512
b3cff10e2b65b09eea994abcf4a9408af71d8d27cab44c71b482e88924af457dc6ced8554e5022735303004cf038680ebd94c2f020ed161a0ea7852773f04fb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19199f0a4eff48ebbdb0a4235515ca8c

SHA1
814dce9e2c3d471fb8a8dbbe03c77eb22487736e

SHA256
a117150dab2c16e58c81bd6c327bbbd9d6e6ee7648d3ceb8295dee399a1d7ae1

SHA512
892caf72b74edc2cde102886e7d771fe5177c25b04247af8af65261c031f41d6c7a1539608ba3bc29070fc71e2bf30e3c5f78027ae97e95926edd8e4dbfff952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c55ba523a1ef342e4f7d055df1b43ac7

SHA1
3b5228fec5f815ac503da327c4d73ad9349000f6

SHA256
48f75389ed6b9429d9703f189cf7817b9342922052fc85ad3272e5f18ffe33ed

SHA512
840f5af5105fee208f161daa109952a96b641e679b8b5bc05706ecb732508277222707c9f64bec6d1c19f7f15efa3d7846876cccba9e6b393ff9064f327e496f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
048ffa114d1e555eb680adf0c2078fce

SHA1
d27bd67ff4a7083579d3a2bcf23f50527707841b

SHA256
52b20f9b45b7da750220e270d857ab209a8b5301eacf16bdb81a95eaf31230eb

SHA512
8bee9cc4549fb6c14f2f3ef461a04ffa082e8053febd50bd224103c4e85f8f58661d75337d2c25f2181163d0a754fc9b2284b257c3cb2561c991be13994fe5bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd88097c15122904a4d446989c6b3b79

SHA1
d14413026d996a3f962dd834821927660c013c42

SHA256
3ac9312fbd56d960eb323d1e5336e837f00797e2e09b9cbda0c0be01d63fb468

SHA512
9cd23177c1ca3e884ba855d2b3ed85bb830648575e87dea3860c85edeb8a56d299a28db35b476673871e1f70878ea1343e06cc4c006d16482ef50d623899a790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b998054793988bf7135853625263ec5

SHA1
643a880802ee90a4ac6e43f7779f9eae1028bd67

SHA256
bd6161cb7de15029cbbc1aaded8828ac7d37440c2427aedb1ef0d89465752fa1

SHA512
b3c5aa9b49a297d679665fa4274be34c615f20b95e00c2060e822add7d44335020e023ec860d69a9be3f328de082c28627d335ac3ba82e52e7915084782e8d8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5944204dc2b0d43e29d0b662900efdef

SHA1
d5937e36c95f71fac59febffa26afc676e411e70

SHA256
9d02297924850b76f020a2847fec095e0fc06209ad018bda5d6c173cbfa2b89e

SHA512
3949d24def807df47c9c5302ed8aa985c0da7023f370d4468a77004c58eefd8b4a4f08d8471753387d18394a3e9bf9e22c8050e0fee0267c171a7e02d7589655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5886a6681ef34df24ac1db20f6ba01d1

SHA1
4bd173885d6f36e3cad2cdf35fa894027e288e18

SHA256
99633d5e6a90c51ee7a277c31d7a4b8eb7245d13d6d4aeae758b22fddb797a8d

SHA512
b732886d9714cb0cb049421c0d86caa78818627dd2c0b8e463d6661fffa5808fcef7d076a42bf6c7ff8e4279c57030db6c3a65fd34d2f4d1d5bde037361e5be1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fc8c2009401f853b39e607b03f98590

SHA1
09108d72308e6dba779294aaa007246f2dc83efc

SHA256
0891a30c70ed7011a7a2ede6d8dfb084c99600bfbdee1d2b204b27f40da8c887

SHA512
f7cb4cb729f9739814ecc9d6fa3d06addbd81781c9060fb7853f7f70a736413f3e2cc6be89922dbb289742ae2d218d11057aa0736bd961b39db639f7c7bd2700

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
896ea3bad6b22dc951e20e7ec2ce6df5

SHA1
1e9b390a1a7496eb3fb5fea39039f15b9f8b862a

SHA256
c2e518dd31b0541c078ace7c0ddab76eefad20fa404af517ce1ac84393c57b42

SHA512
f7ddd6a6b327712aee228a9b67ce2e209173ab90394f8e8ca65e0dcdf328d290683b36af96dabd43f99c54eb3d8477481741f44f5f11778065335d53462e96e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4052b895e48d014d748dcdbb3f943e92

SHA1
a7afdcc8d42355bff20b6571d029ccdd72885231

SHA256
6f90406b003883b9f084b9db00e62cb92c06a66b6db1a2336deb41994c0f15d4

SHA512
df5710d0739cdc752fe03b9d49159b48abbf2a993b7372ebfcaf3b1279898e4ebb8606ab4a90be0fb297fb0a3a106d0655fe675547919282cd2de72c43ddad11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92b20afb08f231e4ca1bf88ddc9e73b1

SHA1
a525cdcf20c08ef210b3167af0eac4dfbb753c59

SHA256
b9bdd2057a6c6273342c83526296e6831a18acb389c1e7811e409594593fc9d7

SHA512
79e39cc06c4e04da952a051576acd8b27d73c7d8a2dd0db018af868bc76b57eef95bd66c947447fd0cd7545fb293a2967e1960852d403cbc45d431f824da48e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51339bde39746acf8e78445edc0467db

SHA1
b92291b0c845430198aca6673dac1e0722e347a7

SHA256
ec124c5b52a43771cfca6bc9ff064f248c577b1ee63c01b918f088a2d79ce462

SHA512
def51f5f21b59192fe935ba3f5e1785244eb1825dbd3157494a20c9b9bdf5b40820d2c844fe8993862c3a7d977bee0973a2b94b9e75d00865e8fe131b2e1832d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c77bbc43fa4efed7fbde48978ab07f7

SHA1
a86ede711785dfece96e4e3be713790840cdde2a

SHA256
77c07800675d5642e2dfaa07c0225e7f1fa80aa944da3f20e57db0571f49008d

SHA512
2c326497a3be683415000ce063101d6a399a2a2d61cc94cee2d4dd9293e37f99091e259871be0ae9c0cba11a130540c095553e672900992e432035be1ecb4c6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
800f7a871b1d7bccca5049df14b0eef6

SHA1
84a3eb7fc8db2c63745368cb4d8d6977a190a1b6

SHA256
d2ca8b93a8356ece30c6f1a967e080994121e06ccdff52727ba825debc9fcba4

SHA512
1144b3728009e60f28971b076e93a84bacad193fe6645a1d58af7d79bd097dd960f3c3780fcfbdfa51c71419d44628a3a84f78412e7498a1088756acf6edd6d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61dc9e4a64e5e9f2fdfb6a79da6d0c0b

SHA1
cce43f631cc90f4dabef70c3c629abca60087a75

SHA256
b56d437d94251142cfdcbbcaed527c9ea9d35eff3415976006c870ded5ae419c

SHA512
9177a8e1ffc5dc565b55c5c1b803dcbd748ba9abecbe38c163ae7ed2c3aa4f2adfa998969c6598c725fcd490a9e7fd5203910d8aa5a02bac165e01e685e20649

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab198B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AAB.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit