e0fb4cf846e7fd9a6ac7d576cc9965d49ec36ac8e5280095b1ec27de75eae52a

Analysis

max time kernel
136s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

148c7aabe9848726a0364724fe103a25_JaffaCakes118.html
Size

28KB
MD5

148c7aabe9848726a0364724fe103a25
SHA1

d05a1f9210f072f10cbafec6559f3cc7317683be
SHA256

e0fb4cf846e7fd9a6ac7d576cc9965d49ec36ac8e5280095b1ec27de75eae52a
SHA512

7533b3b9c15acc1fd0e26fad74d0faff7c8d29a94a7e2a04d67d2b76a2cb28d738ab092b9b9b6542d5e6db86800404fa929edd3ae07098f74ccacc2c973dbb70
SSDEEP

768:feA34R+u/Bv1zA9upYDIPuUZg5saaGz4mInkTl0WIUoeSztfJFjqza:feA34Rzv1zA9u5uexFjqza

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F696AED1-0A5C-11EF-A1FB-E299A69EE862} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421019855"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2492	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2492	iexplore.exe
2492	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28
PID 2492 wrote to memory of 2264	2492	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\148c7aabe9848726a0364724fe103a25_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c820ead5d4bac4e4619a7a1809f10b09

SHA1
d196c84ec7e1c9bcb448657b037fcf2b9b1c54b9

SHA256
68ad9576b69e82c350571935b04b1c063976429eff713aaab660ecb0026cfb6b

SHA512
5cf0e9608c20f098ae7a6e8991e98ce37323c2f5737435005fcc41721f1bf15752528ffaeb1ae559717746fbe86229d08a9bd78ba9b6de7a3b369048e9eef81e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
23f5d0fab281cf707f04270a7b83f79b

SHA1
a42f8066a0852865670e83fbb196a3ffeaaec0cd

SHA256
31234a3d4b52c373adba08dd01f1c569ffe5619a6e7d4d6f80ce2b2386849a1f

SHA512
6c4886dc6b1dd21da21758f40347ff2bb7f8e80e752174c16fc8d1f7fb75016906cd9e199e06bcc4f3dfbce803f763c52550f436db9114319703d4f9854e57c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40d0f812a86620adecd15c5016333406

SHA1
cd9c3edc1e70c16a5038f4ffe23860bfcb44e348

SHA256
1a5f4cb073413742e5755a54bdc9214903da379115212e8805ab060fad1f4681

SHA512
e4595a8b94dac623e8d4e62ee1d1df7f3c2a009a4addcac95146e3be60fe7c71ac95e8cade6873dbf715f4e0543310cdbb5b5ba8c87ae98681d9bab720a175ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
723f1c8db9ce6b0fdcf3c0e9fa20345f

SHA1
6a2f53a98383e58427398efdabf5b73f0d51e74b

SHA256
5a0d78b2c661af336b2003b7df49d4d0ab4e7f856a3acf29c5ef481c318e7018

SHA512
4e5a98b44ff24dd5efa61bb04e409df7723b60430a20d6a6312a77f948c447162d962603a248a771d1d1f9c86ec55ec8dc74792273401561ad1517913f6b4b44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
997dd8738121c94ed994a73b8bc38f4c

SHA1
9302444d12bd20b3b2e4ce2408fd0a13f5e169bc

SHA256
2f99aee6216f51239f6b99cc8a1fdc0abc94ca5d8c374f2aa6285feed1230a9b

SHA512
e02e9f5c0bb00f784faf28e11de5dae76f89af26f8fedb5bd3e7a1b05eb72e200b8294c1981b300e4fec96734900fc447b5f26b08227981ab6b6ccfc303925d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ba5a2db16fba3532561bf33341fa31f

SHA1
a6324451c5577b0f45a8e79574528783642dd93e

SHA256
dd68420af2027001445354cb6f9fb8ff5ec80dc4c72766fa1f5e09a800a5e717

SHA512
8e205c791c5533cef5f338b0e15b0a0a41b44e04cd7aab2ec1b83750e9f6a5e897b6593eb1564f87cbbb2a4323f6747e5c5436640d954de19b40558306b5d29f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4edaad3e5d5a1e27a7717ec8d90eda12

SHA1
c6d516324b6bd724e596a405d72b822c69d77d22

SHA256
88c5f28af174608637fab8c98b8cce65fcb2b2eb7c3f7badb6901a44bccafcff

SHA512
e7215c9cd16e94b5854046b764f993f74ae444b908dc122366ef6fa70cc0e9efbb0818b2356e36e7cd18a4a0a887edf961ddcd7298e79521dad5c82a718d6514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24397c6197cec2b7a05e2eeded003964

SHA1
30b674b278aaf34c461fe65045f72a0056dc2b6e

SHA256
672fb1a67ead58327d596c7e3efae5187a0e4be8966aad220e85b0fab970c5f1

SHA512
5a4704853dca1b3a4b77dfd57852e49d134ff1f2ac2cc2e6af41dbca3edf83d495bb1805aee8ae70d3f3f136cd6083628ec43684eb986019473dab1392abf180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0040603339185d22c24fe9b1c8174f9

SHA1
61c64d90ec3c40b8e8c9883d57ac33564ed261ed

SHA256
1505975d0dbc3a2eb554aa7427b6b3e5e6edcb177e49b6ea48ec65e21ec75351

SHA512
fc0018b90977386c5262136b3f67626ff5d5838900e2415a1785710adb029cbb0b46d141b11f8b9cd3c126599c72724394a20ba093340ad7545048f19ce0f8bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d50e7be61d575a4dbbdea046a4169a3d

SHA1
ee75c926c9e137b84ad28c8424c35c223f3ce1a8

SHA256
f47f12130308978a64fb6a3a6a1dabb7201eccfb025bae5930a6b3d6d89d1a36

SHA512
38a0b589cfff8284644809bf69214ca0d8f638500ba75eedc1d956c4f6918461dc672352881f1daba95d1145db156a66fbfaab14f2ee70fedfef56f3c56739e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
319169b43a32dc279647f48c0bc54278

SHA1
480d65e58d3faaa38575b794af9e8d2356edf7f9

SHA256
962f01bf7d970b033920a1f846f67e733caf6cc8f07492ee687ecebd5d0eeaf5

SHA512
2089e00e258be3ad0d5d55d2895f8398106547f54fd0958fd211040e35c98cc8c63346db171d699a8bd55c0655f1d77e3a5e44459710cfffdf85fde98a2665be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa3d01ab4df646660f338678ab32feff

SHA1
ff0406d8d5b56d792e34eeac8bc177cebef4d513

SHA256
a8be0bace407efb32977f2d88ec33213a0532c5b9cceb338099fa39d3f94ddbd

SHA512
eab11283f4600310f8a9cfec0725e99eebfbcb10357f8c189add01e1745bf01eae7d61bfe2a51abb36f2a9f5afcd87bf95576d6e67720ed3f76142a23cc99015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf8f32bec1e30ae04393da636b817cf0

SHA1
5728148ef1d2bc31dd6f99d2fdf6877b938e86d0

SHA256
29f3ea3ee0e8f82bd9c9bdb41c7030c63f530bad801aabc0a26f2578a7f73d53

SHA512
c88ba4a75470c7ea63719eff6d795dd4d693e20b312f82a1517b3f916c540d47b21c79f93c8517d610ee972e8d3b5097ed262f831e59d46cc7678c2ec9be968a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecd90ee14683168f24e70adb3621503c

SHA1
8249912c201abad8658513664e0192ca4dc77fba

SHA256
19a4b223867133fb7e483b3c77720d5629af61baacd3f6216d307549abcd2b3b

SHA512
97643df70636a78429ecba370fb3fc33e301569966775a7addc3c98c429f61c463314309543a461068832fbd5ccb87c69c940a2fb072f870dece1d1ff5bbec44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ddb0e4558ec11e458e4ec9622749b4b3

SHA1
a34ec09c84f1d96881621636109ce176107a82f2

SHA256
d31d642626e58d966185fbad4e0a139f93d153726ea2a8ef6bfe0225ab997aca

SHA512
9a4c11396baa26bd4fefb76b58c35b54042d28d67bdd222807da924bfa42ca3b4abfb5396d53e99238a5c9749d5e68fda51fa65b6b371d23f87f8fe21875257b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab785D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar786F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7CFA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit