40bfc6887b00e710b1431bef3cc7db59af1fc2c2243b9e879791092d441b846a

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

112c4e6a94ad2599c610849d0b53a202_JaffaCakes118.html
Size

143KB
MD5

112c4e6a94ad2599c610849d0b53a202
SHA1

110caa76aca85ae87b7e2703b86d60fc8ca7bbaf
SHA256

40bfc6887b00e710b1431bef3cc7db59af1fc2c2243b9e879791092d441b846a
SHA512

911290e5bb15f00662f62324ab59a782f1c399747a19673001f746eb2b6a75e6dd535ebd233e85390937a70e6f2463c5bb849324739a204e671ffd0d7f2bf14d
SSDEEP

3072:TvzECqbyPawsFQ/twN7hWuOGk8CfzslcEuvQKxivQ7zaZzlyqpCPW2bPjbUt8i5H:rEuvQKxivQ7zaZzlyqpCPW2bPjbUt8i1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420949578"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{56E15B41-09B9-11EF-B804-569FD5A164C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2972	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2972	iexplore.exe
2972	iexplore.exe
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2136	2972	iexplore.exe	28
PID 2972 wrote to memory of 2136	2972	iexplore.exe	28
PID 2972 wrote to memory of 2136	2972	iexplore.exe	28
PID 2972 wrote to memory of 2136	2972	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\112c4e6a94ad2599c610849d0b53a202_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
126f5f9da5948da8dd19044bad86bb36

SHA1
8843174e984b5811b7b13543d5cf956c5c66bd6a

SHA256
e43a4aa7e6f16301a91a6c0c8b9d820c429f35abb613a01b47b5eeac3e9c52d8

SHA512
1ca7a178e22a34009103b3f47e8c8ff0b11081460a4273d3edf1068cbd14dfc7bc27119fe525bfd9a7d69afefc7b64e70e52269a45fd3fa816b3ca873c9f2d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94313e6fc1480991b178da07fdbf5419

SHA1
871e0d5091c8e5935537558445bf7e19fd24b4a6

SHA256
ae27188653ee04a0e145c69f9b6e12506867c82594161b348778ed02eae9b40c

SHA512
098c3fd09b9222d5dcca75df2579bf3b078e4845b8885a8518e2f882232210f38d22982851457ac3810c824acfcb3c1c7976ac98a6b1c16b2fd6d6675cbcc200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96a2612b8d6664e849923efac4436441

SHA1
8b6c2d26f1120651b1dbe7a0427040b5fcbab779

SHA256
82670d9c75882e24c2638e6543dbd3fa11479a57ae3e07db5f9efab7c39c5625

SHA512
7370e5b6e36f65fdd864ca2647534c28d0be4fe5ee29eabe6172ed7f92a5d57c5615ae0a60574472533b990baf7c27207d88b3bb6d2c8c9f572efd1becc6ff1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2850721b93f6a20a63ac0857e2e4af54

SHA1
a268cb52d6dc6fdbdd3bc10c6b4ae9096f05d07c

SHA256
4d77efd295613e5ec8285d6b7d89301095ad1c0bfbae343778e08daed63dd2b3

SHA512
d17bbdd59b9bf338912c35d90b54921f8f80291ba736beafda11a88f693856a5366bce48728fb58e19ba97785c9ebc027448630b34b04eb65ce9134fc275dd98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e2b16903f57246af134d6b1391e187e

SHA1
25ba6aa9439afbb34c44e4a7ef20d67c6c3ee3f2

SHA256
93be59ee75d7df77168a62ea888886efbd870c1a6708b2dce4e5d5ab39946148

SHA512
031b1d7c43b3707fd883c447c4b914d1522d2970cc6eb31cec7709f54c193188066926a4fc3028882d2a28de691467947d7dd43bb75d0fcb5230a379d96bd194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e04ab082b990147aa7ddc987816e7f1f

SHA1
f1ceff192015dc7e592f9ebc02bf81e2c5cccfd5

SHA256
2977bc08a354c0b177b6fc3f300ddecfec9ab993a0c5a64ee70c870c1776d77f

SHA512
11ee78d5503b83da20c86603d3c0dae818698767909cec2d2cc9c950d9a7a44c7120cbb2b0bf10aa26ddb2b12a2424d6490ce343cba191585bac303065101974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
beb547ddfe4070bb63d13f8482fea63e

SHA1
64eaafbc7c8548b2292e857f4d75778476aacbfd

SHA256
2f45604a4abee332d6779fa2b1920d2c69ed84de1bab6f9f2cb129f67f55181f

SHA512
bea88c6a7c7f9ed9bbc4c5f5c30c5e2c3ba5331f38b35630b12665e3713d36f3d05a9b25089bfe566ce13a53c432e6db0c4bd27dfd543bf3cd7bbe32e5a5beab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b09d8281c0f384cd7f4f18da97713b19

SHA1
9b74f5caa32e54b7b0e34634ee40af92efd71d08

SHA256
70d88de748099137633902bf58aed579de0314d19b196401f2da2bec8912361b

SHA512
f2edbe84d8a7666c22cf693e9038512ead4b24bfbd0646500ec82721c5ef0a51832a1e277777e583a84d7ecf1bc5b9af6dfea8c50b14e8ff847fb9d1a372ea9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70dc6b2611b74e163fb47b405ee887f5

SHA1
9572c5b40509658f6f1b92836d03de133c5a900a

SHA256
c179ebe8f3eaf8f778c46bb632a00fc8a1ccd347c86d0c6785e9d99c7d5bcb2d

SHA512
82f63b3376b6ff886deabde1da9f9db2a7e6d66136e804f0e8fe6d50cef434be672d98556205923f1ddca232b95978e5f8a7f31df22f85fc070d5935bbfe7ede

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1658af6c65e9b713bbc016fafcbee1c

SHA1
675d3dbb4beaaa272fd7fba5f6b5c11dad9d27c2

SHA256
f60818948701e1ed6eb96fbc2e63b045b86ef32fbfa3b7aeef3eb1cb97434d4d

SHA512
2b8ec0b2c0337c2334161e477197eddecc4158293e385edefe365e2f57d2aef8cf20a2694e73a4e7111aa11cf596af2706686b3d8a5c12d7b6f2a60e384913ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc299e3b3b61e04a17bbb51a78d50e1a

SHA1
62ab98a93450c0efe8613bfd070d7ecf40bc0498

SHA256
c8db712ab95301b59e207e6cb719705d3b1c853521bd3a22809cd38a0a4d92ba

SHA512
f0329bbd57edf47ef663ae19e685c32a5cbf4ac8da3a624d182521a31324532fe075edcb1855f8d58af78852d903f0d19097fc4623f27032e09017eab38cf826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be39da5534d3f31624b13a0207a35cc2

SHA1
91156bd30991245ac23f48b2e149d01a4ada7c38

SHA256
f8f74218e84d6d5985768e2d0ecdc4be4fe0cbc402c258a2bef43ea9c920cd96

SHA512
4a42e963314eaaad84401f080b773510e44bda3c74ac383b28cda3335fe64db7fcd5010d6210fba662e79c1246967b9d511acacdcbf3db4e999a3b59de4de760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2509887e858beed5236b6d8c041ec42b

SHA1
b513da111cf14d2a09616a974faf805cf55ccb7e

SHA256
325c3716c8865324f96fa8ff84218f2c682e4f2aeab950c655d97d4c8ccd4c95

SHA512
f0f935556b1f84035f863e5641be3085533cf2808c3bb896fae82aeaadc9bfcc7cc159f1b12db63cbbb86ab0acb2ebfa6cb5218db4fbad143df91292958ce6da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a746137b5affa3fe2d386660a965c0b8

SHA1
6e006afd407cdec4608a59c5fd7ea9b18330ffb8

SHA256
968117995c43d29460aecdf1709004c58f1095c314be462df2865068cf1897de

SHA512
8154f35d52696b73db3bbc93f69c5c68c9bdd4ef7e6ed4e06c68266cfa7922fe0edf7b747a49fc76812d387f15c185a40fcfbd150185673d3465df3b6531daf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ff7a5c2a2deac6efd437d08ff9efb08

SHA1
140ec9ff4fe3db47d9600713176c891214535063

SHA256
097c1e349836b6df6c5c073bab65dbe612433387db3e33284ad031a0e98fa150

SHA512
79924c92a5ab6181fad283c39dfdc12228b2e66a302e86f16878cd1cfe77293aca5326576bde5563a8ba6f3663e9516f4235e9f41c8536e062e0a71de358ac1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c60d169b91e4e3d46417cbf2c0667d08

SHA1
d643f7303e12a06e6ecd63fd0032738365c3f85d

SHA256
ef0ae1535cb1fecde47f441be550fffbb719421dc43bb2b49b0525839b4abcc2

SHA512
e19204129739d61dddcd924b572813881e81aa624c6b8f64a7f99c59b868b510f21cf433792faac4ad122e3818aa57e806fb797d9fe0037f58d8084957ddf58c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
05e6017862f7c071b433401cd17b0081

SHA1
f275b32262f0901ec0f6d6c4c188b3776c9bea23

SHA256
65e1580b9376a2bdb63c5b506b077579d14f6857e908b91cc222c7a26934b788

SHA512
26ff456af19052e16ee63564fe1019c16d2938ec6263312ddb4cbb82689eb5800699c5a24156fae64825862ea9d1451d80b1d4d5b4b3eb1257b75b0ee92516fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab20DB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20EE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar21CE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit