01a65b6f22b59c591c28a466f738fd08539246628f5508fc4617f95dd163eb55

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 08:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11fcfc97b44ac3e8b00d4d91d7e4d497_JaffaCakes118.html
Size

213KB
MD5

11fcfc97b44ac3e8b00d4d91d7e4d497
SHA1

4eff0a15128f25cd9019b078fdd540dd96f667aa
SHA256

01a65b6f22b59c591c28a466f738fd08539246628f5508fc4617f95dd163eb55
SHA512

3a61693cc4879e86d31b9464ba91275f8cda368d2d255d7c0ba7d3112987c139abb9e661608a06156b5ef34bda681d04fbb59690803d032101d39c2dae8b7580
SSDEEP

3072:SbhILCiUH5YqyfkMY+BES09JXAnyrZalI+YQ:SbsLPsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{253E70B1-09F4-11EF-8F9A-6A55B5C6A64E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420974835"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1676	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1676	iexplore.exe
1676	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2080	1676	iexplore.exe	28
PID 1676 wrote to memory of 2080	1676	iexplore.exe	28
PID 1676 wrote to memory of 2080	1676	iexplore.exe	28
PID 1676 wrote to memory of 2080	1676	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11fcfc97b44ac3e8b00d4d91d7e4d497_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a18c8e3ddfea767d83f488590c4b2157

SHA1
52b629f3117e4ef2809d67cb73e587cebf1e2b4f

SHA256
0ccdd112467a37ad425d30e0852b55d8b64025f02999f618f900e0834c62c33e

SHA512
0647ebd2e2fe4fa562a8d7a9273d7da8484ac487f9ac0f5c7158301f9857f50b5afef5c12cfc4cb30808ffe65e347c4063b40b10616444c06e879986a3d0bb56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57ce8ba569d2e6569240e7d0210b69f5

SHA1
56a116dc0eaab76a57417205247c3f667579b8f3

SHA256
1b97f10bcfa384f139d477c7a9cdc2285def54c2741544bd37791a9412d29a65

SHA512
8cf0263c203c006a60deb035179e62d4f1034aee7414b9c0c0eec9775fe3f1f5892148138bbf725484fdab651be52e77d69839e29832abde80663191fb3ccecb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df230b8c61ce07851de773e3a8c8ee49

SHA1
591282aace32555145377d538cc32f9bc3393917

SHA256
ada7f8e5224555f744e1673c8d56924de777106ea85d154d2c62950028dca22a

SHA512
cb49e8a6e028529b34478f404a0c4c8874197740810c26e38fb3a3378662ea852b85d26debe40b24853da80be7405986946beb597d324d60b5071aff3b8f3cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d4197808e670d7901dc50172a2e3609

SHA1
8dec8e17acee939be3443dfb76307c005d0b47b7

SHA256
e1181f3ffbd2f3fac81b66c1fc60ee3fff22ebab31f2ec9b413ce69462e5a0c2

SHA512
ad7a943afffa5e9e2dd29d095408688d291ee9aba0678925a5eb0a297e11ba976260b9309f7cee926dd679dbcaff3446ca15a3c9d94866d286c177fdfce82a2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e8efe20e0b000c706b58df0996ec90e

SHA1
41aa723d6a0f79950e92bfcf0d0088e12040bfd2

SHA256
c701b571dd3ad8a718c1c7baed5431207ccd09443a817bb76bb88820f57d8754

SHA512
fd079394876a47c8b7a830a6eb91328f275705687961da85f95125e631f277d5939d6cca2af1dcdb798e169a15f81a4e3087ce8eddd69987ffa3d63db82c55a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c26848f2823422a302a2ee3af89f859

SHA1
73be09e442b2882f622851c24374707d40278598

SHA256
ef7c60465b2df44954bce14c02ba954e89789366fa3c59a0870de37ed3c6b86d

SHA512
06a9f61626975fb790c88b8e463c857d39b9f05c64e3efc5afb0c3de0cf51e8645970daf950ce94252b28f22b8364c1b9abc6accc517897934f88ea12f40a60e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f97318a8393f73ef031d9372fb9a9374

SHA1
97c03a74c5b62605fd4b378119fd065ed2664b6e

SHA256
35754bcbc451d31df8df2ee31dc6b00ba61bc7f01cec1277f046debdd9fcbd19

SHA512
03876debd7017273f82edff677f6d6efd9d6d9c6a3ebc707d15fc0a98973b711a83c3fe6779094597fff99f592f159305061276b1138168936bcc086aa7e9e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
166cf916a8a280395e84d49fcabbdd45

SHA1
43f2df5360d09f19537049b5f079f444449a1af1

SHA256
1ec1f0ff95668d0ada2777ad0cf102eb1b602648130ebc3a6954ee9008a4ede1

SHA512
494abd3eee5fc3975f14756430f91af527a463c0a4d53989f428b955767d456eb4fadaa1357e984c522e0c72bb2169a1ad43198e0595b683b38f05f2e86e262e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72b1534b28c240b4b77f6ceb0b33fed3

SHA1
a16fff4b75e74320ca638b7e09186c063eea7940

SHA256
289db04659022a7ac7ef615b882a9ccbef381b293e1fc985d712a0d64d9f266e

SHA512
7131c0d3ff937fbccb779e843506a5978345900d7a8769eb1e863bc85cdb50b15ee8123a9f7045a54d5fa62105721982b197a05202f6843e96f2c919de4af519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
389f8d21730698b8bb7c615a7e1742a1

SHA1
38fab62a99e10c9b40d4f9351ebfffd0ccc516dc

SHA256
974faa38eba8ab037d0e9f64ad07645d725515c7107b59ae0df92d07ba2af27c

SHA512
d0d7f06e70daef9368a12077d1ca2d167f34ed481323b95d2efe6e23e91ca1f2895c01ac82f90a70aba5dfb054d80679eb4c18d7f549af6f8960d51ebe7b8960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8527fd3e164e701d7d39462dce77028c

SHA1
6d5d42622bb2d269d035f288da0ff8b6d03e27fe

SHA256
e7820163c37d0b181a3e5373b5e5949a0487f8005f8a81e7faf571967fdd5215

SHA512
f6031ca2d829f2289d94b1fff15555f00033a19f2960d4ce5b7bb8ae41cf7a8baba61dbf65b14c2b0506b176d379524cf2e5a90c18be3a58395eb3b24171670f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c918a243edeaf9e93bb1dc7cc5dade7a

SHA1
397dc4f368b5c288905890091acc041f310f933f

SHA256
ca2c1604986ddf5b7457c0d77f0f150fdf374ba5f4e46f4920eae345a6b29689

SHA512
4f519f74742f29e777f1afd4370cc1d1ace1143528725fc7ff9484844962924e1387bea3319017e305f3ed752dbb74844070ba2146f884d45fb8dad0b5a57f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0ebb24d46a42fb29495774c607dd53a

SHA1
6c4ab95cee3200d0578115955eb7d3d8cc2502a9

SHA256
1dda3e0532249fb2a1f5bee9b9a30ac61cef0accb595ba0950bffe27bf40d9dd

SHA512
c08d51cd76c0f72e56746fa0f4c921a053e77e766a8a2b4ecff0624f4c5ffeb2ebbe89a2e3ecc03f7385ff4414ef3ac8228c76640c5adbbc735492371f3efb1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f07a6e2b58cce1986fff1266c8c3a208

SHA1
f06600768c21fbe1bb949765372307f94ea6a60e

SHA256
f6ce3c6e70d144931815aaff418e833efd6841c9f7064730528e9b3b8117bef9

SHA512
83f2ddc20f40b18fa5e3959e2ffb1d20f44d4b2db070e085d924bca497b5936a170f22d463d8f0608c6f2b9d2fb618fad6603c38fd9cf2a01edb3e71281b7e69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1372708115432d76a819382fd500daee

SHA1
6ec8268ba7ee8e02a9551bf1a1de56791fc4999a

SHA256
fd39692ff905361a75ef6215bf40c5d8312d808fe6126dd67fc77367cd49db0b

SHA512
832707b876caf2e3f5bcfebc0fde3d4da618e890eaa91e44be622b25adf84bc284d2a6f585084d6dda0949855bbb3cdbe15d6262d32c6088a178d4d4e912cff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c43dbacf9a3f43d8108c68d5baa3ca4

SHA1
2e88381330b83a23e88f5be3e8a4eb169c3aa3d5

SHA256
138f53e79868604a82f4156420cd89aa2cad007658ca679e663ea293cf84a2f9

SHA512
53dfe70593adb22cbae707f6bfef669258aaf9ab3e517666ffc7e29a690491d2b9376b1c18fc7dc18a2771c7966e839017fb3c2e24220467bf40a550c802465e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cece23e4710bb2d56f126e8cad2a9c8

SHA1
ae75754f1920271c380048be46091ef3f5b4f5a5

SHA256
f4bf2cdfc9e78a31c7710a1fb9d11a76f573ed89939c19ffe1fdebb12f416a0d

SHA512
72a4cf39dd99da445a7179a9fbc88756f6da8b9b3fb08d751d77f01ed4ffcd734f2ed46ca5195eaee2ef407df6d36ca6a2b29ecfeaf350e9776244a0441da4d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2241.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2352.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit