596eef050cec06859ef429aa8965bd765d3c600ab4483ba201aacbf3925fedd7

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11fd2d107ad6a07465712c5576065f85_JaffaCakes118.html
Size

2KB
MD5

11fd2d107ad6a07465712c5576065f85
SHA1

e36114e046cfabe348b5f1dbc0f975ed7bb0fe68
SHA256

596eef050cec06859ef429aa8965bd765d3c600ab4483ba201aacbf3925fedd7
SHA512

08a234d6058bdc1f2900e73871222ab2330cd448e35ff11b85e489eb97f658b2afd5bd0f9e44e75ff5866976607fefb402a8046c8c69dcf044630f162d5c7fd1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3083A9E1-09F4-11EF-8547-E6D98B7EB028} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420974854"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2156	1992	iexplore.exe	28
PID 1992 wrote to memory of 2156	1992	iexplore.exe	28
PID 1992 wrote to memory of 2156	1992	iexplore.exe	28
PID 1992 wrote to memory of 2156	1992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11fd2d107ad6a07465712c5576065f85_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
136d001750159bb49b553495dd929fea

SHA1
389a3877f7abe7bb0afd83be09889509db6bd226

SHA256
131882ad4146da0a4d307837c5e6df26afa94b9af59c3687d6386fdd149e0441

SHA512
d278c4d0eee0a35315925f643575c27a6cb7fab4a07984dce1453e65a2292ae546714a9ad2978cdad441ee8b696df0281857eff9a66ff4e5188dc7149e788efe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
41eb05b604710c7a23a8711cdfe1634b

SHA1
aee6fdb3a6bd7351b9cc163036ff6dde8d86f2d9

SHA256
32aaaf237ee8403df7b351e53fba55fabb22e53003a335fe25c7c095989cae03

SHA512
acb87f91141f79e2f42a06a0b5c75d0c258c8d64ff6d306573cbf639344810d8a0db86e8d1f9afde9f119197081aff1f13110b9dc017b63cdca87a08de2b1c83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0a37787f8df877f41480b878efae60f

SHA1
8b6fab61d87fc9a4f4331283d56cb2c986fe1242

SHA256
d54ff754d31c462a2a97cc7211cd5d14683d6882e8c93151a195a668f94ad26e

SHA512
a774cb8c041d1a4e9a3ee9f27ce7db80fca10883d2b556ca293fb7a135d9fbba81fb7ca677e111bb3ec05969f29c69d6dbfd646b2b1b4d8c1086317fbe202a23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
886b4d54ea71c8e5362aff44ce10feb8

SHA1
e537ca434873dddb48caa91fadc5b6fb323ab620

SHA256
a358f34a0c7d46aac51425e99eb90f99ca36b396e67a3e31e26e359127ee3b84

SHA512
98ab096dd82079edc46827bae9e680fd8d07190ae9ab4e2ca4dcfa0bd7a855809b45fd958f53e5738816451e65f1ae177bbf3546d3a19b31b4ebb3fb9ce4ec90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e771fa2fbd143068c44598471ad85bc

SHA1
7c884ef27c444ee3f7b88e378f58be36c8cf65f1

SHA256
e8c29d1de71399c12ccb6d83662fdde5c7708f641f0ba7c5b06b008bf66b8065

SHA512
8537a14cc564b2f0f2d148ab2b65d3c884fbd1b4da65021c43be777a65cecea9de72ee805af5bcbe20ceb4971d208dfe60ff975bc15822280ef237b79e1c4188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb0e637e1766ee427dfdeef0c7d14381

SHA1
3368b6f25e24aa2eb7468758e26e0b9ff2610abf

SHA256
bdf073167b30212e3f1066204a9d1bdc3f6ae10fd23202c22a6074488ab87dff

SHA512
2ce76e8a163d4c2e61651d702dfbd3cde9be24dbc0d5ae38716b115b2d52070b3604ecbbc661975ffeb537541a8c2c468a0d81c4faf3771653496e4025f47541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
496347a2311ae97527776cef563d4a4c

SHA1
249cc773a3fe4b70b743801d234cd8cdd2cfaedd

SHA256
b2601890e2b6fd434c7f858cf60c33e54946eb2f92a63644839acbbd0c63e514

SHA512
54bdc84f8d7c5389da749e25d318162eac4b8ebaa82adeaae500d49f6e2b42e8c9ed6d80166dc849c7800399f875eb54d4ff0cc1c673dd0bc40fe8fcc6637c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
582ddf977ea537772e2476dcbecc543c

SHA1
c77dcaa4f3591d99c0d65fff89096dbdf89f9e4b

SHA256
6af5cf07e293514097a211281327545f5c7f3a57878312d5fc4e037a2c2f3a51

SHA512
582a75e4209fde10931ca7b8e4652f3f2b11752a0191aa5e4a3f7f07d2c3019b0343d1ee01d13d87da9d5cb800eadafb49d8c7a0bfa7ced8409895b7718f5911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad434bb878c6fe4894a067fdde3a8668

SHA1
3aace551843c7d5e1b16aee521db340c80ede652

SHA256
1ebc97eb3cefe059898c048946cb070b82b62fd88eba9c1c44b3713179b77cb6

SHA512
bd563f306ea7554c2066af94a7d47a9699446bd2fe441a21e608b8ffc61942a9367bc3a5061d349611547a2f0115fd73c41639d1cdc368bd8a38f2cab4d7d567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17a53c1c7ec6c87b46baa9f4074ddb95

SHA1
21ee8a893ced1a052b04b73af9dc192a10950338

SHA256
f12e5dc2af765bbfa61fe9a5fc1f77c534f1f8d37f17d957f7806ad93238d654

SHA512
13a0e41cc61c2a25df00966fba225f297d2aac0a31d588c774dc1d5ca0cf6b95ed68c4a768fe1095ad71b7121e1a36b120cedcece6b1e6e49d484ff110d463c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
180b4840b56ab096e46ec33736c8aa81

SHA1
552195b707c3660a4350a632b90c864aef023df4

SHA256
5d9302d046c129b92f24cb308844186771d8009acb1a4ac4e8b8adc509e4a6ce

SHA512
b28f1f9cdd81fb514c61a1d31c481e7c9969fb8bc1aad253823d8b68c7ace3145ce8157312fe20aa4e7de21118afe7c04f49720a99506f3ac7d42aa208436802

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0eae84567afa6b38b656586af8ef01a

SHA1
5ce42597e1c0b78942ae569de6fd77e3b56034d1

SHA256
93f44b6a2b139c6b4dfefd9583fc87b9c23ff2a7a82a2687c39082e7fe8cf91d

SHA512
4fca21cd04e9a3b0088cdfcb3ef6f432faacdb4070f165892fa2983e929a47ad6307ae8e981ba2d6da38ffd1e383665b19c09ef10a23340682bf3a8379ca71ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8c2a4a7c13f3bef49a5f74a18b3a6f0

SHA1
37d62a06ce0841c820219714d02fceb507aa6920

SHA256
0ae9f6695f7ba6ddb7c06dd862d29f0a0169f36948300577a147b1c5163f26e3

SHA512
b824dfd18d63cc260f9deb8d250ee44e28d0223dd1d0cae0f1e8e21062988e042a6fd2a70318e2dc4a470d542e7072a2183b072588cf9814ecf516078dd0d36e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c19923dde77232fa282ce52e041d101a

SHA1
db0e201679039ee824ba09791d1aefc982e13aa3

SHA256
fee80ee5b12833ec72b27f5dd4d665592ae0f4b07aa539a148b66e90fe25121e

SHA512
e0a2174a01ea1af72d2d583a40bd47d0a437a12dfbafc10baad0ceffa8636b68672bea670957ae7861aeb5260a68a76fabbc2a667af4a9ec979a407fa728b92a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee3a5d358c6a968cc8b65e56196c14d2

SHA1
50712ff4ca32ec6e9d24796717827991fbe8d9d3

SHA256
779bada5509b65e0cb6afaca80cd124a62858e5f2d5fb628efad4045f0da0f60

SHA512
d9eac483c6d3bd2ca8f559e5ac417682d9c4ecb2cb87e987240b65c3379a3a8c056ba7702c0333c842449ba8a2cd575d41b71537d772d9e8bdd97933fa1b631f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9d15d40b83484541c9af8374c8d0dc59

SHA1
03166b991db09b0f56c35fbcc33bd17e926d3b8a

SHA256
692894845b727374d2fac411a1189c01e02067f07f1d2facffe1dfcd9ec9ccf6

SHA512
dd3ef6cf74ed5121e1158e4aa0f28aaadc0a5682d6ea3b02b8999c01108b3d6e2dfe749fabf9db3a4f265d98a234ae8dfb53707a9ed397e18438b4c8bd9e4fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\agnostic[1].png

Filesize
5KB

MD5
8e35b75274a33a695fba6a64c5e7657c

SHA1
d9f32ab5b394f813eae4694506471b5833fa9bda

SHA256
f79f609a341100f90ac809f0440cd810a6a2377cfc99b50eca6e915b82c09ca4

SHA512
0ebb9b14ce6cb96bed5f1421798a4c9b1a897a983678ff9840912883b603fe82f7b4cbe2b20f18a4880dddc07b643bf6e027cb93a55527bf083e7bdf6ef17c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2712.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2715.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27E6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit