4bdf42effefac60b1db6bdac7cd9a3c09c35cd2d0857249fafb6faf32310f629

Analysis

max time kernel
148s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

133728acb8974bc4b8b3d94d0ca67994_JaffaCakes118.html
Size

19KB
MD5

133728acb8974bc4b8b3d94d0ca67994
SHA1

b81e2777ef52f072e8120797e9a0b7d7a199c6be
SHA256

4bdf42effefac60b1db6bdac7cd9a3c09c35cd2d0857249fafb6faf32310f629
SHA512

3f205a7e7c70871c3db7274e7902e2821aed827c4b7bc7eda032451cb97f3dcc8272553e52e4857a17c697fe7474485a0301a8053abd8c8a0a0ada5ffa8d221e
SSDEEP

384:09jiOTCiTH/jIB2gfOoLLHmDE+S/pJh2G2MswYBo2Ns7YlRS+a28+Im63HrhKqk:0JzjI8g/uf+v+Ir3HrhKqk

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420996353"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3EF3AA71-0A26-11EF-92E0-EA483E0BCDAF} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
868	iexplore.exe
868	iexplore.exe
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 2432	868	iexplore.exe	28
PID 868 wrote to memory of 2432	868	iexplore.exe	28
PID 868 wrote to memory of 2432	868	iexplore.exe	28
PID 868 wrote to memory of 2432	868	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\133728acb8974bc4b8b3d94d0ca67994_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:868 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
49f5190eea31b76137d44dc2bb276071

SHA1
7565d3b88b69f05006bc5c077971d8f60e860021

SHA256
6e202fcb523ffbb791f7f22b95759cc50f99b88066b569d86c66cbaed700f036

SHA512
381b93ca69969c25a74f96a77a582c672919a01a9032f6b1ac13a1ba5c9934f7ae2cf8ea8ce9b0cf2108d3ec3bd30768771030b526c70e6050bcb22aa9797a9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4c1e634e13010191fc7791618887996

SHA1
27e7499d85fead3ff2e0f0376dbd0c4a2a5da221

SHA256
992f81a043621a0313563cfc9ade302a97919c1daeebe7981ee17846f39d799b

SHA512
b35a86ac20ff9e87d029d1bf2a0fee8de63c4bb5c7433a5424743e55c811b1eaa1b93185d06b9f4a118975eebb5edb8f3059bf1972140496d0dbab5c29e449b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd343645a474361444778c6f14329450

SHA1
267133c286b227dab200ee8fd19c5485197bd0f2

SHA256
d1d793026725d96f8e3d8f4fc3a472945587b517c9dad3fb06e49f87cbc8b2fc

SHA512
91f25b0f55c71e190288d68eecdd6a34d3dc17b50af8cfc7d4be4ee1eaf16038f65933c9f0c1edd77c8f17d97e3c1df787293e2e44b33543a6fd064dc4165d13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4067e4a5d62f518fbf9672ca0205b120

SHA1
15fef46d23fb943a855e5fe4807583b3ad49851f

SHA256
344b6be316d16e9bdfafa4e07ae4f81e3cebcb73c6432aeaeb6085135f0026e4

SHA512
a8b9d498e809af04ed7761ac9921a4cec5efe10d37831803d1dacb14ce11c2e4eb1997f9e295d77737b00c1a51f7dc3f0d49f1d1f551e6d3a6febd644aa1ab7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56c691d5c1b7196dacb327d9b398692f

SHA1
bad5b41d264267e5a38aa9a4764e89fee3cfce37

SHA256
499b0b1eceee0d2046fd172542e6e1894ad9e1984576fde6053961a2d8464cd9

SHA512
ca3482ea35d3d09716135d964dbd69eae64d45a8c04cd5541f1bf802045fc4f99b5236035dce8faf65d8ef0bd39c034505da081d2aaa1850d1ef33a3bdda3d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
621e166584b43bbc412f0271b9597621

SHA1
cfaa76df8ec6813206f6f168fea0577203e3171f

SHA256
3f06828821eb8b318ca237a7f8b25b72203ffd3ac231403db9977a2a64b949ee

SHA512
038e91400e86ebc5bb67a5b25f8a18f284013943b6c7fed4613fb887249f2b7882d7b5f15ba1aa6ba3c97499958a586ba1b928b86073a91e571283f4b7ef273a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaa8e5ce7f3b6d8cff87d9df98362fa2

SHA1
9d0d3f4c33e304493234a54247e83b2ee67b45c8

SHA256
8616e234824dd50e5adca119410521b902256803ea32f81a616abc7750954165

SHA512
9f2abce557433755b87776ca24d4aadcbfda5a92b0ef42a170fa06b1aab80246271611f8d30472181238d55778efec4572417b9d6653857bb66152fe8244ff66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4479f6e3335d9e64eb663deb4c12e52e

SHA1
9d2bacc1645c01dc4101f0d750e6a472cd2e01ac

SHA256
962dfa08ce76d32c6b6cf242c2dccb38af852642ee4f38e398894dd74f5e9f76

SHA512
c7a90f770189b17f6bd7b5ae64931d2557102fc4700cf9f4a06ceb6b577514ece94428f63881115a1be443b3aa0d36cc79495ab528c253f02d911b4a05f8b817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0d7fcfeee6a4aa98af51d0a460bae8d

SHA1
3b80d489966ae260a37624655be4750a3db9ea94

SHA256
fecfd87281ac856e6dc757c0fb06f462a5a9c7e98da25692d2d2d65b39329c57

SHA512
8630dd640c212179d28ee9460204a1251066efd11fd137eee94ca0c0ccf1cac48ee7f2f6b0895ae1f932a5b5354c117980452d734b8b22f6f3a7421b95107d12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd0ed9abf26bd0bc1942709b09339b92

SHA1
1bc3e6a3de8c2db6041d853b65ece2326bd6c956

SHA256
f68a1f11a40380ad1a8da944974472ed6e362738dee688db5690b7d338fda77b

SHA512
3f8bbc187a02852115fd8cf10d0210d9f021b57e6265fcb5a44b62b2f69d775c78302a0b17fc52cc4ce751529df45d1907a0fede85cb73aaedcf8c80720c1463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2366c90dedd56cadc8ca6c8e3515deed

SHA1
b5182fce74f9896901129a4ea6a41762b78bb9a4

SHA256
4b0e8858ac03f91bbf58a25f5487c8447f2f48aa6058543a2618762e5702713d

SHA512
10e7435ff8fa8b43d5973e920f086c040cbe6ebc88e99f72e297b72457a860b1107f3517de3b43647bf81359626a755c86a32070767646b8b15359c30b3344c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7949a2e6631fbcf50e60bda68b92cedf

SHA1
33671ea1c13d3644b5c2a070a689013c36789836

SHA256
e59cd816753a659601c0e44c39d2904578264cf5e6257cb5fdb3cf4f8f2156f3

SHA512
8accdc398db100bc6f01cf083dde5b5d5061ea1b7e36e7dfc4fc20edb861d401d11c25bddfd1fd682b3541384e44dea315d0558e04ca5a5a5e7b26ddd9e2755e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab126A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1269.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13E7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit