ddaffc3a704069398933a6c8b25922e3d7a2f3da7168dad086b8de40593ba045

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

137d4baa6191f98daca3c8d6f718eca5_JaffaCakes118.html
Size

37KB
MD5

137d4baa6191f98daca3c8d6f718eca5
SHA1

4ce43f4af4c6ba8e1823f63c9ca4bcbbe87fcb57
SHA256

ddaffc3a704069398933a6c8b25922e3d7a2f3da7168dad086b8de40593ba045
SHA512

3f28d416257e3fd7655f2098f45cf319117623fb975cd2ba83d67e43d95f58226942a6e4dfaabbebf532daaeda5f6ccfeaf3368442201e5b6f694f3bb1a78228
SSDEEP

768:pPvAt2IUZISv5j7qnSK00EyqUYBerq5eVP84lfd2p4:G2IUZIY5jb0VYBeOkVPLlfd2p4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7B6B711-0A30-11EF-8442-DE62917EBCA6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421000931"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2752	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2752	iexplore.exe
2752	iexplore.exe
1816	IEXPLORE.EXE
1816	IEXPLORE.EXE
1816	IEXPLORE.EXE
1816	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 1816	2752	iexplore.exe	28
PID 2752 wrote to memory of 1816	2752	iexplore.exe	28
PID 2752 wrote to memory of 1816	2752	iexplore.exe	28
PID 2752 wrote to memory of 1816	2752	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\137d4baa6191f98daca3c8d6f718eca5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cedb75db63e7f3a2df8a9a6f08dc51c2

SHA1
4cd289847dc434a050d28df7c3781572d2f66620

SHA256
5852ca8a8308ed34e653d6bc07ece8200fe7fc0d91f934ea883129290e0fa922

SHA512
a9af2effab23101a9ee299abc205e21cbd96774e5af782bccd3dbba20b894434599f9a2de78facdecef871066d62e418abe253d35199dc5efe5b38b2bcea15c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdc85abcff935523573d18a03d2953fd

SHA1
954c476a2ed3e84d5dfa57e1550d8549b2d6e9ae

SHA256
1a33db89d8eb598744fee8c8fc88a93a045896315357374b63685d22b8aeb07f

SHA512
1605d87af06d2694d2e1ca55e4f36d923e6a9be7257f181e4188698a2152596a7b2932ad8ea0516bf8b15aaa14769b84efb0f80775858e123f4220408badebdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf021232872de944ccd0fd612938e187

SHA1
895ba28d74db6ece3cb024d8142bab9d1103a995

SHA256
d0044638ed12804df237c2cb50f3cced61096f70cd21c9423573c90850d1fc62

SHA512
c98141c2e149d238cfa03b3ea5b0712cdad1951d296f435395fb6687a5ec2d92d8ec61c14a759c9a02868146efda8fd5f932c09f16fe914fb0095328a21096c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0ff4545b0808d8fcd16da7d141a754d

SHA1
bc475e14cab5656e8cfa7569b653e3b696e1d389

SHA256
c105b5cf45463ce937f208e5c74d73f83d9d3b73b38990df16aa689c37aa043e

SHA512
bcc03f2c583570409d0fd139fe42215cd8822324a2b5fe60b8d8bc1573e23182f2dc1e7ce8b721799cb14b12c5b14110e200ff8e952fbbae739395bf5e5a3359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f730628dc627a2c14004e96c7bb65451

SHA1
a7f611c85eabd86831b6cec8c25351e8b081141b

SHA256
67649ddb5dbf9e66af9dd45b88f4890f91d8cf2d2878a0d6b035d08bc1f92ce2

SHA512
2257d293b4af657a3c033d3d45916f8b8b6776155f9549d9a702a7b6e46bf98bc893dc0a47f3aea54fc876e4cfa3c7a23556b64090a7855015ddd14f0a6e9e31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9099f476ff4e40e730b3da73a30ca85

SHA1
f9ebdeea1905a1edbebf94681584e8c81322d779

SHA256
88b1adaa56052a6f580a2b2669b2381ff6da8f75720d507586291927dd9ad653

SHA512
84487ed4bba023d894292cb6af8bf96a9edfc6a4666ae74ec7e8ceac013e5f737e73ac2ec4985f5975931acf3e423f8a675f485ca4f95beee9125ce275e71d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83decbf083085a7a46f808bc5d6c7cf4

SHA1
72cf285c59c17edfc2347f75284c417f26e8ae90

SHA256
5d9dd6942c6ef276205208a02d2d4aa7775704dd0c0ab8ca4259b5071efcbea8

SHA512
3114bc8e6b196a289d64421d91bc6b38afb877228ecd2c73056e426f8e3d60388aa5356302de7cdfde2cefcf0310f9ec57b57c5af3a354a7012f34df7c8c3c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6265417bd185c227d967f9ba824a18db

SHA1
164f7c783fb8cbe84e975510d268572247a7790f

SHA256
35a0d82e46568a2911303e71ef910b551e04a555960c09ad9f9dc9f505f31ee6

SHA512
eafbceb29e82fbcde4501af2cbe69cc764c2306a82ed3b080ad9d1847b08ff177efa3afb016c907c962b451dc5c6196cc28f24233d650f77971067216ed155ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1027c60ccf210e7ff4dafbf6cba06029

SHA1
c20c1a0fd507edf27a33ceb752bc19a3c48125df

SHA256
e9ac35d2f4dba9dff9e3e202bbfc00fc6c342eaf736f4eee33fca5b53f4e0884

SHA512
7e52974ebfb40e4e94d49dcb6952bde3945ab44ca4d6535b4b407235be37de81091aaa16eca314c4c2f12f0c5acb712f87775420d91399e1e376ba0d17ee43db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9dc3b2c732ee8d89468d3059c131ba2

SHA1
45ced0f869c9d8eb48462b8ea98986ec4afda007

SHA256
63f6d7531ba9c64034263c6d4d4f137966a3fa94b057d33f29ef405e1c93fd07

SHA512
4188798c3c689b55e42e239ac53809c2963d3bb64fd716ceb3c8d9747390b2525410c2b4df2e9773d739f5e4e686f85306068b9d39530685593218e769c18787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bedd01b33d8a776fd3d36935f28b76f

SHA1
9bd08a7bb5caa5d8458d7caa89640430eb29b1fa

SHA256
dd6b4ecc390e78db486d51e169fc03c0fe02bcbc484bea0649ed1792772ba5c7

SHA512
0f7ba5db14adab469358d3b0234f6c33a8ff5a61bf6618986af42f0c77990e43001eaf5c063500ea965e77523cc588205c7ccb7de0757d7df9116479aef5d3f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e37d1723d7fc7be6d16d195ac285f86a

SHA1
9e743f837f78c6d5497c35c0a0a513cdd77c7c8f

SHA256
336c5dd77a732d61ea9bf1cb06a622efc4b15fbacc90d95dba6ee75790c31c22

SHA512
9d611bdbd65e1815d59fc38da726cd646a3c1b5b40f31e0f916059bd74c1f5815043727124b8d74b47492e52abb1d127f3f0840aa394d1af83b17eaeb3d98745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9b2a5fe40701e866b6b4ac2f64aaa4a

SHA1
92f2b106a7d54f06d8340bc0c16cbb88b93da2a6

SHA256
7b512dde0c1b9bea08ffa6de7cd238f5dd55d9748501f7b36d227589856c3a68

SHA512
4ce1fb84eb46fc0b407969a911b1cf9cad6a867a409a06d30e5282ee72183af195891bfc0c4ab5834e69f24772d548674440ee77885a0de7a95e9089efe132b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d6b64fc1d45b8f445ec787da4427f66

SHA1
96f20c73a48832f526bb0b0cec52449851c8320e

SHA256
77e0210f0b51581e5c0931ee7bd0476b31ed3180ec8191ff2540abc13bb0f3f8

SHA512
61a2075ea45efede5de0c84c54a738bdcf4dcdf1ba9cd5a7a97389542d6713b34804bf63441730a29a45ee8c1026c804c99b792492d105d879231066a520d35a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d76c0d2e24349533de6cc543b323425

SHA1
e0f86a4b3184301a1de38691a5391ddf33709b38

SHA256
df06a76853fd437d8f3b3e45d5048e15c943797df5660d6559114d622364c07f

SHA512
30196c952e8afe99e0817af7284c157d91846119dd74460c0a42dd2bfa395867d0798ccd012b463e490247860ca70b08aa2b425b1fcdc70b49d699f17a7c476c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8cef6cdf25f8b45988a3f7b4c75cb75

SHA1
48893dec639f152b5797af39bc3f409a33af2fa8

SHA256
41b9a0c8f0e54ca89532924d17c3c73fdf54c2ec95c709205d9b349befc9a3de

SHA512
081eee053956a59bfdf245faa171c7a8ec4399dfcd25199abefb424ffa1238bad77316acbe4b8793ebfc31abc971bc7b980b5077fac52de4fa592aa2aa138e53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec6d0d8e4009df72389007036c0e7555

SHA1
a7581db62f7dc2f4ba1a53e5da7d5c407cc66748

SHA256
de1af7400ced8a8170bc6aa2fd3e4fe0ede8fa0949ff4ad4fd41baea2f9711f9

SHA512
e9b087e3d6e97a7900476bd1b210ee5e1081eb957c07b478166e1046e979d402dd631f0f9c13764d412f82549571d2b4b0e018865d51903de2cebd66cc0331dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78999fb49e2c79e24299ff4bca5be11b

SHA1
c362da4b12c1c46bf1e8c54a0da0d45647e44c8f

SHA256
5246816e5f06957e50435da8d2712113e080d05fc49f60a83f6cc6e7252d069e

SHA512
f4374e618a8e261c0388b0d4edd97f1fd423c8603b7449e81e93c05774eeadd4496f58b797bc53598a9fd95ddff94546712232f72dcbd41b88df76ebfe7d6db0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c58b0bed9909dd828593a424bd4cd03e

SHA1
e1d6e81b4020c744b6cdacd35dc17334b58bf023

SHA256
072b97197cbaa3b96f1378fa4f93da61dadeee05b21061fac4ce935b7e37abd5

SHA512
14d0e263b3d88eeeb142d81908af379e1d35ca81c4903058729ce617b86cf9836ca1bfc9466421410bdf1386bfb28d144cc0d336378e2950698203271141eb0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2454.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2545.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit