fd7c52513bbd705d230eac050ac173aee6154c45bbea1288e1f7dd66f345fdb8

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13efaa90fb19a34dd21dd7eac5ff11ba_JaffaCakes118.html
Size

220KB
MD5

13efaa90fb19a34dd21dd7eac5ff11ba
SHA1

509c119080bd8bcc930399468d36e5cd4035660f
SHA256

fd7c52513bbd705d230eac050ac173aee6154c45bbea1288e1f7dd66f345fdb8
SHA512

dd5e60d20df6fe6a6700626c13718c6c5d2871f09bed753816573befcd95b8d3af775a0d884003f8e850eaa7378aeba5c8758b0f179f44e392bce75cdb84d1a1
SSDEEP

3072:SQsLMvxhk7JuyfkMY+BES09JXAnyrZalI+YQ:SQ7c5sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CE5E771-0A43-11EF-B7A6-525094B41941} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421008966"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1164	2212	iexplore.exe	28
PID 2212 wrote to memory of 1164	2212	iexplore.exe	28
PID 2212 wrote to memory of 1164	2212	iexplore.exe	28
PID 2212 wrote to memory of 1164	2212	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13efaa90fb19a34dd21dd7eac5ff11ba_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
448beabf4de511816c588d60dbde6263

SHA1
491ec641a7c6de24e558a10830c70b88e73b5cb2

SHA256
898f18cb65605d6b0b30c13f34c948473fa8079403a227f57111cb36e5642871

SHA512
b6f4dc75aaf9ec256f593f3a1ef0ee9c6d559d0d43d06096e12391877e4e1328f660b13544825b5cfbe43bea33364fba7c7e5ce8059df335c369cc30ec666193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35d21c6a0125bcfb4275734132785510

SHA1
c1b68c5df416525b5c62ab06f6e14f6c5961daa3

SHA256
459fad8da4755d71cfcca1bb24ecad164233dba1ef532d35ad0b17884cb96a3e

SHA512
1ec7c92826955f67252b6ddad03f5e3feca6390eb16eb2c86e85e8ea00ce7627c0639db0dd4c2a977d1a9f804f986e3bf7da5c7171ee365dc714286ed40a5d3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12c7878215c33275e10f3e00379eb8db

SHA1
cfbc594044e82ab31a7e90ce302aa946e5876714

SHA256
a5c9ed60d04bfabb70440f42ed795773d64c34e1d51fbebe70339c959d54166a

SHA512
cbc1b5afbbe02fdf21307538ed4437b0fd2ed1343b99864dc1a7b9dbd7348ed89917bf13823e9944cd914ec115cdd613aa9a9252f421c4a3e298242573d83f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5ac5fba65e599cf6322f72b777fe98e

SHA1
3b1ce8e40d0a60f48c12beec7df954f7661550cd

SHA256
aea6161e78b1245ad56be49c408063f47135516e7d250b9e1f74d0061da9df1b

SHA512
19e8f24ca7860f0feb56253dedb517b994c52a923d40b0de32c5d5ee4e0ba869874269419d4d158d01437c618a124a6a59651e3f96662fda71110d036d46d1c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d10f3a0c1976f944fb03bd87d421bc33

SHA1
d1435951f6f35275bbf401f466773e5620cc253e

SHA256
9de46e9066ca204ed16ba35995ee5b9805051bd4919f15f2fc52140fa99cf0d1

SHA512
e9859c1763f5b956cc7e10a8392b9417f1f7693fa79eaa41b28d1cf3a5ccf2667f41ee1479a9b94df2bf6691bfa878a24990a78ddfb60ebd2fdd356f5420509e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ebbafa6f924d7a58ea5d56a65f70af3

SHA1
2dbca02137ca3457fd9fe48c881da2aa281956be

SHA256
2c0e3cd069781741bf981e40f8708dce2eb68dd3b6f085fb62e4c47ead467dc9

SHA512
9dd9124f2cda02f44f05a2b22bbb0d57b5d9f2700757e298812cd8dadfd5d888a06a430f0d6520647f3a7bb4f33abe872dd9840fa435a50fe69c3954eca94321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
807e8e4cd67da4cad0dd103113c03e9e

SHA1
942130b346b503a02ae68d29cf7413fd8157ea38

SHA256
996a859c1e0df2d0faae4269ec53a0a10f464259ad93536951d6bd0f3a7f8117

SHA512
78e72745247c238eb867126552fe8dd510f28e18515f1c9a08c79604b7901c0f04775176f8fe20ae048d9ebe76fe2269ffb35ebb3634fd2164264a1510f25596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
853f218357f0c44df3385d87b5fdf977

SHA1
ae919730ff37161257d07be0a59e9b95450082d3

SHA256
b499e4b19261b9f8532e6e398589ad01e9e6b38635786781f480931fb99ecf95

SHA512
10fc3af76d3338f282c7fac9ea13d40f156c3413821732c29ae5209f85729c8f0d971a68896b83ee84c1838c9d3443b4fea3dd7eda816674263e7c27fba19295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8c51ff46e4d890900bbd66cc2ea38ce

SHA1
44f7a85d2bdde936400418cd350e0754c1b89c0e

SHA256
3371f9d483abbcee8f8a9fc534429ba25846d2cc749df2b972919f2c9f16f540

SHA512
2cac24047abf3eea2c83b31637dc5b2f6888d9325081c7fdd26ce69046a4d4af458bd91cd46e832279c7f1c78b39f71e676982b0df05ea750df5ecb7364ade3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c194525042c1b347d36760b58861304

SHA1
cf536c852e7619899eda19b32bb3f7304ac45cbb

SHA256
822a8abcc82033f505f75fabc2e9877e53fa97df963cb7063727c46758efd559

SHA512
2ac1510a62d134890f6e41de0ab5402bfa462c4c43bb4e4d86eb830736fc4f4a34a3214f834179cec107c5fe57133275b78881e4140352c1a714191252873571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd370bbc7f2adda2e8c815e7198207e4

SHA1
df3caf753abc856c5d348c09527f5c2658b94f98

SHA256
9387f95378f2f53dd27eb86d94485e4176d6a070eab7e270932dc5392065487d

SHA512
d18ef771fd3b0ef4d3c2ecb700182801b522afbf36c0fb924a169015725e583e65ea095e930bea559998c0f33fac597a4ce1b16032bdb8334099d8ac62ce41e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5949f571943fde708cf2daf0e1b646f2

SHA1
2d48845db73f17ea8b0caf4948c85e296ad34a4d

SHA256
c37fa91e131b884f8bcbafeb91dac1b150d0eeda5466b06353485fa927fc8d16

SHA512
a33e0c64bafb64ebc2c8e55f51f9029a9f57c77acd73f3d55ea2fef0fd7c1cedf76a74c0db8570e379aef16ea911edfeeac1c4235f0928aa295a212249626ac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
295a184fd96ca36c2f803b6147c2e015

SHA1
e9ec37702b41b3cbd9fba7ab7b52f99af40a4dd1

SHA256
a0985561dce5b4033269e80726a0d754be98baa7ef2b44df071e87661b8f03d4

SHA512
ec9a37756b7b65f023b428ec75350869a85319581f83d6158eb062438cdba7e3301feca974fbd7a607d32fab28340e7dcd9a1e4d6beaf4028c25ef02d1565fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b468a6ba943d7932a23fcf4c63648284

SHA1
68fdc5ed032d03fa1f7c82da261c6e41503eb777

SHA256
ed62059b8234d1438030ea664fa6cf63d9a32f8c9a82c241fd672b8180b7457d

SHA512
b41de7d4a85da4a089cb2df22daf09e38e45c9b2d20d00b37528bbccf81b79c79cdb707dc21f3fe4406e64f61442d9be7785ff6959e9880855987652b5918a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc6e9f358e2211e5ea94f8587ed9ae35

SHA1
bc9c54d8a4022ccffd3cf04d77a7d48e829957dd

SHA256
20bcb436a4a606e2c9cddefbb4d966256f49548ad43da86f4fd684bd875e9936

SHA512
82eff840cd066ac1da859b4171672686758811e6bcb09b646fb66148e3d4973e5301662133b505053016cbf4c06e7925d73feafe59cd6458250c41a22bf11369

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb4b20aa0672668bada289182b42b2bd

SHA1
ee01c63ed10b88138697c302550e5852ceeec8f9

SHA256
51b63dd0633b6b84b269bfa2238f566ee9a759f3d81416523ac08f0e722f6bb7

SHA512
99d2311216711fcc0f5ba568de49a7b09c0fcd31b7f2a7d263e13db99de0bcd93338a3eeb14c5f5f9ee299ecbd781c2585b16263ad3c39cd14ceed70e311dd11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24ce0316fdbb56ccc1718f04d953a65c

SHA1
5b731e87c4c9d4eacd92d6d595dc010d0f3c7861

SHA256
b3604c51f618a9e02b1f49d3116d74ddd7038f16dc865fdbd0bbd9247ba816f8

SHA512
501e361c2287d1d35dadfeaad26413c3167e3a6de3058584356e4da9c08a4ba191e5cbc6fe3050cdf3f201b0a43958bde7dbf76b83e0f470d06642d26f36fa09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ea4339b53601ab701947a1e42bfce7d

SHA1
c2dd6eafdd392febc937df5fe83643091d703709

SHA256
8f6014caa141e8e89782a0d111a604b668e2289667b987b94e3c21bf8d285849

SHA512
f0f9a684251efe4a40c704af6d8317929c74f066cd2b171324b4d9b290146a9c07ec34e157ac4f4a4c8a9b6e9823c71807f04b93f077c7bb425ee733eb54029e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ea7580e9b4cd2f3c8e1775f047c2788

SHA1
2a50af493cf46a965889d42d8d2a7d334e049cd6

SHA256
58b97ed3130eb25c293f994704a57ddbbb52a55a43195ad800fb58068289963b

SHA512
da58fc12ad982d6866f4e1db6b6b649c4e97cfbbb83409acff991586b2bcb5dfc9a8ab3730cf82cc1e9991e1322117668c1d32e2169658db8afabc55892da46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1777.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar185B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit