f7ce4e01b025d1ce1aec8128a34f0eedf5d2afb044cb586bc216e327ddf0c32b

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

165e7ff0250781e8fa9fdc4cbf07ab4c_JaffaCakes118.html
Size

9KB
MD5

165e7ff0250781e8fa9fdc4cbf07ab4c
SHA1

182ca6778be2820952215c26d90878f70516274f
SHA256

f7ce4e01b025d1ce1aec8128a34f0eedf5d2afb044cb586bc216e327ddf0c32b
SHA512

2a30ad4c06875fbd0f1de8849133541eec81d4aafd8179e960ba68c2a41d440d0a5fe0fd3c5597c172224a6005af6e23d0f260f340dcb943fb2c00892297b14e
SSDEEP

192:nV127R4/Euq7EKQ213mAsv2OUUcGG4w3vkiUM5/CD:nV1ywEucQkvQHg9w

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{985B01E1-0AA7-11EF-8A46-EA263619F6CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421051908"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2356	iexplore.exe
2356	iexplore.exe
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2164	2356	iexplore.exe	28
PID 2356 wrote to memory of 2164	2356	iexplore.exe	28
PID 2356 wrote to memory of 2164	2356	iexplore.exe	28
PID 2356 wrote to memory of 2164	2356	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\165e7ff0250781e8fa9fdc4cbf07ab4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f7436cd9a32968e5e6169dc9c8f0e87

SHA1
3741dda2d22f3705fd253fdf3fc9a29e5df279a0

SHA256
fc67ed200b354effe8b736496b825de97391920c70c63ec881dec1a2797e4335

SHA512
b7820bdeecf90a479ab887c4cbd3050cfb3f4a6d7d5e0c6625ed34b1cbed41c16807df8647323ec7aed053edcdf186350dc6b4ead02f436b806c169a71b710ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
225a26a9cd1c17874666a715a7f9dd90

SHA1
6d802d6923125e12d1421c7623b7640adaef2e8d

SHA256
fc61bc367363a9fb2c5941b8a9a474c2858010f266daf3dcd8f482f58aff6501

SHA512
37791031f279b9b7b5a8cbd210290b4ad1cb03ccdc09e06c01bdcef695eaa54bd6eed21c4e0c82f4ed4426a1a252d68e5a46f618d0d0f7a78cf7ccde3088b06b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f53a3b6bb5d009aea809f6977fcfecc

SHA1
df912cdc37601dc123d75ddfa698487d4d8e37e3

SHA256
a4ba4847de41b531de2da49c2f7b8f770fb54faaff2f7a363a6fa663f7514ed7

SHA512
40900605414ab93c5883c8c8f76e6725a47f4770a5bccfbc08e4aa8781cbc835b23f91d011d4d1fe25e62456a5145fd4a9cf874dfe24ddd6eeab66a7cb2b1a79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2905fd58c2139a470392bf31cc3d8560

SHA1
3d4df3ab063e37e41814b488bc30c1a6fe2132d2

SHA256
64ab03ecb83ab5f5ade2fb2b8c77571e55ce482b949ed97921b2184f7c89f38d

SHA512
75be2668b3a8a46537ad69a2f54abea7a0ed1776db745913117f9efb4eac57028b2f5993d0c5fc00ed0a6cfd1531171cb82b3f97910ca814417acd185f521b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f28004bd05f1907f4e80d1f5fc67ce1b

SHA1
de00f35cd926c82c6c1b3753f4fe6150382c77cb

SHA256
de63d14d886501a1116e1d546154e491f455eab4275387d9b3eb8f9d67f2d434

SHA512
e1a5fa15961c6553c397f2fc631e94edeb59bce7398d5bae7e89fd0c0ed13b38f9bf3b7866863998a519e9fe111593c1b3632e718019240af58d70b6b84cafed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eece6a348459b0ef6fb7bff6fb508056

SHA1
82801215fb9c2316584baeb6723b111ac89b0ac2

SHA256
ef7732d951ad174eaa1310be9864d85d6059a22e5b1f7846266730c968066376

SHA512
1be57244b68ae28f1556659ec93ec1d3230d931b0899858ca5dac8bf9c0b95719048dcaf4d28cadd4dbf5a9b6e4a5bbd88c034870235ad54c231578635e831c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e23e5b1a2b9e1c07980921e5366206a5

SHA1
c684b959b30022b517eb3cd251e9115432ffd33c

SHA256
0c3001a427c29c5b923214940e24cda3002cee96c909d550fc0cefd595c65951

SHA512
b837b9c81d818fc722b3d19bfcf17a79c7d1963c23b331c9d4f3f8ca67241006c52ed6eb8b2dbe0e391e5af7851cf8440ea7847dfe573344fde35d3e7a32b7ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f0ae1f21c23792cdae1ae11c2d66fce

SHA1
493016eec95cc8501834be7336561a0aa29dae9c

SHA256
97991980de2a39cb8ab0352c9f6705a5ec9ac0a4d428392efe156f91a47f9ca0

SHA512
58ac049afd02764201a25d98ea0d77cd6e6e078045b66f8e6e2167ef25284e99cf9612a19cdf1339063f7889960b94908df24972ef84ac360744be56e1b2e344

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75a1932856befc52774b08866fda8448

SHA1
bed05d0b851b00903d80e6b4204076b73c6f712c

SHA256
6d42f7630a7078215a82f226f90146a32a32e6dfc78612ae75a0da32c18119b9

SHA512
754fd508910dca7850010d0e4a823ea3167b1f4b53cdedd66fca7f38e2af5da5473fa6566d12f7af59a6d7cf5edcbcf17f5af07dba5145eb031c584a7a4b4b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffe277e9cfbc673f93d37af03f0841b2

SHA1
60d0c448e3bc43924010116601ce82e79af7c2ea

SHA256
de332520bc38be89435c2f28a42adfa2e9dd20578694d332805c6fcf1af549e5

SHA512
1b4f3c236559ff8f762ce5165f3a776d51ef9827e26055544830c5b4a4d8696d9d79e8c9ab1ef30416a7369855cb56b3a9dfbc6319585bee7376ea4a9159fa50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50f8775a040f2c0ce5bcf359364da26f

SHA1
cb57498d50fde271023afce20ceefe7e7083d0f5

SHA256
bba5514124c31737255294d2c8f3b1752727b61a905c793f0b5b78f005ff8e04

SHA512
53b9bddf822d7188e0f433f61f27171373734cf9c1d14a0eb7e91381af8f33cdaf5408111e2b8c026c0539799d7291a447a7b75e3550e354b50d02a19e6d95f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
140cd49dc2ae24aa450a815d7fab3fbd

SHA1
942948258c787cd9f5229c16dba5ce2b10414be2

SHA256
7d17744d26378bdcf5b8a726d7c2ed87416fc1aefbc25b28a3925cc3c6909e5f

SHA512
50b0ea942cfce8d082207d147fbfb65e62d552c1eaaa007f13ac650a98fdb9ecb1269378b906da0901d70f628506829a6cecd12bf19c4c88d7819a4c609ea441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60277338e76c36edd1b132d788778269

SHA1
1482614af9d27916c81dc0543a740582ff7a2ddf

SHA256
64734063b49e31e7144508e199627be9ea4aef79efcd5ead617faf2c87c4f9a4

SHA512
892d9ef1e339d3904decc367c238df5a6810018340683b480d0144d884f35dd233cff92e320f8b9b853c5c4f2a8e9fdb531dbe40729db14c24660e7e69a9ea98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
686777c9c1e633efb98874c11585b703

SHA1
8f294f09357936e676f706392b24c34a62a444e0

SHA256
46c30fc33b2787a622d8556b050b0718d313087b0d4e53456b70078b9f664000

SHA512
adeb652331a4524520b28a5ad5a15f94f9c961c0f3fc206af2737e211005915ca55511e3c7132a815089a56ece4e5032fd4bd07768d8a37158ae7b837089ebf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71c67c976938f780fec3a706f4e58535

SHA1
e0efa362f20f70d886ad6da504ae7d09b9a060bf

SHA256
bd789acc19ae2dc60c691341a8a8a96e7bc025c82dde917872757483a569ab11

SHA512
fcc85ebd50d132c5865c7e9983942c577d028e3dd04afeaf5e573183697385f4f47e04f5da6e310f760b957e570821e385236ab7c76a94c07bd28326c4ef2a74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4992435209d5dc3b3b54a6494f07401

SHA1
05a5f160c0c45ab80548b472144912d9c3b66650

SHA256
06ead024d70e7a68a8874be3c58a1b0ea0fe333731aea427bcae9fc44524add7

SHA512
881321856452f228baf1970f0941beee367503602f4f4dba1f851314e6c37b815163c9c9fd692bac40d2ceef9ecfcc43240c7b016919668dccd9e5d3cec50c10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c2cc9031fcb0531b0436679b1670223

SHA1
c698ce0f80d1f9750c43c5ee6cac91643f92effc

SHA256
a06229467fd8c331d379cda1c7bde356152a1e3f9147ee23e83dca0311a4d0b3

SHA512
ee6938759529ec39fdf493f9f48e097cc97fac4ae18a655aa9b17a54e5ec9255af8563ab0ff07a8d87a1d6640e80013c075f61d5ab18234c7d57c17a1888d6e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2224fb0c2f134dcac3ac293a17328587

SHA1
0fbed9de8a0d25f0430925555b98926d06118b22

SHA256
a363ca053dcaae26197f32a3ef1940e24b89365f63017f0aee2c4f81371baf04

SHA512
47170200840c61ef6dc156057e113fc0d255b84b3a8fa158a12e8243ece0a8583ba45325ddf04494b664dcf30176ad77a687fa46ff8e3849ecea2040459a333c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d428f37c613ec3d0b76f3c5a05782d30

SHA1
8128ce806bc2578bc63a60212e3153a5574fe1ad

SHA256
1fa3c2a96b3b94e1a46bb7b6c2dbab1fd164942370cadeb948bb08370fc0c72b

SHA512
a048e7c605a0ff9bed941d15d890877e79685cc86a58326e1c5cb7a4bf5e7611689323bfac9ccc53ec2e7e6e8610375a35cc32fa8ea809faeafae4f660014ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10a6802e1528ae5f40af4edd746db41b

SHA1
f13ce6be932babea3440f094d7375d4e3bfbbc6f

SHA256
e3a1142148d57b39ebff8914e8853c0cc91b6ba2454a3c68cfe268457e62a30c

SHA512
22a0d0c77cec01f6003c999fc7e9bb78ce6d40d3cff5002dd8f1aea3f4857b2f8f97066b053aa76ba8dd5eaaf726bd8dd6f1349ebda0a2f19447951fa7697b73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fda17659b23c0ef9bf162aae8e7f2635

SHA1
ce444859087132e71ee805c6cd767feb2684a27e

SHA256
d7f8a5e66adc91ace5a2cc1ffdd2df963d38ecb6343aff089ff89f8d0746ece1

SHA512
ef390acc7688080284fa1276b333f619f24c1235936f771febe389878efbd3e213dd1238cb215b9f8f0079ca0f4ca2522e8497fe59ccb13de1a73aa8b039c358

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c02bbee0e869ba8afdd53214a314b385

SHA1
fa0d2fceb1264fb144e2ac3ebffc6d6847b81c67

SHA256
7d76e8ab635b2981ac4536ac1097cd3ed354ec6e0ca67251a809793ed8c4b632

SHA512
7bd507e23b6d3d8e0ddabb5cdc24b9d79b0603765facc457d9ee20e74ca7b08ca3c65771142f480941b9da1a21c7da0095109de0ad266871e4631ac712835e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab26C4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab27A2.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27C5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit