45978caa487fe30226cc11e3bab5150b1f08f205e79c2de27b9334e48c3e246b

Analysis

max time kernel
144s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 09:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16ffa0de4e2e8ea4765704ad9772b395_JaffaCakes118.html
Size

161KB
MD5

16ffa0de4e2e8ea4765704ad9772b395
SHA1

3b8e08dceafaa6765af0d8feffe80c190be561d2
SHA256

45978caa487fe30226cc11e3bab5150b1f08f205e79c2de27b9334e48c3e246b
SHA512

0dfc67eb1ae40153bea2eb8291f56b06a5af2cb3679bb69e4afa19f7a7636dbf4f9c65008d323460657cf24399c5eca71dddf4fe25c8321e497cc31397bdcfd1
SSDEEP

3072:/NTSe3N2UP13G4k5QhLpOatVSTwr6/fNbYaaLStR6xWUu/v66sbsGon4G59t9Vcs:/Is3G4k5QhL8atVafNbYaaLStR6xWUuv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421062667"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A524ED51-0AC0-11EF-A304-E60682B688C9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1796	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1796	iexplore.exe
1796	iexplore.exe
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\16ffa0de4e2e8ea4765704ad9772b395_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8a4c07b1b5345ffcec3114d76588f608

SHA1
cccf89e456e52e284e419b1573a7c4d5034358a8

SHA256
78e9e16fa390f95ba4bdb34088d5c423a1b7133974b9541acd53dcf801e2a8ed

SHA512
7e1996384b461d6924ef8693e7893bc2804f034a513cfa0aac324316cfb9a1435d44063751e18ea1b138fdbf48455d448229b02f5fb95c2ef0b5e8306bd194e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
67a742ac486ef28baf2dff76a5f267c7

SHA1
1b87e1598b917f9af0b5d85711264a833630558d

SHA256
57476e92be1fc8cb92296aa9a709620adf8e50766582f56fdd83229d156bc0c8

SHA512
9294b9ef3f5f3fddfba41c3af0c677271c8a0d3886d9d7d3a1fc3e2b12e857ff2cad4a27959438db9c19e743b6c15c0b85e1ed3cf05d00c4d802170e6fb2f27a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
15c9ac2f6dfcd3f27a59f14ad47f4983

SHA1
ae2fda528b6279dfcdd8ce7ac46e092949620abe

SHA256
4ac43c93d548f32c4db9b59f691bdd8f62bf504ed94730daa0453a47a67500f6

SHA512
0f3762b5563821fb5b2358c71c21e846babd30d9e0c1eadbd0b501015af12e933967069e9a645e5d8d8e79edb38a77d959a26b7ef73455c8e1586eab396c0724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a74e5c4c937c01eadd1f6038db6ee5d

SHA1
6dc0dbb131986334a916351fe05bf4bdc9df5db3

SHA256
b094176ca3aa06730690cd742b7d81146c5e3ba1b53a1b76f2a86e3594dbbd5c

SHA512
1022e26ecb8d5f3d62244f4449d69be1aaf5de6ba3f4ce12410da34a203942c552259225a4697f35cd1dbc619dc00ea7c3092ef80faf6a6259ab487436cfc196

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60265bd7a88435d555da93200397f99b

SHA1
4aef2d40676750dd0a16d7e5940ffb551a25d691

SHA256
5ae986e014f45f18ddd069292cec5721da20e0d30f4f3493330d2b3080b67e8e

SHA512
5f34a014d52195bbb106b2a89d80490742f2cfb2f74e544aa33b98abc2b0bfc66221d62541441c8a041b786dbeb49128ba43237d4ae037d155153ee7d97adc78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
804c5a17b541cb7ede080c8d6883dee5

SHA1
4184f8c84a6b41e4ee8197a8ca6362fa70d3c027

SHA256
cf863a3ba0ccd1838cb97b44d9bf7fc887e5678e9428c91da1b36ed23c30d18e

SHA512
2c3789dd4eebc60dc80194aa3e6b2464ec2ddaaf347f8518411f3479cb584dfde45f350c614ea2c151544e2a403309f144cbb0efb4e6ce269f8402c270e51b0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bba28d217a20042cb2f6d99a8dc77f5

SHA1
0684bfa1ce3f606bfe9e10893a1af1bea0fa950d

SHA256
4b097d4a52d5d7ac8a6fc9c3adfc6d1e845e6409255c0686f4850f63cee82b7e

SHA512
21fe2cdc26d55114339b5d3a148148194a6e40a9077c18f11f8ec830758b40e2e8ea1c374df647bb13e15d693f87274241e772142bf9d9c589b8ef37242a8a64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c51bbe66933e4d137b72ee3fe504b2e9

SHA1
b538f0a4d3c302b2e0ab01441e647a7cd824831b

SHA256
bf1f37e5a04bfdd35b2904469fbbf4bff8970466461cfbefaa5ae89ccaafc80a

SHA512
d09f77e7059e8161dec72ab420a88de3c4bcaa497512b3c950679626076b8c8bbe6abf2b4f4bfb1e061397dd9e151b433fb0b79c71a4f238a9cc7810b5a1b7c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af1e6a671db56506b4f72bc04c8f2c90

SHA1
fbcff6f004a3f759b3107b10666dee54b5078505

SHA256
073259ed7d4bde0128eb81c599d20a4144a2c7962c1f2f172e5d2a760eadbc2d

SHA512
30a32024dba04d6b43cb1a98743d041ca16cc5696334ea06f0267691325687afa4d5ea52b63f8cf43e6ae24f210344dcb41348de56152908a5ede260e533ff0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57d63153ef625d43c35eca20296d85be

SHA1
299814594d53f9134fddc3e51c1ac93235773e2c

SHA256
65c7fb9e4f2965861c1ef87e43303360a41015c2da2022594a86d10aaa6dd4ec

SHA512
8a6671c57b9e19d61e993efb7818b61bb670bb9d3ab50de59c5f02559ed73e7ccc9caf40f2ad2443aa3aadd9d9abff181b1412034e7b725b65384ace8d3073f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620c97bf4ee62d9e659d2019640d890c

SHA1
1b9582c474d05b062772d2371981979b6e99b950

SHA256
f47b5eb12ff0d0aa558459828ada547afde1f2548d5fd8fbf93f4e51aeed6059

SHA512
f9909c4dd53af20d6a52294dec08e6637df3a6e9d90433df24c0c36a4fa8437050fe8a7fe63de9766b26f061a7583555a1be4d06d2f2bcfbc1095a66d19e72a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1087e601b2199b10f511f591d2259f4

SHA1
441dc7751a5c87169df2208b2fa46bf8faae46ec

SHA256
18ff575a213bbca51ff100b06679be4ab13f5ec31df72f031ebcfb3b14fa80b3

SHA512
19f98e8d78b8568c36a01e33874fe47c5c269a6fb26867861153514db1f76285386e25dc042227570de1bef23c4e1811955528639036f4b3b06de66341ad4110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
424b8b0b5456744412acb434c2848c34

SHA1
82e27e03e98616ed5bf2f569dd07725420bfa0bd

SHA256
11651e6c41bddd7af2fb3332ac005878257f3f764b8efe829c401d2705b0e4c2

SHA512
e333968d0199394922e659733dfa9ff6140b7738df5db2b669023925e749c01fbd426e4f9a96c3d402530a94a7f33d31878d4bec87b3366079e3ea61f6b5a59f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
305dc8e02016f4d3fd9eac959e6fd49a

SHA1
c12ea2a352df7eb89937df37e20de15f8b43bf3f

SHA256
73c1a771e3118a449ecc5a7cd12e0c0dcca298fb6fb7792bf397237f765f9bdf

SHA512
e110e0d1db2cb6b13d65645b542e330f444d63153f9d0425ca5ac75ce7d2ee392e47e7d7fb43d44d54bcff68501d42911cbeb18eeee9dc6adb8ebcf0c1fc7c4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
45ae94162b984bd3f40ad99ea195fd19

SHA1
197b0524524dce288230b22e3e07412558cba77c

SHA256
309a7a532c231f08578f2fea363fc3189414b399b76b8ea91b08ee3ab4044596

SHA512
81897d0c2dd530aa551a4b07167ef1401397c818557a119430372706d2d5be285718700325651183a74a93862cf5a2994a00c0adbc9ccdb0578f16bbb95ca179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
691a567fb16b892bb482ee5e788857c5

SHA1
739e23ce196199eb61c65221abce4661c3396e62

SHA256
8781831f527e21037e27d967cf478f5952734f95bf60e36c498c87d2885ac406

SHA512
eaea7e787f58127091b6d074e33b0c57072b5ee3b2a683546b552c7104e13d0b05a42d42415793b3258138291cb0323e60752a2286e54de957d87825d714d41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\XTJGMWT7.js

Filesize
157B

MD5
67e216a27dda24bdcb086c2385b0cb99

SHA1
17141c80f5d32bec3691c5ab24741d8b7dd5f0c6

SHA256
9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

SHA512
802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16FC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17CB.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar178B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17EF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit