294e177fd116c7e32a1e1b1ed0b8d89c0f4d98c4984bcc49fecce12d4365d176

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21d0873cf238c16724cefe171411853b_JaffaCakes118.html
Size

504KB
MD5

21d0873cf238c16724cefe171411853b
SHA1

4e9cdcafbc8548dabae4d629bdda0c0fde2101fa
SHA256

294e177fd116c7e32a1e1b1ed0b8d89c0f4d98c4984bcc49fecce12d4365d176
SHA512

7ec071b307c2cfa52306b7a627d8aa190edbaa3dc024f70569ea1755b6738f226cb8bb6ad94af74055534435211ef02f02478ee84da83ade9e5fd76dcb7bc92e
SSDEEP

3072:w3+IpBxYUVV9zzs49PwVeL5AmPTmBcM2mqC1P:w3+IpBxC4tLTY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8EA696A1-0CB9-11EF-B904-5A22F41CCA2C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421279524"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1312	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1312	iexplore.exe
1312	iexplore.exe
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 2628	1312	iexplore.exe	28
PID 1312 wrote to memory of 2628	1312	iexplore.exe	28
PID 1312 wrote to memory of 2628	1312	iexplore.exe	28
PID 1312 wrote to memory of 2628	1312	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\21d0873cf238c16724cefe171411853b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
af14424bd91fa356e225129fe451aacc

SHA1
4046dc95051bf8382196ff1fec36326c22dc1aae

SHA256
26f7df2742be7eae0cecb3954ab69d2f1ad25c6b63a21e3a477ea34dee8301ae

SHA512
362068ce189ee00c318b574ebc8fc4f2e09add21f6c79aea8fe2f69ece44c0beaeb6c7fec7297a0b758ea5b8879ab0e9993c74ab262e200e289c05833e734179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67cbd790e31171e068e537ce6fae0373

SHA1
884f36ce12f9700abf305c4c21a89eda90a86c92

SHA256
9f832644317ce716d364459bb305b70047795988440c18f77b3f2ed4ba8efcd3

SHA512
ec82c0d330027037733dca952994e16f12b1596c8e026aaeae817046a4ce28f73f8d16f7a64aabe27514f00765e18b33debaba8ea355bd53eeded4420e1b2fec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6381d75b63f0a8f508760721461204e

SHA1
3ab5385e47eeca420bd00fd695540388ca8e70c4

SHA256
1ae18b9c22de1e38f777c784f0370822be77c53456138ad25fbec5763756a5f4

SHA512
1b910abfec495ad012c9665281b226003152eb04a9db4b00c7dfbad21f297eb5fa74b1baad8f3799b170c3b0a744957e95c11081ee9377d77437f90c2f5bbe8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d9b54d8675d218f3378b818fb37119a

SHA1
a17c0493038017571d5445ecd7dc83290c8cd8fb

SHA256
231a204bd89f8c64adf628961a718acf4fb48f6340d71746a1e6e3c3d164e280

SHA512
44117eb6eba2ad42ae921dd1005a11d5a77fc11661805d0c815a3e21f37ab433f508fc45918844cf9e38a2b163f2064086c520ea38297a4ffead95ceca15f0c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
428e1cf723cff6722df735cff3aec720

SHA1
08a45da8fcc7f45f37b7d31127e5f0d0acf4d45f

SHA256
ea00492bf87aa340f7657240f0f2774cd4e70570c48e0a8018b8d28a7a246b04

SHA512
5fe248a0553230c1d0b4b05ad0ce15cb6437df51896d1282fcc90fd23c49368f301e366edc8095350b75a87b638afecc4d3d970e96f0208b860e67af47faf381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ca84aa4e97c56f5d62a046ef5ddeaf4

SHA1
734243a3c212fe2814903921ca83c5eaccb9b634

SHA256
828aad1ebdfd46f891496ef74d0b0fe1837414e7b21af6b5c05bb28b4f1676ab

SHA512
e74d17f0a0de7509aa59b8bbc542036e9b6f1b3959a1df64b80cf42618cb70b16008b94cfed39cf1a24d9ef6f1e065068e629b40388ddb8386ae06c6f49f5e74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
174a8e18c43bbffb8ecd7ef44415df1b

SHA1
1b3745855d9e3caa274cd2dab8b9e525ef713de6

SHA256
b53233af8adfdcc200fa63f57db3b3e7b237b86604636ab03cd8f2c01057d851

SHA512
3b75a2e4bbc2c226955d1dc1fc5d71194f666e4dde2f7bfa9310c3dd3227ff80f5e60cd37b6c26132571fb1d93d80106830335ef77673901701f2a7726a05cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5816f2e2c8ca828f49e8dfb2834c3054

SHA1
427aa9a21325336a3b85b09ab2b257137bbde0b1

SHA256
5136f62dde9c9ef3f8377b93d621176cce662ba302aba65acb759bb4cedada07

SHA512
50ee6d4a345c943d71b4e072ea9b8bd4cce2d9647706ac36768af4ff79a6d4ef2ff312eb03fec3d50521c243b3678c4f14a631e39467b94c7d7b48a2a8d3f913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
447dbc45722b74b263574d4c3ce7d088

SHA1
7fc8ce37489cd454f61465045fd8e6557d8c2a5b

SHA256
c8fa93d3eee129d7839d597ed62371ef2b0808535177684b78b4149f222b37c8

SHA512
602cc624a422066f42ca99cc1d9e31a71d49a44266b4aeccfcc8ec555b536f3aa3b298fba764ce232e5253849618cffed89d1b6971f7c6900d72c2478f03dc0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d406b9b5ce48c915e35055f14107ecc9

SHA1
34c4533156a35f59dfc42908988f4846ae32d2d1

SHA256
4b2b48a79082a4d9e91d8caebd427ccce777e8c9ed50dd461fa2d7e2fb6b7613

SHA512
6be952ac2298a71071fe9654feb2f6fa2f42baf4ba67ca1873525681b4bb29b2cfd90e48ed7a34cbcacf13c5acd0d6ace9d61e97e8a4d77a740d9c1659891842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8de64c7b459ce836fcf73590ea81ca6e

SHA1
6350578dc2ef6b16b91e1792479832551cef462e

SHA256
e97d589977eb584f9ea0bbd846885c77d83a6e548019d3c5e6c7ea2f56129656

SHA512
91f75d4c1395c49169d04622d0c3f4162a667ed66152a7ba5c66e511a7bb72741f6397d7d9d55bc729874c3540c0e83ec2c3b763765f07c7d2d68e124398cb50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
418cc292e9681a563c641a1587c32447

SHA1
d93cebb092fde8570fd7b386d9b8fd0e0abc9fc0

SHA256
0b300a6a1ebec8b01bf0b4074ad15096c8cd831399435d4e23dacb320fbf7b39

SHA512
3cc2ee0e8722ce2a761dc572427fac0def35b6621b258e3d459e3c243988a4e310afcad844c9cc3c4491b140c805def7f0c1b3eca300879db966badeed76fe82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\cb=gapi[2].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1132.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1193.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit