56e0123e161768259869538dd48250b32a5ab6240a3b3c84bb7f61ea26089f77

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f02b890aba7f62a71f6d2018e0ae928_JaffaCakes118.html
Size

31KB
MD5

1f02b890aba7f62a71f6d2018e0ae928
SHA1

4e70ac019a352f8f6980a39b365a9549e39868c3
SHA256

56e0123e161768259869538dd48250b32a5ab6240a3b3c84bb7f61ea26089f77
SHA512

764d9c6b09256ae0aa77afee3ebfc5edc759207153948497765d823d675d40a4c13e7b298044924bddff11b739e7854029a63871758ed52af4fd23ff9cbe6dcc
SSDEEP

384:KwzW9c7iuo4Oz1BGdj4vk8knZp3GsoiQT94g:bOJfz+26QTOg

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5E96821-0C12-11EF-8B56-EE69C2CE6029} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421207865"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2240	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2240	iexplore.exe
2240	iexplore.exe
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2472	2240	iexplore.exe	28
PID 2240 wrote to memory of 2472	2240	iexplore.exe	28
PID 2240 wrote to memory of 2472	2240	iexplore.exe	28
PID 2240 wrote to memory of 2472	2240	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1f02b890aba7f62a71f6d2018e0ae928_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d0f697a1c76d5afdd84254c4aa728fbe

SHA1
bea17347ff34e38eec0d7ab9ad25115e50543487

SHA256
91a9e01efd1572b3a6a84820f1f501b8c91172514b51b2b8d6032dab3122f63c

SHA512
9c18370a38370fde7894694592bc23985def0382e8646721edb5571a89f463bca6db10e76f0e3fced34c9f84b4f156a614d9985f826f1f16977d715f1c377da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24b40add83da1ed304eebf8e8181067f

SHA1
4d185747f84ed79f002659d10438b64bd31372c6

SHA256
7aa4c545874f5bd63377ba930592d1d061b9fa4f6d5eceef724e7cad341ebcf1

SHA512
5610f0c05bf7e9a8a9e50f7607e0afee507c954eef43c4115287a03d3fb51e752d95721c2f7063baf06c8825081fc3dcdc3581e98cb6765822c037d92e3ee0da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fb49870fbaecdfd2baedbcb557799dd

SHA1
a429b55ded6ac77a765b2afbf0936120d8c6c31f

SHA256
397e40ae1877129228f63ab4f45737ef257e453a1beacb059f177471499bbafb

SHA512
7f46475bb10d2518fbba6763570ad137a809d124b91c5ac24d71c5a0d6fcaa481c0ad804a3187a98245dfd343c4920764af2ceecff610a67d4a2abae4f85ebf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
294ffa02045eac6032441400916bb84e

SHA1
cd414e779137eb9bd5341351be52248d66255d13

SHA256
9fbf87b1e4f4de7d09d7acb0fbe77cb8007a0db8a7286b18d47e5c2f34620b69

SHA512
070fe3beb6b157252d994d243afd71853ae3866c76f54512b683a951d57a3373e8ccfb356d4d6ee51b7934b849f5f20d087e148ddc11bfea957a4c7257c2bd26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17e5a87024757fa2eaa6c9c0276b20cd

SHA1
122e88b248e9d1f44953e1b94c3359305b894b5a

SHA256
75a3d8b22892540bac27e298a51cc667fb668a4ab64559aa2f1977acb221a392

SHA512
b8477f2d0fc507a3d75553710e88f2078ec7998fcb39669d351cdfd86ab833ca2aad0bee1ef0434a4420e05280b1ce896c2d5749b18367357bd810f7ebd7a669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2be287fd7883612bd212c4e94753462

SHA1
20eac5aaf4504c7f89b5c6943b0b2ac8a1097eea

SHA256
9044bc9a1fbf195a3aed312a2cba3173c4005aabc44289e5557e269fc453f56e

SHA512
f6c32d8e64b2a7de988091fb57876ad72d927fb322a517fc258a7882386338956aa70d537489c3f57fe216999a7fa5c5c0744cd06a6bf2d7bc774c0190b431c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a931ae31ffcdf1c2fedb4f31fd212fa

SHA1
4f246727b93b89a8e793782124c91cdb73057e23

SHA256
9f31c93bf5bf43bccb61e62d3d59c6926ebe17f68c320f5fe887f59c9e7257b0

SHA512
fc1b391f0d399a3c4a266f43a43dd62d496b61bbefd22f248dd8cab96c6c1c59f2483e221580b610a5e942f64ca855682fce189b68648f83514ab882e15d37a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8569923be898e2108937fd5b9d8e13cb

SHA1
b58e1ac8fbdd107b1afb034ec5b6c22c117459bd

SHA256
a2dd4017c4ed42fe12f53712b83bad7672afade61b6cf559c839340faf6dfffc

SHA512
3e54da64c928e7879d144a4d2074a838a24289a30bb38c68fd14dbfc0b3ee4b86832ac322606cc1dfc90e2ee59e7fb2500a2ea59c081cb71781d4ec6fb12e599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fed7270a3cdcb78f33240183c2aeec72

SHA1
98a79d70d15c22434a3983a32d6cb5657adf8045

SHA256
7006bbc7b0141e95c8bca210bb78f5d0b3aeefd8ff1b973ff3f5996701ff31ae

SHA512
d2e44c0869304eccaf6bf6a5af0a0db88a96454b49637269a9a85e091a3509da8b6c991769ce00c91467468537150d67b677fb3e19e3132fb64f2822db3142d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44ac866f4a07329668890618ae72efea

SHA1
3a77d860f4c942258b75b0052739799f65d43144

SHA256
e589437c117ed4b02800be35cfcaaf01b0e5cfbce1368b4fa85ab3d54e1295c8

SHA512
3d3da48d35deb94d1910983a68c73abf85b19ae93e509ae31e790c191f38701a8d8ea92f140e33c193e7c2f0a7224c022fd61896915df0069d3a951389dd1d42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e20699fa7834f1012bcd48ecc126ed87

SHA1
ae921a79dc47553fcf30b73f7716b80633335ddd

SHA256
84d16ff2526268187a33a6580ec398898822eb327d9e26aa2d14bff0351179b0

SHA512
6ac1cd9ceb5bbec300bbbac78df28c42679ccc52e09f4ffc90c82b32af6b56d3e0776418c3f43098c2240cc96a371e6810e711f1f58e07f95861526ad395b025

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
92ded5c5aa861b9408d256986f1a2478

SHA1
57b89eff2623cf56c3eb6c696d4daa950ff5b340

SHA256
c0e986c334d5dcf39274c2ab7085ef5443cb2941ec15f52274bb34d4d7c37d70

SHA512
95c65abe688a0f18d926d79e84694b659fdf6f03c21647903fa816ac2c50f2a38eb4dec00e71b55d2a901cd183314182bd80e864b87be3c58725153a9024269a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\ads[1].js

Filesize
1KB

MD5
ce9eed9a9bf71574b9cf93a118b69711

SHA1
14ce82b1c88e00e08467ab92194a09a416054a99

SHA256
2e6c19708a1954656ad12fe7eec0af09c2111993549709c238ae4ebaea0990f5

SHA512
c270a6b2736d713c966e9d55c79cab0e77334bd46e3bfb961497069f229e3893d67186236f54b7a76cf415c08056e7525ca090ae53636f95312cfe3886a99545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\themolio[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1066.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD99.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF36.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit