a612311198bb26b2abdb8306a92a020f3e186e35cec434c099158856c6343b62

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ff45e45164b95f28ff84a625c295020_JaffaCakes118.html
Size

15KB
MD5

1ff45e45164b95f28ff84a625c295020
SHA1

e9c7740819bd73b13c70771b9ff04cbe15cb150e
SHA256

a612311198bb26b2abdb8306a92a020f3e186e35cec434c099158856c6343b62
SHA512

24df494bfbe5aed24db1eedd3b380e334b548f265a4671f099e0e9791eaa76e97329f963a5b7b053f0fbc3dad7c10f9a25e23f81d684909b4ee267b426efbd41
SSDEEP

384:uBoihJITEu11B1iaKwQMb+zRxfWo6DdPBQo/:uFhJITEm1AwgzRxfGDxBQG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421230463"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52D39501-0C47-11EF-90CD-4A18CE615B84} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1ff45e45164b95f28ff84a625c295020_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c66179a19c204b83a9087ff31bec596

SHA1
8b3d92a972b8543fccbbce4a313fd3a16e36f3ba

SHA256
95e9ced353fe3105fd9d2991f3c5a8a5e5ff34c79fa20442e9259fb7d219dfc7

SHA512
b84810ca3446d2b48f4cc2ddb5706712c914a7be848ad6f494c9e569190f3edf6c95ed2ed948517b72f21fe3a7ead035eb37fb9da3413e7272c87129401378e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4bd6ea3b92883c11ee62dea167be21d

SHA1
fbfd629becf7f4868a66c28eb0a3046d236ed457

SHA256
924eccc741978f8d92e4616b9eee9d6fa3383161699118c8cdcea24c65e30a5b

SHA512
d9f830984819edef283c1d87b6c7e2d25894b98a7d7bd7c5e2af61cb4118d6d0eb3e80cfd7d45c7f3a4e150410acdabce6810379d5099cf4f226d3f408e564c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c5de41ccaad472e1cd130e04d54ddc3

SHA1
1ffa60dd8d30121e6eb4b8360a83cdda4417b08b

SHA256
8d5436524003217f096d13cc47231bcaa35e98ec48719285aa70fd12f525f819

SHA512
b1170fb20bf333a0c74f08a96840e4c861a32604e81d4c3734c80aa252bbc4e6a2bbe97968fff05884d741caad2c8b560635497f7abf64c32640795b24abced2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c6ab4148a6cdd73f4840a40d54c697c

SHA1
67684c32574122bc1bbbfeec8d6c0ca07bc57a6f

SHA256
8bbf08cf945a543586072b813afd9f7dabfc885e7dd3d4e591298331f48dd049

SHA512
fad5fbbeca473a76ce7e79bbfa3438a1b631a744650aa5f9a56d3d229e83950ffb9583ddef41a6ee1425894c61403551274e921295d7440f9aea3123b47e9260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b3a221af6a857642b6204f8cd92369d

SHA1
e9aec52b34bcfbeb3f791b59ed34d2300e65df95

SHA256
e5662889fdab5babfbd89b3b0f7acae0d9a7700bfdb0fed4fd95ba9bae9807d4

SHA512
20cd9c2000e37793277fce2539d9871619b7a341d8bef7559896e00389555e55fd0c6c9ff9c18e676fe7bad6b89017da0a9af18980179e7f24bc4438907de736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
067d002c9e0ca38485b87b6e63cfac02

SHA1
c3805a2723b44ef4d44fcf0620d7ccf9be3ce642

SHA256
1ac4142a6f28920b12f481356c3061365c6daa7b73e02c856d32bbfa5e8ea61b

SHA512
c3e89dafe44aefb115ba094a90a3d4c61d48f11ec6d8d86610f0b00d9f39c5827ef4c9c95bddbff52ef0cfb8a2498973921c89e1e4595993d6094b6c95f8b4db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32c9eff7368b83a4e592a1e03a029193

SHA1
0d8d9bd95d434e7830623ae0437c6a1c6ef0bfd2

SHA256
80fb1a11f769bac43d5a0ef50ca8fd4d921bb56e4acc2089fb8d3ec40139b9bb

SHA512
077af29a07651192d442c8f4d203b4ae1fe06c20426c038e89ab55dc77566a2edef352472379b86c88cfc26a74c9b7508c19fe4faf6c6e092db5fc351105f50f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
653c160ed9d56e155b3091a34266c8c6

SHA1
00360bc10f6e784d367ca961184d3f237ad7fb84

SHA256
683bbf26e741231fafffa6e1f8d6157e7ae64dad45f45ba0691da05a993deb27

SHA512
b8fd872a9f7bbd3011886983f593485a97452f9f22790c2aa4f5573ce172903ee88de0cf1c1c6f1949bcb1edb2351f7dce4798560dedbcda5061743e59419107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcf2027d71cf3a0bfaa9ac1dce0e09cf

SHA1
974d66a12d51d7c162077c9b5a6e6c4e8e198e57

SHA256
4bb3b368bd85401317e0c0315a5a05c05157ae19e3d867e0de66eafb75a66e62

SHA512
4803133ee1518dbca881503dbebd1a09615d75c2363dd80bd2adfe652b903c17e0d8adc2112268ab5075735ac71c01dd50906e71adb47e3b920531556fc48020

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
243aefa227c9d4e73f3291fd635302ae

SHA1
d314ee37198b3b3d820540ba3431fa734d849dd8

SHA256
b7394d7a7cfeaa3a5424e62f64d27912e56909dc9d8e61e2385a9578cd2bf079

SHA512
049bcd6b7475b6ff185a11548b4da499e99dac47afca38f9dd0f41137b1a22eb61581f164ee249ddfa5b91f7db38099f498d2c5266bca6e3ab84130e744b78bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac6e042bba0bd9faba540dce101a82e9

SHA1
1db32d9251909146195d1a8ee5ce531a450381d6

SHA256
d411695d3784a3c958d76fed7d5892c9011f18452170058d45c1a173b69c1c38

SHA512
33d428f7acd67758febec1a4e391a140a0405b89a63f06015cfc50b96f1b878bbbf688fda6b9ec959726f5418a0da9d8954187e35867464c621791040807a06b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c11539e5ec850fa47ff7107cd30b44ae

SHA1
ff628f96e39c4d29c12546e15bd5ab03b1b31b71

SHA256
1e83032a1b37699fe47adc77ce9a676767161296a22eecc11f46599f3d394465

SHA512
98434c8ae3dcba61fa1c18d4ba6625a955051963c5222016ee255618487a2cd7c843ff54842ba44dfc3121cbe24a3be3924652c14993d9eb9b573ff943c7d9f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f61cda76c3e6b9689ba656a6d3535be3

SHA1
564a45abfc7f7ec84e5972c839dd2c36a1522238

SHA256
5385d7d5c6c54875e30eace874095a8f47960ddaa89f51d9cd26a40947b6f817

SHA512
410e810690711b9aa9677249d72d63e2f431a99b059ad0d9681f22b8639eb3b27de1c14cd450fb82449fee5a9e1218a412b7bee72f90f9b1d9655c89ccd0ee93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f64cf851fa06de96aea75065790f420

SHA1
9514a765a768d263d81f763ea4ab1f6aea33ebe3

SHA256
df3e6609454df53d390424d95b20c689a0019cb8f884b4b0687a51153cae82ca

SHA512
e43f01d34360750ede0a89e4d4edf80f25c9a2d5d2ae1db35d14b35bf10bd53d94c1609aec9f3d8d27a961e4dbe6589dac88a3c3400eeb9f8392cadab4f58088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afb7fed34cf247e3ccd348338cdcde57

SHA1
9bb571fc45111b31b540fb660a489904dbe23626

SHA256
958373c94bda9376b1f004657729383ba17abe7541fc4a5f1cb6911ba9ff401e

SHA512
97214c9f6549277ed03e63dc17e48e154ad101b87e34f01e6516fd60b664e1f6d65676fed22800838fb45f6ee4c5d3f6a8475062a5cb83c044d07180843929a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30f50981613526b33ab63653e4d533c2

SHA1
a79395c610bf7e2ca12f29d1642363387c4faa8a

SHA256
31ac2b2595f2b2fc4f4a37a398583df62fbde6456bc6492611baff75bd6676fc

SHA512
726c064e97fc694ab7dbd960e511c9af39df59de3816527814e09fd7a5f3c7e16eeceef622c43c59b7514ef4da1456a4c447e40b502b5404d3651f93ec4ee19e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6734ee78c55711db4483494e5db13866

SHA1
724b7c9c369b44b45bf3ce6ec5b4ac14cfe20f13

SHA256
c48de36cb8aa60910e7ebef74b2f90b82384d8dc1d15159657e5ab0a3becf5e2

SHA512
d981e5398b0ac19e3250fd41acdc831da0a45fef64d60e342e8aa538802b00b6dc0b0572c2bdc010b025d78864f3a076b3cb65bdb247151a6f9be47e889b8f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8d4132df51d982f4bf71eccbb9c32a8

SHA1
68fb9d45d15cff77fc7caf3cdca5e8cc44298482

SHA256
ef571bb40ab70a244c38c978fe4c6da04d74f030efe46f03869af11451968d7b

SHA512
9ca30b56cc41a7f551b193314726092037572e432883270ce68d651fc5338aa5e9025e723a97c412818b84ee1b7a8e3e7cf9c7fd8691639ba186bee3d14976c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb5a2fadd1c08d232de97d07d77c9d08

SHA1
fc66142451a346a650ba022de4fd223292ac4a90

SHA256
18a4ae4abccbf843ff28bb58b34e73074644dc66b344cc7854a0e3858b10cf08

SHA512
0a2ca9bd3bc91c0dfd09f547f24b8143d945e48491650d45c19b65455250f34fff3c86ec846cccc5bf17ef57ea0dacbc40262bddb74d8bb4143a0244d321fe64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc0404623f8ca641aaf3ca30e42a6ffc

SHA1
4006a375744e182ce03b703f6a82d4c481a914ab

SHA256
6f0e1630f7c194a4b2ab2ea5f6e66d1abdade1de8be834321fde013fde8de3db

SHA512
e10d313bae621f2dccc060eda186668835612694327ce6916748d9a6ac6937faa384d3b4342e4856392fe43a6519b6b0faad49e8e2624e3c32f6ff682920bda2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFAC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar100D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit