57c36167cdda0bb4e5e402d4cf29ae428a9b41d253066a871eeb9c2887182f1a

Analysis

max time kernel
0s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2019a5e8828aab8595d06392dbc1afbe_JaffaCakes118.html
Size

18KB
MD5

2019a5e8828aab8595d06392dbc1afbe
SHA1

3407d11b6a587d5d8ebe1e6fee12512d797f4a19
SHA256

57c36167cdda0bb4e5e402d4cf29ae428a9b41d253066a871eeb9c2887182f1a
SHA512

c90a66ae2c79c81c27a344084d8b666f5b8e2e17a05892e2205508c6a4cbd9455b9270d5f1fd816d8a77e6e31eb67897e011ad8b1ed8904cfb010e33151849b8
SSDEEP

384:ogsws7ddsQ8s/xi30/eU9Xs6HYhsnsjsQsTkstixFeCJd7ItGUaA+dqHyJ4co4/p:oVO02aYgKpd7hThdP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B5BB6C1-0C4F-11EF-B35F-5267BFD3BAD1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2180	iexplore.exe
2180	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2084	2180	iexplore.exe	28
PID 2180 wrote to memory of 2084	2180	iexplore.exe	28
PID 2180 wrote to memory of 2084	2180	iexplore.exe	28
PID 2180 wrote to memory of 2084	2180	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2019a5e8828aab8595d06392dbc1afbe_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
  2⤵
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
72a889a4c07c0ae21a68629a75c2809f

SHA1
df10c765d93f125eaa6b37826cad827665c1b9b3

SHA256
f1826792b14c1add8eae2c44dd3a209a4350b4fa8871352684c0cd37c2a11584

SHA512
35a67065d9ffc4fda76a7ed54efd47258d8ab3b7b981328f2a741b752544709b97c735018929524a4810a5b925ad98b2e2a29c2978add8e12ebe41a8fb045fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
758267ceb0c6d95709fb228f69b769b0

SHA1
bb6c0682cad084d088135cbb76428db02b6be39d

SHA256
dd8bda73a481ce096cd7b53aeb61fdee44308f2cd3d55250875c4b38999d579a

SHA512
a94a691b130f9e1e259b749ed3c8820387ee07d088b9e34bcd0df76745bf24738bcfe2e10dc790ee14e3faf0b468f9f8b366b29897e3739bc6720effe6739061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
484cf62326294c1d749c0bc39819a7b9

SHA1
e9af75aca71d5de6f9f99a9cc9bc92c2053ed6a4

SHA256
ceb23ab6fc2bc88db1e6c634915381ea47eecafbdb48d41bdd028239782e9cc1

SHA512
26edb30cd6d450cb2c9628dafbdbce95bd6a86f2794f636e2ae0ee61ca8b34785fe979412277f36d9c288a54cae2c56551c982b003856787c84188e20847e983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5917467523934dda68ee549ddd2bb727

SHA1
9b214c4e55c8473cc2614def0d2ecd30d0ef1011

SHA256
d13e6819f54cdf426fe471f6d87cc037d197c71ecea33c718fef683550c56ef7

SHA512
b8d8bc3e43c467bdaac75a3abedcb18e5975ed1b6238ec3372259b291e59da95fd6f00029a9a8e4d4eeb1982c5c1c0fab7a846bff58e1f2f36600e74df193927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
debad6b9636b3fe7812de546b1e5d8b8

SHA1
755ba98b4bda7937026f6470a952280c381f90ef

SHA256
e31d9c36b0381e1ba91aefe59ed8d548b34b0e03892b11dca67acd009eb0309c

SHA512
fc23af2f49c3479f17668771fc5e4ef9688ea271fed0d88121a0b2c456bed77e0cc362f12f07182d8b6e3527c8953e5c8891130cded7e4d510235d66df21d0f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f52587c99519a66f2499e94560d4e062

SHA1
0635261c82258883c9cf0ed029f75dcdc94c6a98

SHA256
7157aeb72532db0aec548a792c01138636c6fd91f23b1ccdc642844be802a897

SHA512
ba88b9e4e4841807790d6054941299542fbdbedf43c2abf3b33757b1eb85730199ff7a329452a443ccebe21c1bff9b0b3d066fe38c587072934aaae767b68576

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56095b558740a7481a89316760a63053

SHA1
e1cbe1c32182cf8f53f95177c4a751a585b854bd

SHA256
a761a1d26ba99f4664ab3641ee813e010aeb70138a0ad53604b0841e87cb5c8b

SHA512
fc4b92b772f3563204d62750f30aad1402dfdc6b82d9c161616770611ef8d366aa5cf7f47274ed72cbcd843a43383d715a0317848a5d5de87a930b01155f4694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f7cd0472828f17ce3e1a5220f9d2253

SHA1
494c581215f49e5236e2a36701dd249e9982598e

SHA256
9845520261fcaa1400be59b00a02861f84fdcc857c4254f273deb09ee4dd007a

SHA512
71221ba412a27b52760b19bff40a01fee194786deb34c170e87808991a8193c70b1c684a007c3e55ae70f9c30e2517198da873d9ea7a3207f5a32c2f501bcf51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03792bb03fe08df30852f1b2e8ea9083

SHA1
03a5ac94dbc3466ae7155be6cbc463fdc1bbe567

SHA256
18d6bb8684572137c144fefa99b9c4914c894b7ccfe24c071dafe695bc35997c

SHA512
4a4c612cdcb93ce5e80b62c6fb330c82e450d30d3088fced6522e7b715c0480a1e374d05b06fc2459690c5bb0e6715a2158bc94e2de9937910c062f4b60c1e56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbb4c29a2b7392ef547cea95f5f9b4d0

SHA1
8f4be6304cf9992714c6dbf5e1dd3f72124b3451

SHA256
d13dcbb457cc50e38500ddaa869f6a8b7540e76c7f23fc691f341c029a86fbd2

SHA512
ed63cedc9e91a7640be687c8d0d0b7dc501d8e48bf882af6d06c0ec0d051ad057e428fe48680ab257aa6acf0107e1c552dc75551cd10e8e2a0e671be0b1ad3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2226b9fe23298ca0c502af629bf9ac5b

SHA1
d5f9c2485f72e37322991d4f52f80cd8743297f5

SHA256
3c8c8507ccd542e789903c7690089280a7f085878cae6df5f1a5d89e19418a73

SHA512
7184d47d47436d26a315cc334e37a7acd079189276b2444c7a3b08f822e407148cc96fb1a9317bb9099a11d3f6d7aebcfbe89c6a1eec6eacfa25f5a725be2110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbbf760bf5088fc1e764d987c5448577

SHA1
24d0ffa817c6c0143c1db13587dd0decfd937627

SHA256
f60f74f1047c8adc6188894a68467a6bdf9f08c4c86a06a45c8bc891d0a665a4

SHA512
a37b0f6909414d1c971a7603ed8956393214e7d5236899e3dfcaa087b7f7e163d22ebbf9c86b61c0b4677a049d2d07fc86fc4ffd413282ced2796bd489f6b8f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
074b9b4018fd281c4527bf37eb802e0f

SHA1
e1cd8788750565a7b8054e5ae99c672366bd0263

SHA256
e4619e41d8fc5b1eaca01e95ba26ded49f18e0d8326d2b0f81077a41ba150a6a

SHA512
96bb8ec413ad50d69107da8b9d8f0295feaeb43aefb5534464d3ea51dc0b63ba119cf05e21a790009ee5d47b22c845a2fbb0793db014ae48738e5f427ad9e109

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bad0a28dd4a6211526c17bfad3b03f98

SHA1
db1c8f3b624367b2f1e86817d8c88ff4d3e5898a

SHA256
05ff0d2c1af1c39a60efbad3aebd54398ad40a76cca5082bdef087c91c85e429

SHA512
7d73912e0a478844393579a26ca88329d2273a3e3e60d1a35fb7993d62c5d93ed481bd4e46e4759d44a623d7d3298afab5bb00cde2b97912d520ec2b83b054a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eed0862c85e97a817bdaddc66ad84e06

SHA1
59388c26d03f425b22e16132dc2fc1973a17e08a

SHA256
d312914e66be4c2915d8b58189cf0095f1f980dbd5d1f7caf879c2e246395410

SHA512
ac62a52adae4282d7896c521e5ce4efea5a75ddb5c87e42e5690b9e48dbbface4e96b299f494d72decb7fc572bc0ef2d602218c3083e6ee47143012253aa8e82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a59715d46e7902bb6c6066c195df995e

SHA1
7861de549bcb44f5083e5a105a52ef2238524eed

SHA256
e53232417a18416074ae742cd90e9648150991888de1c55ba78edf9abccb4aed

SHA512
979ed5b2f5fb6eabf5af22ce2b0a3299dddb6b6bc6db874f6e7b17c3d4f15387fc4c93db59efaf966f7af5e170e1d07d8c3cfcbb1ae8176085ec78aa1366a657

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4655.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit