b97309f75f5455a5ed09a74ae163d914ccccca27b02a2518bdf038809e369bb1

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 13:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20b509ad13d85a33ef7326679f00aeb1_JaffaCakes118.html
Size

213KB
MD5

20b509ad13d85a33ef7326679f00aeb1
SHA1

e251174458c7da778c62a6908faa2b020c7558c2
SHA256

b97309f75f5455a5ed09a74ae163d914ccccca27b02a2518bdf038809e369bb1
SHA512

91d2d4e1bbfef8777382fd1a50a8d87655ef7e1000be106d2958f18fab1b2a2fac5976ef3a49d683bdefadc5c72fc11aa6b36f83f28ff2ed388c7fd0b2141561
SSDEEP

3072:SLkptj8kQkz7KT8jyyfkMY+BES09JXAnyrZalI+YQ:SL6VxF3sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421250880"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DCDDFA41-0C76-11EF-92F7-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2864	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2864	iexplore.exe
2864	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2372	2864	iexplore.exe	28
PID 2864 wrote to memory of 2372	2864	iexplore.exe	28
PID 2864 wrote to memory of 2372	2864	iexplore.exe	28
PID 2864 wrote to memory of 2372	2864	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20b509ad13d85a33ef7326679f00aeb1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
556525fa340efd74f748f85653d2ba60

SHA1
7cdcaa0a111ef08358c7ef55f54b88378450a373

SHA256
1844db720b6cfbe6fb139f94fd0765ff752c68d04c2d95dbfe703c1378b74401

SHA512
3d6801476f8d8f44ce01d090cb187e8d5006d30923805289527734d569e6ca0fd1a5d4d1a08945bee43c93932c94a8b6d810522be2cae3700974784dd5d7effb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8595a85bfa93df855e6baa4cbaf3c968

SHA1
00e3949ff2946256487f14f7e6f0dac35c487c80

SHA256
3105b09e4076e904089073617f7ce3909acacde299f705ac354fb288a422200d

SHA512
9fe2c4bd3c0ab7da52d740e792590484839c09312294523f3e3b4206a77d5c027f1cabc49a79559835336ce7f471e273fabc468a401d1d65355a63f4c6955c81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92ff3fbafea33b2d1e642a970e19b48b

SHA1
280a4aa35ccbdfd23d235d909fbd5ef9f5a19bf9

SHA256
7eefe66d7c6192ddff4842e20d8bf7a6cf6ea94cc56054368f1d0215e2fecdee

SHA512
2a3c02733f244410677169aef8aaeca38e04a506f1caaf493029a460bf6e215a4b5d245d8b967501f911d74f20567ff98bf1f99bb26830087e117f4a1dc81a4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1e5ec06e9489774c81e9b7e342ae7f1

SHA1
8aace32a2d863b566195987b364e8397caec9390

SHA256
5ec995a59a362a88501a3e34406761ea0aad7eb9d4e7e2fef1851a269d22dfb8

SHA512
f5e00d4d919e29ceb5b9f2dd59af981477cb8b85fba6604ffa4824c35cdc2be30d4b0bb29705724b75ced8c899e54df109df7d854842fbded3f6188dcab4f0f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e89c7823a2c3654242b1c188e5ec0bfb

SHA1
9341c67e182415ed1fff39f6f128e1e10834c9de

SHA256
d28e071027541828f4a5f9c9e3a257097dadb4e7f079e87e150b1f67201c28a2

SHA512
320fde4687dcf362c8f165118e7bdbadf71b76f0bd7bfb4fe343e3ad6303149765fefd5853eed377562e7510f8cffe56bcc442c72426bed875d3a4c56e1513be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5eed2a2f9b0d5ee248cb261a56cb955e

SHA1
2e28656284e6758c0aa62703850c39dae7ccbcbc

SHA256
737c406ac26dad87738eb587933ef9d802024044c4b42ee9fd4374434e10da8d

SHA512
c1fbba3a733129d35000905dbc9e25fb63a4111ac25780ecdb9196b61a3891bc2bc9ac8c202469278af7b182f7dd6ee112391050ec69e1c23ab314c51d7d8ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a3366022e6cbb957624a13ad34c5241

SHA1
456a4da41049ba8f2ed9625d964325fa236c8a26

SHA256
40088210e2588081b73ec852b54bc95b5de01ed2aa83b4e981388e548299eab3

SHA512
25af6ed3c8f4bf28d2399de9c367da328c62a325bd2bccc72e29eb79243c4e965bfc76e1aedc1c8fc5c11cb6539b72a9bdbd917c0907b10364a13d673ed15f91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c5cb288318e2b3df7e9850bc36825fa

SHA1
9b51ec797a0a29adbdb968cbac04a75784c87377

SHA256
a64b5e4c7a269495f91bb309805507b864423504a4d651edf3e9137f16f1a350

SHA512
ed521a110ec18d6741934f7320dc25a640c17b3d235f6046b9f9c535f6e19b48eeea7e79251c9f6c06bde98bed0741f2cf2bcfa01b6a42ae8279182f75d34df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51e4b5e134a80a9045bca6ed6b2a0401

SHA1
3a2146aa5e7b58ddbe3e534c471940644bf8554a

SHA256
ae1bf958c7fdd3b6184ba19760bc1951e12de0e6294b7a0ab06f7045191918a4

SHA512
c84a3345e0d7459055ba52e3db7f59b4c7fef0807e971358f11a6ae2e7eee7312ebaa2d6aa4edf1039217c281d5d0cfa8fdedee0b1c9e078424aafa1795b95ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8557b77337e8d9158a1d10795a74dc1b

SHA1
04f0d4ca89576bcfcd94ec389fa26f0283e43215

SHA256
e6a0680da68e3d8fdb4e4301fe42f539cbe3b8432bad47b530c0da36ac18c569

SHA512
c3e42f575cdde1a531098ba7f395fb07f20bedf0e225937ca51b13883e0f1f8a328284cdd3b3f7867da1c5982026ec3dfb3bcbe5df84390a1dfb0a05b38a2b9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bb9c197dc7be1248cb3113959c66eaa

SHA1
b9d0fbbffae71aff56566482998c492f76edb316

SHA256
20f94764ecc1ac5152d622fb5dbc6bbc45b2f7e0e278630a1286bb969d903e2c

SHA512
81e9e7033b724e2bd2a8774343fe61833c48fc673b518bb390ebd0ee669fe05359379f09fbfc73bf91bf9c57a27c322b9a02d21c443cb48ed7a9c934012cd646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb2364b4d5658ce1f469c2796bb1af0b

SHA1
ce6dd86811468b399b385a4a0f3b122dc7d4cee8

SHA256
2bdd428515db4ce623bd640a004dc406849087e207662965b4c51cde5872e01d

SHA512
059a1d331291ac1fc94073b0ae58b01b2e66cdf946e8bc94cc96380ab90c394f51060cd9cdcd7b94ec931b8797276716cb939c65f931f02a3f85a98ccd040360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
951ef787270100fa337eefb9eacf8e8b

SHA1
dc8a867ef49437422525a3d9692d1caff2bc8535

SHA256
80fa134fb9f5d529c49ab810cfa59b05f9011da5dcffb528d5f7edd9ed88da5c

SHA512
3f300d00f67f5376959fb4144ae0d17d0809d22f23d42c8746570941bf40a084aca0dfebb520053152526c3bfbc24ca6b3a0ab860fa07c173dc01351d384b933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf588817e709d18356078c3be5ec88b3

SHA1
f532f7fead07c64737029010873c5b3352dea799

SHA256
2bc9674aa585c82d0cfe02c735dcbf61cbd5fd747b98b8741a991e190fb2ad42

SHA512
b17df9c7add0582455ae321c0098c3047772a368cb3f29298efcfec002c3f6d137e4ddde766e08ebf2822f0eb42d82cc4d8eab626a1e0fc1bc5d3e48d25e03cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ad04daa3c1aa2d7c176ac70ec5f4453

SHA1
3a85305bcc205ae1adec4c9d7c2c1bae86e288a5

SHA256
bc631f13bdc07bb4079c5f7dc43717e8ac4e91808d3380c80f5fcb2afa1950c9

SHA512
5c171e5b6031915f6bf32071fdf3687f7c9ac9b7af01b6c809f77c9df24cda11282eedca1189c4412dbec01616e696c3f277c5468f88418846c864e933172ae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
528885e24b3733405965d510661db949

SHA1
0f98be064c62d07caffde244430522ee5906ed41

SHA256
13a074f707b6751f382040078eddf732a988172dac28fb5720a8a501d9b7d99a

SHA512
17d7db1d1a5f84106f72c6300db739d4592444c18eda42dd549bdacc91313c2ca8824f740e4ffa36c228b4fef118ba3ed76391f99e3925bd2b83588b3cb3164c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
065796cc525c4ecc2285308749e36ee0

SHA1
c14783acc0fc4c71022032ab486baacffd4cfa7a

SHA256
a6e1cf218b5392c4203f90de4db53747a0020701c6591a553b3069b1cc49bebf

SHA512
e971959bc83d897f32c2870a30f538201e8524020cbce68288434755fb81fe70596fdcb06fd1ac0f694c7c69a10b2495bed45d838c51bf024d9dea543b981cf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b87603c94bc04da7d40ed5cc9d62798

SHA1
4018409e56da69936ff4bc2ed8f03c1fc6e01caf

SHA256
affae24165bf1525468d013e70e17c2d081e21e0b1b002f28426fb397e9a1f35

SHA512
38b196c3324339a1d538e9026cfdfe5a4ad66ae9559c17e56908bda3266bdfce34ad64c9c394cabd49ebc4871f814e7b083aa6557e8098c9af8ea663e78ea33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab63A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar72B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit