1b82cdc04a2c0fb855b4fddccd80246d53c2364f90403723ed37cafe1db8355c

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21b31515b118a649660725ae6f8dc923_JaffaCakes118.html
Size

141KB
MD5

21b31515b118a649660725ae6f8dc923
SHA1

eddd2727c9ac0a6b0646910a9d6edaca87a74814
SHA256

1b82cdc04a2c0fb855b4fddccd80246d53c2364f90403723ed37cafe1db8355c
SHA512

2fc9c016a3e9e7861da60c43e1389f635ab4d7764985d09a0808679babdb195113a813416ef5f561b2c323a54c241002f5e2fda95a40fb4a218e9ac91ab89692
SSDEEP

3072:SKFzkzTx7dyfkMY+BES09JXAnyrZalI+YQ:SKFziTx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E3955A1-0CB4-11EF-9BF8-4A0EF18FE26D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421277350"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2292	iexplore.exe
2292	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 3012	2292	iexplore.exe	28
PID 2292 wrote to memory of 3012	2292	iexplore.exe	28
PID 2292 wrote to memory of 3012	2292	iexplore.exe	28
PID 2292 wrote to memory of 3012	2292	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\21b31515b118a649660725ae6f8dc923_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6344a1831263553f8256238b7d4d0666

SHA1
5d069307adf029152b7f1350b0b09117616ad192

SHA256
4fb1029a5e762e3a94f535bff17a7b6a642bffa97fe15ad25b074ae0a0327b6f

SHA512
92036b86705491bcdf9ad479ace029f0577b368f817d4001ae9817a675b0a93840b1c5227d0973d26c8576b6bd16b935c12f0b8bbefb8d1edb3c00211b0c81f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7571725cfcbccb4e1bec1bf927a6f0fc

SHA1
1df2c83c77acd8d66016615d42df34ec9bb28a24

SHA256
12aff56250d5b1f17e3f81a209a496534ae127d143b304bd6f69340d8e54663e

SHA512
32bab92ed2a6c280213d29ce768fe13fc37565bd83df4dfbf1df9dfaee40d9d6ff2966cb5649abf21a62ef7f5ad86231a8a1334d2c1a5d256ec6fe25ba1be4e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf25dc3f8a0b54f8a3910af79a3be6ce

SHA1
94e04cee799419f84ad1d01c4d7e23c99972bf48

SHA256
8825ba898bd406e91dce0e476fed2084e93c678ee47ba65d0ed6719a3262e1fc

SHA512
6537223ee393754659751cde1b02840f7e67c60464551ae2cd00bb142251fa43873d8ffa85ff52a1c37a516493f012ca6fc10521e462b620f42dcd4483941e43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dac67d02e5308495980d6b685341a64

SHA1
b7df648da0e9033beab080d7a5a71d04a9428c22

SHA256
c92daf9416d2b07b4904d7f70c0e40ce3f76586667267cfc40c672b0abe45768

SHA512
d07eda9b0de60a870840179e1c39cf17cd6f5408e22cb43f673406fd0946b7bc52a5668fa904c7d96d67001dc0f4a6eb0265da4d63155d91688becd559bf706e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
341ad1f9e06f55755d5b0abd0598f482

SHA1
2f911a6de1f298e5503db1e22afa06dffe980f4e

SHA256
63b2ddea4c413834cb2218fce9ce8f541bbd9b5eb5ba57378a24331ed5465972

SHA512
da73033f838df5b79cce02e2e104e6d8e0667b98c57a50ebe51cad522c405d633a5091bdfcc81ca08e8ebfe9324dd367baf83e277b2b4e299c6474eb0264e9d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56875bce934d3f657943b7b38161e50e

SHA1
cb4b700075d88a397ba703f2087b0cd437e89300

SHA256
d8b57c256a1e58a1ba04f4fabac861a35e993820129dc6497c0857e2eec0083b

SHA512
221e67e9bab6c1075cdbaa17d97083433e3b1635d3c6b20b9f0c3bad57bbc83d7f7ac862bda20c5657ceb3dbdff881334e5a653c97091ca44a18d11652039028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29c9b57042fa710987ac331ec41d84ec

SHA1
0f3dc4dc66a7a6acb104aa275d3232686cc00fdb

SHA256
f34d422aaaf8204aa732c14a51f1ac1025f09685571432b3487c6c68a3eddfa6

SHA512
485d4c6411351a7c4cce1945b000eb4751174f65436a30898fa56e84380e9c8efe3980927ca80ccd10a0598a1a221978476ee397190566a903dcdfc5e48771a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e5174f49aec9d1f361701e419c96e48

SHA1
71948cc0658418b1b263b62bcdb9fcbc3c4c5f88

SHA256
4e927fb7823fe047028cf988f61fa36d749d30480fe63be0e614f19f9ca722a9

SHA512
f608e461548884b440015031a6e623915c6a79f76763737ea998d752210bb79410d1d2029e62bdaf08915870e2f6c82a99917f6d9c67af20ef1bf4fef168186d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a16e846a8ea8db6656d2831d0e1eb6bf

SHA1
5c80ede1609df3111dd86ed6cd88b6a215457aee

SHA256
f7ec856a696fda3bfeca98407ba4ee7a5c38c2c02af4f2550a376e3eb864d106

SHA512
6f56edb8469729430a0b891187b9ebf0871a747b8fd3c390f2beb9527888cff2852c58957bddb66f09f8e960faef7bd1248ad0535ee5845a4af2ab29fee9005b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bca5570ba51e8b873f535f80842b388

SHA1
5513a18d960a213776f858d1d9fbea4dadccf793

SHA256
602e25f5d2fb0da97ebe26018fba51371c975472dc7b65b2a9e6c920b9549972

SHA512
ca8684b3cd57bcc4bbb4f9bdb57f46d02291d77ba0f1858006df065d2bc4563eb4ea12c265cd97913b7214e1445278bc03dd0f14e3d1f1707c37a0ec3eb8dfe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffcdbb59e61d7d96f1639c38ea5e9f32

SHA1
bb70359ba342cd683987d38f4becf87418caaffa

SHA256
b4ba2744a5bbf9c9472a056801b0555ed8f4ec327ccfcacbaf4d9bad6b4bd412

SHA512
78790d6e1185e5f7130d8df22a87b59166973ce93d1c3c74b7910ffd9c7d229e8e24d28e4d96c6364fcdbc704f0ed85423c7b62dfe06b3c45003ada678e10533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
785b05b16008c297af8dddd83df5cc8a

SHA1
79283fd978fd516c1c80898cae2ec64940576963

SHA256
76366641d217cee6978dd9658419cf1f33cd9db5dd9488ebc855d1ce951832af

SHA512
3daa7dae5a0fb38821629c63d0e266f3726fb8e8f865039c14fe8ed12c5b68466aab28188619496af9bf14e3e9dfa21964986398b1024a496a4f7ed1fbe5ecdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d75673e6ccde08080b3289cf2f30b5b5

SHA1
0b7a569c8a3a86881bc5df5c05f97c8952b14b28

SHA256
f4148b45153fee6b82598ae0b5d0c010ecba4d5c7f5dd77ea58ec8dec60dfd5a

SHA512
5602c4ca71967c472111d54c3cecbdf1ffcb27c4fa0b70c9a2402559898f19c2e572ce61564600db8ae40e5046d18e974193e8222f045453ea52a422995e94f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
532b5160474934f5accc0e5af723ecfd

SHA1
9ce5a799e1441a1ee8fe8238f987729564cb997b

SHA256
c94a7f6a1991d93322e88bc008c2589e603c2d42679c32d082075a9e3ab810cf

SHA512
50c6f10737012af50b072fa079a745c01850af8f813460502fe4b2c6efe4140a1de70430a484cb594f9d30ce039139b79cda707477cfc166d21708b2ae060600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b5bab49ae23cc6c6d42d6c79b087bac

SHA1
d67aed91212bfd25a4ebaeaf42d1d9ec0244c4e1

SHA256
803766c21a37fd3460ec083063eda54d165417b0438b6e359d171a64b98b86bd

SHA512
549dde9c3f8771f7d2ce78dbbe1e2b8f55ff494b8e2e912d9646c3c44f64ee01218e756242f59b911a2e42a86d85bc97d28b5c5fe571c4b8d8818d7cd6e3501e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc2553178a60b636d13c97f858e37edb

SHA1
0ebebbf3d22e38312b170907fc77eb995f8e29bb

SHA256
617e6c071cb9c483e639eaf576ff362288860bc4a56f3319af7ec50345882e79

SHA512
f6cbff69a0320b85b875295a53d07b444413adb7990d314786c4705b5ffa9bc843d2dc37802171a325755ae02d84abedaf93d3eba60545d53a92c8ba8eb24d21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c23b798a3a4b973b8036a77846504537

SHA1
4f648607bd506f57af7242700de059e4afe07120

SHA256
e3c0dda133e6bd08d04ca638622ed02c550bfdeec0bbcb896b52de3c8d0cdbe6

SHA512
6b1afba94ab3b8eaaca4673bfedaa25dae03e9ea8c4d34b2f8d39444cc1d7fcbd866ce1cb6b2a7221e6adc165a200278b570f9e332372ea0f4525cf7ef170cb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fb319143a74e50058f8c9a485ac0a0f

SHA1
b2c0fef87e8cba22969277b9d0cbfdb3de634172

SHA256
290874ed614beb3374abda8aaae3856165e5035ba9c7eb92d7d1831c085ce341

SHA512
f22c774ccc696736932a483e2fa1bdfa331b82a3fa68be1ccf8fbccf22c0a746b91664314f7e4e1502567eca7a5573724f2b9ed0d8e0a0ec6219bd9e456d1182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b8d1872e5dbc2c924207737a2639133

SHA1
05bdc56e54229544c7a2805fb3764f19af7ed5f1

SHA256
0d94eb392e77d44b6443e8cae894d76c08f88b3b412912d295046814496f3907

SHA512
dc3edba5eea3653deb86ca4877f8fb027c8f32c3acd908c7c9d8b06ead1b496c7260ca877d7898726fa5f9bc25bddb8608c5e4669ec010596cd13badeafaddfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB50.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit