3c21e5ac8a281f4ae3c955681ecaa9134cd4a7a2bc03ca324a60be715265107f

Analysis

max time kernel
7s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

274614662d534ba7f7d6df1873621325_JaffaCakes118.html
Size

183KB
MD5

274614662d534ba7f7d6df1873621325
SHA1

2bf051bf0b76990d84a7abdaf1f15ebd70d246ac
SHA256

3c21e5ac8a281f4ae3c955681ecaa9134cd4a7a2bc03ca324a60be715265107f
SHA512

9aca108bd8887add213c830821be2bec76ad58e8e64430c338b4e451d3b79537d341bb18f903b6230ff2dcb89e61f5611f29a9321f51c768cbf91df84af026a8
SSDEEP

3072:Sf5yfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:SUsMYod+X3oI+Yn86/U9jFiM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C465FD91-0D94-11EF-9066-F6F8CE09FCD4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1696	2196	iexplore.exe	28
PID 2196 wrote to memory of 1696	2196	iexplore.exe	28
PID 2196 wrote to memory of 1696	2196	iexplore.exe	28
PID 2196 wrote to memory of 1696	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\274614662d534ba7f7d6df1873621325_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ca7f83bcd28d8a5f942dae7713bb1cf1

SHA1
2c357bfe06d12fc615c7e37df6e0d848eccf628f

SHA256
3557e23115517d236af95b6daf8ec7f7631b540de80338fef0cadd1de18131a6

SHA512
f9924acff74f8b8c671e8b347897d5cbebc3a73f94705de00f30f33d010888db4d175fb96714e899d708bcb77486f87d49a72f87715e9bdd1831fc2fe6e1308c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
575e311f11ee97b3e636549717b21794

SHA1
e12ce38cb26faf270c0011b0797cf4d09dee8e2e

SHA256
02ca13bb604776c075079b01969da9d7487aad969dda5099eff01fe1ec64e145

SHA512
673227d65beb8dce5889fef7ec8d5cae200f126c4b96fbd13551715fa98f509cd337cfa10255b0c87945a5a1293973face9ef956e44574bbc1b339018b9ce5a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
641f3f523b8fd94465708089ea9878ea

SHA1
cee975bc305b298bcc037a418022d1c2d747d590

SHA256
ebf025121b1736adfa7a5f66f3cde84286015d205f0e6803ca0999db9b5e45bc

SHA512
52f80e901a843c38cdcc07baa04d70db0043aca8dcacf3bc6ec68e505c38f1c77b378752f232b3a267b138692a0d3d6ca3dc13de5cc1e78cbdf1c5c850efe03e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9362cf616b11a11b1d1f3f87ee33e643

SHA1
95c495969a2dd6d17daa14135ef9de14ebd5a6ed

SHA256
eb79bb31f216f14b3c8ada2f8c49c2f65782594223414f1ff18fcd04af89e4e3

SHA512
53c7b68050bfec7635753bb96af54adc1c6383995e304da9e86141ccf555b99126b7f7c5dcabcb0e3ee381b12b8cbe020a8ea9dcbf56e242af12184161f18e5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
001bf0c18c27529b1b301507c9f6621d

SHA1
f22a79595ca4dbaed8bb8079d53120c2407f5fe7

SHA256
2b5787a04d7bccdae4f5becff442f11951de1ee5ce726ec72fc17e704efc3171

SHA512
3c1f1feaf1aa120305b4dba65977ac86acb4569b09c518ddd44d2df6406e070d331499a0f69a2041f7f5cf63d0190bd5ba5cd61005493cf9dbe93d369e0c3e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9129ad9e596a82a21395ff95f7bcbd24

SHA1
357d3d36a88a9c193c433b76e2619aef11b26d5d

SHA256
24a18dfa8ed5cf8b427e95ab05e1c108474a6b51c881698ef979772cc7b39a05

SHA512
ccfc38f16b3452757d79954afa96e0e0c3b828449c3973571cf0290f4f5a3820fa6a0d6bb79eb7c085cb552655f10864d314e4979493b18f4d8d2a1aeea7ade6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6536ef6a23e5e7d3ef98910c978ea062

SHA1
ebf944a38820b53322f5f2adc9ac1568a291b939

SHA256
8d7bcf32a4d4f758bd5d27a392c34a7cf5f4604c758908f6b2f6320c76a4581f

SHA512
191c9df926ee5778f026ee068b9ddff102fa9832c65ea43f5e0068bdb5e8b449eb4445aaad51cd00e4fd8124f090c94c1334e118987555daa973eb8582de66a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c958c20aeab794b4a0a6955858a9b999

SHA1
09046e1222aad387ca228905608b9746701ef839

SHA256
4b1af0ebe8769085a201a526d34e1916248d11f290d308b704ef2803236eb1ab

SHA512
e16507520e7f1ea2f51a33adfb77438894fd9922d63b5f16fe25d05f6366e49a3ed2d3e8a7f588fe478252144e3aa476984ad957216c2766e1977f87c1704143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58b0dada5eaa6b300145a58ad363cd07

SHA1
6b3a4113933965703ab6ca383b459466660005ed

SHA256
1e711aebf239640fe92739c9f7f5831b1020a0f958eac7e821a6197eb5379e90

SHA512
095002c5536ed22c307303f008b9692d42aad4633c05b8f77252b73842e61fce1e920d1d3969f7b20e3d23e6436a4036086bbe5f6e0f32b24a9287295f407422

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70600bfd293f1536ac767127f3adbc63

SHA1
6408a92d41eb7718ea48f2e1617b1baad9db2de4

SHA256
09fd6566a5bd4b9a576a7737c565403e74723601f345c74863e51c5508e2ac51

SHA512
8b0c60bcb50b000912a0a32f5410aec5bb6611e695c5588ab7301b0687eb3b6c551193047e3d999121f83df92ea035ff21b4cb045b725a7eb4b8ffffa01810a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1ee00a0b275971c34fe8fe01f962b29

SHA1
1c4fb910f74aa764f245bbb0f62494b1616a8d3b

SHA256
282d7feffbd171c6e9690fd8abf2ee16c457036afde09e5a7de1ffb660453124

SHA512
849695ced4d2bb046809b6d8b4de772e73edc5e7c4874ac1004c2571b0112d80410a1c47ed5365d75daa6ce02547c7e59184a347b4fb05c7b3bead1825645a8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ba68a519afc18e0a6f81162c85035ce

SHA1
7340c71b3959b24e868f2dd3900d2d94e463bd6b

SHA256
ca1193d3341ef335ed5205bc57be7c74989fc09c2de3ede99bff2c0d11d4efe9

SHA512
fcb447f7a21a5402d45c8e0d784a5a0575d237da6ec227760f983b796c897b5ac1d4df8703385bc71bc2a1ad7999207663eae3d97bb94471673e10d31181c090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50e60af2190818cebb309f5bfb1f1c0e

SHA1
c84bb3d816167b31d1cff0047042b759853bb667

SHA256
196a7d781225a96a4484cae4fee7d6415b7b4f64d4989e82acbf0de759259495

SHA512
da4afd36885dca7969c6774dcb610fd02d030056b4e51e22082451a3cf0d1ec696601798288e889198bd9592ed45bdb16398e6a077f5fc30bb7b8953e41a08e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62ef35f367df0540929ca93e60330c90

SHA1
793adc0eb6a7b16c747be60e7ce61b4894e791c4

SHA256
d2e88ce8121f5bd8730c45f48de40294da25df86389b9c52760ff66a81d8b5c6

SHA512
db51970df993fd66ad0df31c48f3969257def4ab16b65bdbfda0f84acec01109097bfec381aea12ede48d1fbb61f4192068d07f81eb187f84322526f57034852

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4448ec45294a355a35451014b84246ac

SHA1
c5028474cfded52be22b80b95dae92017eb9706c

SHA256
c5d45388e666c27db2feacc159b7de6725b7a632be35f887ebf5d03006af942f

SHA512
4df6e9fb2c887369509659cc18f43f83ff1d67e2f593123872bd5ad59caa2af8e92bd2b59a1fb9992fa59e9da105aec785224724adc23c6a23f0f8a3ed6e5c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78c2e79d8a2b2dbb6a14e05058d9e249

SHA1
50af55baf4a830c9c016731789e900016be41da4

SHA256
84545da4b7f99491ba56dd3da26d7f439701134230fcbe7558cdd100b3a2bf39

SHA512
9ea165c2d2c56c2964c50140c431abac4021192e35a4160ae4a116e719c96e69dca6cdb48933a887cbb6ade90beb826e3d8310d9de70deca6ee27e040d25c58e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fb169a2e40317c40795dbea31779b15

SHA1
02f6225b9cc949ef60cdbc85207fbf9cef5dcfb9

SHA256
4842fb48bdeaed7d8a5379341db6b66fd997c94a83a82acd36f06d82560c4c60

SHA512
fca259ca6e03381e2d49c487c037fb5cbf914a52d11003a935fa6f47e44876e8e9399f833e992a9bc5e5186904a19fc7526c209a972eabb8444f54dd32bf9b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7afbaf206c0e17090edd92d785494ed

SHA1
383e3a1175ac89b79e7428586e1bbbd929a5aafa

SHA256
01d82db66389ff420a98cf6777796fa556afc9fd6e14d748f6e1041ca92b3ff6

SHA512
1121ef6c9583d217a7c02191476ee6d0d7d12ef06791afd1aeeca508f9c765748acba9ba7ae49e6f6a19427269f3111e539f1849d7313eaaacb6cbc6425b0527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49de92d7e54ee4bba12b237023ace51b

SHA1
1d917958d00f3cc64046547806012d0830d8ef46

SHA256
78868ae2e16022e3e17327a45fb7f2d669280925e88aa1b4b24e203ee5502dda

SHA512
48a441a7fcbf231744b1f69d6d81a3400f48cffaa6ff12ae89009c19086e7ef8316b5e4ebc39f8a7175fc355126853a1292c2087303a2821ad7e8c489dcf632e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cf971b964ed1f389aaef6bb4f89443fa

SHA1
f782440400ab9deef687e078fd864aa4450bc73b

SHA256
e9e931cdd88e881c93ed92220bbaec3bf40f7a8b28b2bf05279fef9db44120da

SHA512
a561aa014eac963969c3dde190f29e2f76f5af4b45703584e18b38efc000ba69b59658e764aff24fc0855f7c51390bd3d084aa69f54e0868d8ca5e0934882768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26E8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit