5fe49f295e1976637fd2be08f54a4be86acfb2a2a98deda6d8ae0899494283f4

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 03:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22fc1956eb658502b685c09820d85897_JaffaCakes118.html
Size

213KB
MD5

22fc1956eb658502b685c09820d85897
SHA1

fe38f3ea1f55408cf0a6af86eef74d73e368b2e6
SHA256

5fe49f295e1976637fd2be08f54a4be86acfb2a2a98deda6d8ae0899494283f4
SHA512

b6a9c143828621aeb1264e48c7213b71c91d43f077070f74e60e06f667c4fb1c9e1e84cd87019a7a9ddf154bfe5f4389ff15b5d7b7db3a8beab7fa3d215de98b
SSDEEP

3072:S0Zm6QY4+7wyfkMY+BES09JXAnyrZalI+YQ:S0UwtsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421300468"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51A1C6E1-0CEA-11EF-9C17-5E73522EB9B5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2620	2228	iexplore.exe	28
PID 2228 wrote to memory of 2620	2228	iexplore.exe	28
PID 2228 wrote to memory of 2620	2228	iexplore.exe	28
PID 2228 wrote to memory of 2620	2228	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\22fc1956eb658502b685c09820d85897_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78e3c56c01e07479b8cae78523da0541

SHA1
70417d0e11723cb5b6993f8f8ee852870c6da889

SHA256
cfb503a4fe198e04d57728036c550cfd6685627536cd742e19215de84dbd2e10

SHA512
1f23cb597c1f35c619bcf39bed1487679cbc1cb6e591151524b4b239324fee1f4a3527a9da5dd1b94170cdc7069110af79e1053889e53e2a49c1b20dad3926fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
430d631c96b9d11e4bca578215c74d58

SHA1
53f181a36f5f2a5dda4aee48392eb6850903b6a7

SHA256
f4bebf59d7048cc4139d49d7b6aeb17896c770ccc60ddea22394db799ac94f7f

SHA512
40db2ada304f99b496e209d1f091824a013cf510e4d9e0cc2de018b1e4699a2d92abf53282a1513a2749d12ff2dd1242d1460bb16b47cf6895576742a8d3cf2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c3590a071cf52c58bea3c6919232646

SHA1
1f363eef9e72404916dc68049460a95549d2c133

SHA256
8e71d1cb8928e60439a16ae285662e23d7f1e2789b0002bd27a007fd6c060cf4

SHA512
472fb3a9c05d5e115b41530ed559c42e8940dfa02e1c2ad0f8b9ebe32e622f6bf15f49d8d822bcf23cb7b0f39a7c850911ebb1811962265f0eeb537a7d2cb48c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c67db8728876f2b88545df763a3f472

SHA1
cf63cd8612e4c41eea3ca0bc0b6c80449accf8eb

SHA256
0fb98d319a19a8125b0b8d5e394843d1fcf8e1f86421b0e3a82b32ff8824112a

SHA512
eed1386187d969574d80d3cae8d979216b1f23c1a71276b57abd8b6a7c909ba1ee545b3d5a1a48f4795f38e342ed100d1da7916eb42211f14619d59ce6842c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f27ee66e4385dae398b8ee9aa555807b

SHA1
058a67f85b6ba9537c3e0d2cdf50abd92aba3578

SHA256
1f92edc0808c97a16e4844b4dc89c680baae6cb3c6f24111dad2845128097646

SHA512
ecacb4243e20e358166204927af2ef388a60270a19582e02c3497f301a2134802318b82c183a101cfa2b1420d860d73d985a677382566cac7bf5239d5d3c7c81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d889df804683c096235fb60e3318e6a

SHA1
01f129bf308a14cd7f71fba1b4b8aa47999f4de5

SHA256
1f601b0b4a39f49cb76d38b0540025be16d4cc0afd07dca60bd2a31db3a9baa0

SHA512
c6f6f6d2f2e5333a4b52bce93c8ed2c9d5338ade7d1b69fd311ff0a1a3289cf7c156e125563453f3ac53b26e56cabf81c68ddd7af801e5affac6af428c5b2810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7231b46e7eb4b53ce84c09fe1fd27895

SHA1
8091b1ef2c6aacb98e350f68d6f43f915402dfa0

SHA256
d6e5893ec4dc10ee8a445e9eb327fa2acf4237c03870956332235f8308c22cb7

SHA512
8207228486f296d8559b694b3d7ddbe39dfa7d802becfc93ef7987682244e7a4ab4f6605b9f59f2722d4cd77fa51981bc8f918aa278cf667f48f984d6a6f7c57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcb33d86fcfb3e7b3f00fff0e237d694

SHA1
1ed1e6283f95deadf2a48e6d85811a816888fe40

SHA256
02129849d7d7ac1caf0a83565c4d0f5e2689ccfe84c661d7726dc6ca020c484e

SHA512
787ca4e870922163c152d71c792f54bd9e5afbf6dcaad7e1f8d3e05ab5cb4634f967b2c888ce7604982fe01c525aa47c1eeb8cc03f99ec9b74e05c9cd6dfb93a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6719db9419af94f6567aab3ad3fd8de

SHA1
ba4b004f04b4e290a71ace5cb6ee2871ac092b55

SHA256
41b8fb3ce393c108b3ec37bd864efc2646669596d57e0fcb664b82ffe8de3080

SHA512
f7e949a07805c68b227b32e9baa3644e5b19f5254eaf513e1ae62133513944c98e85b652b350e5428b1156ea6fe46901204d6ad29662c6c6de35d143b466a54d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
656bcaa8b33267f825683fe25b9a6003

SHA1
9e96171c372408797e19448b4ba20b22bd9cbfc7

SHA256
8fae3d5cc4990e156bb793d796fdf5a16692c4caee48b3bf12d1e7b3988a3839

SHA512
3b78f5e8965299cf1c3f446d3ccfca3af2881aae515ba6fdb4f7ecce0784aa7bfb6142f6b6465c91b0156a6afbdf4290ffe3a86374f7a8ad2bf0d65fa70d4c5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
720529b108c3a558640bad446004f0c0

SHA1
a54e3cb76d5a0023ea09971f85245c7223581e69

SHA256
d244eac751b09e502a0fb9de898c584bf884d1bd3c69d2dffbc2a7976123bfd2

SHA512
042b3e6dd81b643a66316743df111bbc705d3d78b5693035298b56e019b99479a09d6de02c3e22a51ffabbc7b875ed2c8c825bd5c95792b77004212f0b978523

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea8b9eb16df0e4aad095055d77023e79

SHA1
81468d2ffb4081941099669dfbe23594e3d6795d

SHA256
159d08f09a3b64d51572f53051d5012f8678a46a5c62840b6db637a9a4941cde

SHA512
29c94b7fa6aff68e841fc57943e39d9d5b4c7fdb78d2a4ab73f960194dd485192b89922837458d8cf4c5ddc1225a7e5d60b03c5193c3c6136553ecae9dcf68db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5189e66334fcea9a54251a7c57624cae

SHA1
8db3236c4f52629f5e6cb6ab7fa568af782c603e

SHA256
feaa8071b8acb2c6f93e15930746bddc7f1eda105e54aea2361d4af3f6cb037c

SHA512
27ca4048f87a4395637d30b53ce38d68e6e4fb52c0aad26db4dba490cfc0d75480451534f601be58862775cbbea1f3badff9ae376a42ab934aae30e2f0f884f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17a180b7998879c8e0e9d3e79ee9eaa2

SHA1
7aeb89ab13f627c587d5130d5646f8a153693bfe

SHA256
69c1f6491168e8cc2cf6f545d3a84e3624b498ee81c959544f70a349ad278783

SHA512
a2a1648cd75c4c4d42b5c4ae72b6ab285acfc7341d10d81fee8321b68ade76ec982fc86e55a32e0278ad203af62213194c36abf13594afb19a25b8becf7bf9fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43eae0c6327adb04fece9db2cf6cbe02

SHA1
81a5fe50adee0f5c941c19c50bca775da69d433e

SHA256
7d8aabba8f4874a5f2d2823cd354ae62c6fe1a45d3b262063cec056f0eef55e8

SHA512
a9d84b15117d0eeabbfd6f385ac8ebcfc438e3bf231869b62f9f94d746e45eee5a2d9a53c27432e7c66c7b4e9358499033cb38b8e52c9aa8ed50a75b9c9891af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88663d2ce288ab2c0ff52d1fa42dc7ee

SHA1
071de26932a936ad28890496e10ad67870c26e54

SHA256
3d595a91a283bde362e1456b67cc2f622c1e9e86afe1d54295de832d458a0d24

SHA512
9bc58b3fb07e77c074734dbe7cc267140f3604a8136bd99690296d0c49f8317d818ceaab77af08144e7ffc3bcfbbd0013b320bbef3520ae158781b1897938337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
186604f11d110499fec9d1ac9837de0f

SHA1
1ac599694646f3306596ad92fa1c173b554208d3

SHA256
200720e1737048cb890dee9954d5cf0d78e95f1a207ec077cce4aa8c6635ed81

SHA512
3f3fb17326da7b24aabaaa467f62fba685e2c10310a281a2ddd38a514d3084ead5598c775d1b6af9e9821165cfd6aabb1665a2865056215469ac6d7e2c7f8504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b641784fffd402a11f065aa10b26fe9e

SHA1
bbcb0aba2aa466c8d922272d30b90c234f4ea47a

SHA256
74908024bc82c2b603970d17ef841d7c13e3120757763676eef5769eecfc1998

SHA512
9b786f97a380ab76ad978dd62b0e529485ee46de1b82f0e78f57f9ebde82a8a9bd029c0221726511970bb177b3213bc589e5def05f08dda2b1430afe27d1b2d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57baf77e18c050edb1f926fe6229a947

SHA1
933a312d0f4e75677cb6f9723e7cd123f0dea46b

SHA256
3d54a8474e23525fa2b34b9616996fe56a282c306bee806e7872d2892d257974

SHA512
51deabc31ce002c522b151982edc61124b99065810c6a54dc00c92b4ba5575236d4d5a02b6bfa8a21d6ac2c2d59c5a80e4f8639fbef2a3c402f4b0ba0409b48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14B9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar158D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit