a9cb3f1e65bf0e59108702dd0d86f27720f04898141f9878ef3ed1e3738aa37f

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24ebbdc8fc3fa5fa5477fe9324c093b2_JaffaCakes118.html
Size

76KB
MD5

24ebbdc8fc3fa5fa5477fe9324c093b2
SHA1

f7ec612c72e27d4712c1175a3c66a06661c92a9d
SHA256

a9cb3f1e65bf0e59108702dd0d86f27720f04898141f9878ef3ed1e3738aa37f
SHA512

fbd142aac85afe86aaa60708e8810811a5f394f270436238dc7149217425d5dd19e77cd01373463304c23d0a5c34edb4bef455721e96e039ef41de97bc73f973
SSDEEP

1536:oP7/DHiu/5MIkq9bhW8+9wQ9qw20OGO/OAIx96tbtmM8CjmFElcXJsijJ6hwCfQ6:oz/DHiSKIqwQ9qw2Vhw1lSB58flK3zLJ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4867DA1-0D39-11EF-919D-C273E1627A77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421334591"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1936	iexplore.exe
1936	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\24ebbdc8fc3fa5fa5477fe9324c093b2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
92a95778b1e4838e0910930a076d5286

SHA1
62fe9f263ded7aae7e74fee138a9c8213994e750

SHA256
db05fe9f93a06ddf2c49805ae9800d69ec51491d62824b0d719d561265751515

SHA512
ff1c49eeb6594ba0415c9cb243618b94a74e925a9af04ee8a491e6d28aeb3e2a0749929a3d95434c433db2d24e5e3120d2b7e87f76392c088c7a02c3ba084c40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2b19d2938591dd66bc3a82f1c2bebfd

SHA1
00465da481d7335e35eb81a81a2b9dfcf672fc2c

SHA256
796521ff653c6ef414982d45d8e29709589a3cb4cdf2cdec0bd0dbeaf762ba07

SHA512
58389ddd1eb02ab94f396a43d3e864d579b3cb547c8cf707304e3a4371b31566f4e2b55152035ee78d269ffe0d460c2b77e88ca9c15c2de9aef2456b4b26c150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71fb63a9e22ad03ac404d206c62b863f

SHA1
ac876f7d0d668c309bea15e44e01c815e8269fca

SHA256
128dbaebe1d8d81d29dcdb24727f43c8bd85c0569b20423f0e62ecb01c06ee45

SHA512
64584964b8350a024dd9b930484059c2498e0c9f97857ce21e920a79a960a26e741da9a8d94089e3180da5186aae21f9464c1f507a858de0959c3a78918d3586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9944bde8c2b197fc8ebdfe47b2f6904

SHA1
f2cae33aa5b5c0f1f5ec724243a2cddd0ee3faf9

SHA256
a733a7d8efaa5e3f4a39754d3e637d74cf13369e62b3814dfb07c8f1d5066ca7

SHA512
2edc0bd56f433d38e11bd0921abfcaec8d5185d253ed41e630d3a54da622ff2b6743c2885cffdea151640bf49934063b7f54b2c5924bf9f67e7045331161975e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ea8eb946cf4ce35fefb811e812657a4

SHA1
454c21491868f84a72de82ab305e59db0c453114

SHA256
8e0e57b587de302ffcc2a080ff7266716a78d45a559979a39ffe24c6d4dac78d

SHA512
4aae119b437452ef9b313546367b377d5e69ac271524c98ab8cac9b612899c16213ca681039e87873801f0215270beff53b3ce018943205123f438f753f9eaff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e0ea498daccbb85d9474ec89ba20ae1

SHA1
6a29fa2375135e1fc8eb68581f10d9048dfaf17c

SHA256
c6f6224a6beba81ce5ad5bb7084a46d6251485c71530b00a36e11d8c4a8f9d3a

SHA512
4035240a553175f252014f82845a54c1dc2a02d41b62799a8593b40047d9ae5c8ec889b3b15c802d6978e4c4d9626e7c7fec8455c4041c362ac8c1e84b68a9c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7538677e556ac558e8dd9380228d553

SHA1
26d29f9a0b34b1b3be35c193c8ba10d04aaa50bd

SHA256
f2fdf7938798c73e48e73f4a1e0cd6b10b97024946554f71ae222700527d95b6

SHA512
e1761d637d2fe0eaaa3c74a7b6087eace8718657b95eebf97f05b68633eee88d3c08eac2aa65ddd23c5f03151d9f1ca2e1a0b92d5242245fa0191fc5a6c0f6b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca1423b34724592b8a77e0e35d6f2021

SHA1
ab1ed76d63288fdff96a9eec7e975737838c5e1f

SHA256
b8b545e924fa480a5dc7dda83bc576d2b7304db8a3d5d6835610291265ff39d0

SHA512
47842d328a471ed6c49388b50e01e4b8c4fd5cc23d644c98c98418a31df0bb007ed8926635f5a5d51f8ef4d1510acf88e9a20217174640203989a4f76e011b8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
223324288ebeab1c2b0dbc8f2f4bc71e

SHA1
e5bb18c09e202a7594eaa02453423d214f365a97

SHA256
c8cada5efa5c472f2c1a1b58ab26403222e8c2c3e83f0af6d8ec4ce731b6d4b3

SHA512
d0093dd7e928e3ea497992785f15a5d30b12edb155c99f30411aea70a15cee1e98d3b882382e3d1df3ec2bd246b186d2face776ba1626628a52777662d8aca9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecf698946b1de9d93d2f79aad4c91965

SHA1
f2a6967adf6a8dd190b4fbc4a150aff01b37b415

SHA256
86e9d43fc2f3ce8bdfc62e449f75f7dce36f95adfba3bdf14d1bb4a9fba1c373

SHA512
2ed086a7485b40a159cbcb4cfa01c722a6c0f42296814e9a9b30fcd0da0129c737c490e92c4336bf09259b3497d7abcccaebc875826e249e2a7989a9a4f89265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e30890285a141c1f0bda6a20dd983d5

SHA1
54e8f321747e1c68339295f7e4d44741309fac8f

SHA256
67c3b7d8d043e62ea4e82dc48b6f665fb311160faf83b67db1889d4463d2afe1

SHA512
c1eb0e38247e5d52e0ff03ddd9a38f21494f70963d2d13739a92c1bcb3701c6b78fd07bbebbc1725dcc1c7df5254279a5396a7143a01ecacb7161537963d9699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9af8fd39aec75ae9c4890c5ca794efd5

SHA1
25f2b9e79ce307ba1d2ef13a83fe8f5de94fc927

SHA256
ace59d14064b6a9aba54792662977f7906aad1a62ed20f336e76a9976ca591c9

SHA512
b1be178fa2b1587e23642baf75f3e1074e8d771fc8e0ad2a9fc10d56808ebd566ec6813baf30073130a05679b614a04b2e05bec6b01cf8070b64984b498917e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5893f000ded0e4839f840e381691c0dc

SHA1
157a2627cf66ae354b8fbd0e206df77e07088649

SHA256
c60e94d2b755d651f1e27e9da35a238b540fe0044b69d9c70294c2828df4734c

SHA512
557b02b1275d302de616142bd741e86f8c6526c906c176012c79a9a743a3565500eeeafaccfc8b322fdd4bc79a29fe08430bb0d7d5c16a5c31bc8e30a765d740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4de31a702129f7769907e8e0030f56b

SHA1
296d6bf252c55cc5a2515e8a88c47768cb8409a1

SHA256
1e255efb508fb114326544de0594537d93342db60cb87063a24af47303763905

SHA512
c9223670e3166d80539449757d41d6b9d645de5aaecdad6039d8197d80699ceb747e7a4a4775b4e81ed61063e41127275c62fb9fcb710bad5d75c304f4aedca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ddabfd375f9306aa3038b88cecbe4ee

SHA1
70c7bd49d47d39d6b6e3ed752ae4a0aa7556f2b7

SHA256
80c7c1c10a12f5ee3d4e76782a238b3ee2531bb90afbde72f4a0d8e9f554c44c

SHA512
c8092a3fe326decd91024f36487fcf6da7d151302d3751a795125b782c865ab0f03aff2363c007eaa6b619c54874283e6441e2a31b2ea46435a8128bc4b19bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
500beabd3c32a29542c437c5a9b01484

SHA1
e42671462ea6643059caf22395529cc4de3ba9d1

SHA256
988b9f6d6e2f32db3a2c310c3cc1c4ec9f7457bc9c2cbe50f98ca94c6faee686

SHA512
4e9f1786b567e2d96821a5531402701e8b8b089de16d6f7ef4441bea4e106f2678bc19ea41cf53689f606ff35f1b21ffa550a2e24cf80d850b5587dd4a121422

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1fefda1ffee7137bdc48b87995f42e3d

SHA1
05b88e795c57a3e612fc58d2dc073daf385eecd6

SHA256
883f9d61df5f48ad6e99ee996a51cd3def183b10ca6706cb629c2e0a71d6ec8e

SHA512
5cb7b7caffcb021cd53e6734713706268c2efa95269435d15b0d8c085e8ea6ae87f8682029240fbb5af2e7e7b41ab51ae758ae0a72d3f7669c26a27587a3e277

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF1E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF32.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit