c5e0fbceea0f968c52e22e14e935e94db75f492035ff25137c4fc1389b536dd6

Analysis

max time kernel
140s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24e095a091b4b33d61cb02583c4e3567_JaffaCakes118.html
Size

220KB
MD5

24e095a091b4b33d61cb02583c4e3567
SHA1

b32c62966e5e3a04287c52e24e2f362c84e19c60
SHA256

c5e0fbceea0f968c52e22e14e935e94db75f492035ff25137c4fc1389b536dd6
SHA512

730ce912e100f18ede4ff43ebd7d316486254ac64f1f4288b34f57a8a029b2e312529893ba44b095b6291a6161eb455b8bc89e791902f244add26871daf7ac9b
SSDEEP

3072:S3+vdsG46puIJyfkMY+BES09JXAnyrZalI+YQ:SuTG/sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDC047B1-0D37-11EF-8303-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421333828"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1460	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1460	iexplore.exe
1460	iexplore.exe
636	IEXPLORE.EXE
636	IEXPLORE.EXE
636	IEXPLORE.EXE
636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 636	1460	iexplore.exe	28
PID 1460 wrote to memory of 636	1460	iexplore.exe	28
PID 1460 wrote to memory of 636	1460	iexplore.exe	28
PID 1460 wrote to memory of 636	1460	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\24e095a091b4b33d61cb02583c4e3567_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1460 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05be0c628f3af9cee0b4016b4f25b2d3

SHA1
8706e5954d006afb34abaeb2f5c51fd0a63571b6

SHA256
229e41a51f1c0972edf37192249fd19f4fbb54284dbf226be0b65f2843f4ac9c

SHA512
2d14a15f3e4323fa693f66e2382ee58d259e4924f5a8483fcc01e046852259fd041052222026b88394812e65d81acfdcebb143fdc843ccb6fae26bbcc660c4b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34302d0dd731ff47c3fd7509ac33ed75

SHA1
77cdf9089399cc46027befca557878e57ca5b3bb

SHA256
90236e3b1fe7fba234067859cffe65989978da457c038e6355dd6741c17ccedc

SHA512
9822d17d5a507b5a2bb1da32a403bb7d20070b708516d9ed5bd1df5919370950ab64ef65b3faa6204f0caaa61a7bcfbddea731adcaecf206ecfb89269be0094b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78c0a8ba49cad58464bdfe588fee4340

SHA1
96d27a6d0207317e48f6adb164ff5087e70cab33

SHA256
36a63bd5bae41a5d4fbc9cd8e85d26880fdc8c1237c4c55967b3c657b8036037

SHA512
1fa48460f97cfb1ab4e8f01bd1244023440062ba1c1e39deb887781d4f01a8e958ad07fff9f40394ab00f981e8c3fd3bcb0084948257a5c2e51c3d10660ec7b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bccccb8e223a8deeb3be2afbbdc89479

SHA1
f319ee1a9e5a5bfd04744c14b7eae7c3767a3d78

SHA256
d4a4437a2c94fa5621ae0afe488cb4e3eeed50cf91d5239f6645ed4b4410f041

SHA512
a11b4fba89c1ae5ad76c02afa1de1975772a16f2a078f29dd66e225cf5d15a01b5d68c5a6068154afbb8738bbd5508156fd018cf221fc8ce73cea35023bf97d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd23e0428e1988e9f914d72079f3c562

SHA1
ad8af4f3fee4e8de69c00b55b712a8c40ec6714a

SHA256
e139f2bf65ba849cb36136762046d3deeb985f5949ffee0447948485781b6f0f

SHA512
0a517b053ff2c586e4dda0b9ac8eb7dbec135d78455ba2c5204e190f0828717aa47d24b65a0e870121aed88cf77b7ed66294252ae4308934d410daf83855cc36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65d38191202469ddb3afbce8936b0022

SHA1
5e657915bc91c71f5bd5d80576f92bbe2646922b

SHA256
8bc03c1397bf3f5e1b4933f8be242c587389c2b512a334081e2cf11d0bb86c65

SHA512
473776b6f98fb0223b7b0894015b4830e28c779cc0aa46c84ce07ffa20ad15bc82bcddc896695a36e0a549ae942b30a17ac120ea8b2d64d2bda8af1845033ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cf792fd9b31d8f09e4851f238b5d6ca

SHA1
aefc121a1a9c0ddf9170538fa5a6178172c4527b

SHA256
0a640e02085cdd844a50ad4385d18682014747565ee93190a22f162545a6f56c

SHA512
c4d6487b6d31c771b5c4c7d7c1917c004e3a7c39ddffa3caf979563618b54e664358aa46602f37e1fa637f666570ae921638a67988f1e06809c99be1b7cf2856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e479e73c4ecb4159e6cd6f578846299b

SHA1
f9d1f901458b26bba4c7975dc9132ed3525202b8

SHA256
a8b9da4064c9f54b683150679cd55cf0bfff41a3c6956657b88f0a5815f7369a

SHA512
c8b15a894fe5594e1d9a90d7534ae682b9c73b183dd4595c15aa6cc5c55ca35bef11e68a1427468aff72e2d264e50e81af1df14fb294dbaeec89b89be0bdc6d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b8a22e49883ca097f8c4a079d38bdbf

SHA1
9a751ca855d94584e485a2fc9e28f93037aff1a8

SHA256
80537d135815fdee867e6b4e62d770c4949f6444cbfb2590cc6e3a144d026ce1

SHA512
6b82553462a1cb5385345567407fe5b8c64eae6f26db9d0219a62d4d3a8992baa3b8ef54213850c37775fef65e582fc6b8ab8d4e913b7b00f6f7290eca2be714

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5bc80f0d48b95bf395134b6cfe4184d

SHA1
2d6773bf3f781bacf9d9614bf5bec9912e55e6ad

SHA256
e3408b3dc4b7eea4020f0d49660422dc42fff895258f930d9cd088e590c73cdb

SHA512
3c4afbdea30dd25b9d23db1396998174a34622f21f994e07b189ae820928bb38c8233fa9fb8861f9c297bda0f5a18cd38d2617119a3a8235c405b2cdb5c10fa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faab62567e9117d23fe72ec436a64990

SHA1
c713a92e53448513885b0fe838b65719ccfb8a20

SHA256
2ce120ea80aaef8de0271bd489dd6e6158235f5ae14224e637a0728314482894

SHA512
a2de87ab583984b0046ed5652439a77fcd62e9e089f1adb410683702937d15af55ccbfcd6c3b54fa1ac4f67cdec5a74d6ac4ba5e7a282c9ba941e4b05d7e618b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c07f17df480ff816209528b875d740fa

SHA1
35257675172d488cb4904975a5cca8e4880d75d9

SHA256
636b0d1ec54c13591e7c5dd8c6dfa3204d32f64b32268ad2285430be6a73ec5e

SHA512
8c529174c1fb2c2598bec61b1e3373b32aa2abcac2b4599e1aacbb0f6ea692af71b7c759b3caed62a8f27aff9bde1dc41528109b90720bb0badc290c4cc77712

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a458a70c5343cb730a77b9364756589

SHA1
6589224de6e9c05437bb69242ae16ba5a4d98fc9

SHA256
73578a06baac0339447e069a9882d2d26b764d750571e70d2da7dacd4638341c

SHA512
a221536103092d752e2ba6e77e1ba2956d9382ce5e2b57f3a0f797fe789ba8de587dfd5ac304fec20669ecc1af20ac24464e60c4691e52879e62d24cc0b0a0b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaa86e445defcbb432cc0e4c035fe73e

SHA1
fa010f33c430c3fe318a7359b8e57610dd2e98bc

SHA256
f5b043911a969dd916fd23cd65c388faf7b5d97f074cc7e97b1321f2f7eea082

SHA512
87091227aaea6bb4deacf9d70bc0e9a22c21dbff579f467d774f54ed2168c54b338273553a7e2c204bc9f360b4259bcb7dc8b75c081079763cfa34bdf840f567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef890fdf926022d191307f069a5bb44f

SHA1
4cb45a1b9214b8f19af6e84d44cf777ab5b24fa9

SHA256
1e3fded9613ab141d7dd5a2fdebb3c929f7d7ca7d55e06ab79e5c679c30f0da0

SHA512
fa972e8adcbb70c0794d03e6267e1ccb01b6b9ab9b4820523735510d784c9eda86c9f955cbd017dab42ffd44ffc7f96fe041753279540ce2db826a1100604566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c26dd60fc35dbe0b564bb51ab4a83559

SHA1
e6ca34e0d3a021e633a497b04c9da9ab37441aa4

SHA256
e0e44cecc64d8b1c0d62644259eea8df776cf98dcd14699176f3c719315066bb

SHA512
a07e4b4889542d005e532e0657e1bd55e7a53b18eb10323441a82ee609c7ebea6ddde2724a07ab4705ceb63d285280dee61dee1e3a94b1a0c14e7f2d0fcc04e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
434ced50a50609c8f720d2e5fca82728

SHA1
91daf4677f5ec6969cae312d07e1571be677a254

SHA256
c0953111459557fdc10570524e82d3d79a4acc01c846f296d174946fd9c7f3a5

SHA512
0b480ac07f7ce3c22ec34098cea47877f367709b22462d33e54a1e4b0802ba636374b95935f304765f9e440e406280dc303fd9668e65e9f50e060ccb67f8bc24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfab4edf78cfb5c18fb6392b552fbcec

SHA1
b4718fd0a03b6010b9c758be0a1f3cc9ae3f4ce0

SHA256
885952c0f19f4ad6188ceedd396f01e33116121afdbd0bce3b1ea8f40c575539

SHA512
6c113a6db8e7606f66c6cb852677a6d4df60dafe1bfcca3454c0eef14b81b2d1c12c4574a8d9bc8f1cc96f8fcfe42090903dae6438d416bb59eac8a1cd8149d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d96829cdeb57cc4109e6558e88fb6fe7

SHA1
df1d9eeadf4615bc94dc80b32738b355643a2545

SHA256
ede738292575e35fb5dee5fea03eaa3116a5be72af91b9ed6ec95c4725a564c6

SHA512
034ec26574f421c5ccde9535366c58747dcc1f25e3a959a4a09bfa8c37363ba5f914713048ed93c3152665867fcb737cded858b9386bee25beafc4893b146c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2879.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2989.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit