ee294debadfcfc12cfe0ec1c65de61e33f36c19277f7bfd79b577ee7e7046f5c

Analysis

max time kernel
133s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

259e7ca3d709a57874ef53dbe8bee73d_JaffaCakes118.html
Size

221KB
MD5

259e7ca3d709a57874ef53dbe8bee73d
SHA1

68b8e610b79332ff9405a65eff84b3eb521fa843
SHA256

ee294debadfcfc12cfe0ec1c65de61e33f36c19277f7bfd79b577ee7e7046f5c
SHA512

0ad7ae5578258931341c4e3eb30781fa40a3b428812e9cfd91ffdcd25b6e1a30e5fff8d15a86a5b613ecd5401d53468efc72bd4f60f65b37423c00a3736cee94
SSDEEP

3072:StywPgcpXBY9vyfkMY+BES09JXAnyrZalI+YQ:St7DA8sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421345874"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08F877D1-0D54-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2896	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2896	iexplore.exe
2896	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2456	2896	iexplore.exe	28
PID 2896 wrote to memory of 2456	2896	iexplore.exe	28
PID 2896 wrote to memory of 2456	2896	iexplore.exe	28
PID 2896 wrote to memory of 2456	2896	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\259e7ca3d709a57874ef53dbe8bee73d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe12acf57773ba2d4ff6ad8c04eab7b5

SHA1
a36ded8dbddaec0e3c71ed237323ae70232af21f

SHA256
9aab0bd83cab30998acaed215b1aa52af68df6c98fa1186998ffe44e73910e5a

SHA512
aa04de60733dcf260c4b80ecffab80badfff3d6e91fc13b7dc67f62de7f5cf835b6dc8e06fa7ebe12009ce7c0d7d7dc9cf6ff32d1e8d75e4669e619273f3c198

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11fab92ceaa076942e4ec38c5f60a1cf

SHA1
31f64aec69d11cb7a14096fed94c6935f85b6bce

SHA256
2ce4f68352e257a9ee1faaae31db12a5496a7db22082ca7bc9fc74a727598850

SHA512
354a63b5ecb538c8576527a9c7f66b9d6bfd8e6a216789d4ccfc76bedeae677e3dd7362555878795ed4d7888500779182e182285c7f32f0156b89c82c99d00d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92500763a73f87fd1dc12803847576bb

SHA1
87108a08326d5d0fa13fe1b43d06e582cfdc8845

SHA256
59ddd6441527ce7422049b1d89d3824dad03791fe5afc681c6386c6b6cd1ecf2

SHA512
0e270aa5b490d430eb28cf9a38018e01d7a2fe69487990744a1851c393e73b75fe9ce98354212f6b7236fdbd92708f464a7b7d38a0959b0807cf2a7b13f18651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
854a4f08f9a82ef05161656fe7f8e73e

SHA1
09d1412a2baca4ca344a67758bdde80fce80752b

SHA256
dda771fb0f3f04ed42a3e5388c46200e91a430689b003d683f6a302eb4c3a621

SHA512
869e9fa4cc6fc1fc957a23e4ae7d7cee3145c93688dfa87579ef168f7e5fad889a880bd61fb62da7c34f5ee4c45937c0d132fd9b1788732be779a7cd5ee4715c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed374002ad22a9db8c778a0d7c45f1ba

SHA1
b3350c92cef37b3f61d4e389cc3025106ba9b16e

SHA256
c352f6edabca2d36c5a67f992587220814b374d8d2bc86c262be82e3c6a85d05

SHA512
a3ee81d9697b96023fb08e4c94236f43b01ece7492697eac17c72fc8ba9ecd604f13dd334a7a76b9514af9514742f8ad3fe39ac87fc7e7555cff28b8b6a63f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8fd543dd5f125908272f505f971d5df

SHA1
e5ad136e8a23aec3678fea574a103a515156f3b2

SHA256
13094a4cd6bdbee6072955cf5de07b4ed71301adc45cf82535219595db655be4

SHA512
30bb261a9c76633c0b92bf1c9f193fcc9064d4c4c91cba869af924c4f7a0fdef21da85af356390ff01e1a13f8c88352f1c03d807c05bbcc6444368e5d6960904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91579876682a372a9886c50ab82c0c3c

SHA1
df028bf1e1641f2a549f8c19d286fec1463ef59d

SHA256
4ab5d35c9b3807045001be163cafa7759ef572240ddb77a472e20f7c17d86eeb

SHA512
fdf3553b7d43c635fc4d8dc8e14c2bf69d774488195da51849819aa31635cee4a570241d1a4e8ba3fd704828cc7fccbae8db7bfea8c75cc0c81f7f654fb218f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc71a290ad5385f674549e3641f107b2

SHA1
3b4919583fefc8f58f4fcfb465fa91a535a05f05

SHA256
6406a27903da28603c7eeedfdc15397231930dc2473872548b51e0234695a03f

SHA512
491f4dc7112f8475e65b5e51b01b98bb818c13f162c31e412b377767d363b2cc5aac5f057bb41affd1ca60a5d701c311a41901bba2b9350a928ee2cb00406504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a14a0ccc56cebb113a62ce75d12d3641

SHA1
0056f2c2dd0fb67c8539f44bd9f6a69ea61537cd

SHA256
7fc5897c7fe7f87c88b35b90680396ed026ea9b5ab8bd6a3350ad8793cd0129d

SHA512
2a515de2cb4d026d7ec448282ddbd1a7d53dd28d607b972553bfb4cb59dba435558684651f02a09b5df97d1b3d67c34c5303b7db01388e23a5aed5c3489c028a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
479e1853c8141bf07a0c61b28c4645c6

SHA1
e857df281199907ce6e4d551e7c493c872188db7

SHA256
28cccc4327a78552af6bd404e47449cd3e647584804011acbd2568a19684de99

SHA512
59ee2844a8616d46fd1b2240caa1af4439d40e0857f0e286f26c4dcf7ebf379528600d3db67cfcef17f1b05afe16da330ce345e7a4fc6010c92b246ef1c26e17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbb5c085d7b93ae8703e953f3d256369

SHA1
6ad62748b08f939292e6313b3bc33ef9aaa357a5

SHA256
ce272211aa2e141ba921778c47c99937ae557a2cecd35ebe71960135e884cd07

SHA512
e51cb81fad6dd00f9db4bdc5af935c4f6d09e14232eae032785db9017737ea10e6b120b34fbda8d1e86d0815f4d34c793aede5d6bffba147c3980ff8d25175c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc56309274fd7b338757343030c17269

SHA1
669abaeba31bcac0d7cb36dfd39dd8411c212664

SHA256
8dc49417880e8e42ee86a14506754cbcd476c0296211f8a95f6fe5e03c491749

SHA512
f0b14ee9e66932b89df841f665bcf86bda5b3232d09853b9653933d3c2c013b9f65a22ac3977372ea3b3246bfb0f454ce7cc04c55135c7e22440d81059b139d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a98fb20087583d081e9cca4ed4e4511

SHA1
01edd9ae3d4d4a44228cf33771550c9413c6dd05

SHA256
965c26f36ec247dfc8a880fec74c86e591bc807b6e7975b3c32853794d20af01

SHA512
d9e0a7d8758d163c2cdb8984de3f92f8f807a0296e380ab15a6cb5d264f2a72f9de1f942a324484c5762dfb055b4e44ee71e5313681418079a8bb3e67e4c9ef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92bbd950a3a006ea7b0e4bf76454d489

SHA1
f127b2e954feb0dc025e575f5e5d35964fda6775

SHA256
637de84ab3eb563efec5c5cb994d5efd0d0d0ba3aaff2fe50d5a9649b4c74bb3

SHA512
9541666ee15093ba0fa62566f5316c2cbb6c4791fe13e91fe602f6e45e1bc5420f28a6442682bd8a096b66ec980dc42e51aeabaf13156e0e8eb91278be95aef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
435dae1b8c2d4d5c6946c1c86499e044

SHA1
5635c4cfdd2cef531a29c3fcc1ad120b38fb8337

SHA256
4d77d04ab4112b418955af2732a9d9cd62d0c5db3d50e32fa98263540cd3f905

SHA512
cb1290060f082658269b7229e88931fbb7cd9c541d67e7c83f39f9bdd28616301a90b33f44850700d848f3378c1ea09c1a59a44addebb8af50c6c33a21150c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d48a5714b21b030a489a93f385d0ca50

SHA1
edfb458a90bd9b0f25c21ecb0f3123d28caff4b3

SHA256
a12e7afd5f57b12274eb9593758bb7734ba27617fe905af3c5ff9df1f48fb99f

SHA512
718b31763d57039f1ae5760929bfc5a7c9113772f3458df7629afc455ecc10d07db3c8e35fe6a2e5e05a2c789e4bba104c8f20db8630e7a44f8e9f6ba88d0c4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef367699bdcd880d91414fe9c187d1f3

SHA1
104882e762585a74dd4efd6d12199e6802b2bb09

SHA256
3b05dccd2d45aa49325bd8fe4ba2ef4ff81f300b02dbb129a0ae764b7aaff2ed

SHA512
e23b5c8c99bcf79a3f8445b559e9287b3c11aeaa3d46526ef1abafabac3e0c0c9a4f8f41f5ab01238be3c608e0e7a4cf3a695133d28a8256146c83575c209207

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
188cd7ce914bd4fc2dc397521a2b446f

SHA1
2ae65835683b34c17da08d4374dfd247eef2390c

SHA256
bb9cb5e48b1c3f5aa45bdc891912639fe191963a75827a55dd0b831cb749beda

SHA512
1ede2e4f429ec81e170610902ccfcaaf18eed7afc01d933597447f3cec13ee8006f330b9746aec757548d5272e344709da2321fcd962128dc0f4872e232194df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C87.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8DB8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit