1b0327e2a8f3118fb90f1c97a509d89fffb38798577df9dbecc33788e082a506

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c345e2993a0d26b3de1db989032bd3e_JaffaCakes118.html
Size

377KB
MD5

2c345e2993a0d26b3de1db989032bd3e
SHA1

64488854df756fdc8100f28bffe8b8b04bceb76d
SHA256

1b0327e2a8f3118fb90f1c97a509d89fffb38798577df9dbecc33788e082a506
SHA512

f8c52a59126cd95d985aa2e521dd6c0950f0fa2f71e3634d59f1aca03f0f49ca7bc0187ee0bf5826c927db28db88dd14477e742e3a6a7a0577417a112dcd0ed3
SSDEEP

6144:osMYod+X3oI+YqvnThnSRBsMYod+X3oI+YW:25d+X3gvThwN5d+X3c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A7689C1-0E5A-11EF-9DB4-7A4B76010719} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421458644"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2080	iexplore.exe
2080	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2920	2080	iexplore.exe	28
PID 2080 wrote to memory of 2920	2080	iexplore.exe	28
PID 2080 wrote to memory of 2920	2080	iexplore.exe	28
PID 2080 wrote to memory of 2920	2080	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2c345e2993a0d26b3de1db989032bd3e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a05ada5391b0e4702e5b42971d6a38e5

SHA1
1346165efd7461f02003eca95abc85044a112977

SHA256
61fc91aea04266c801f175faefcc0f9a26896337e2271cc27eb70de200568348

SHA512
d971a79da8d31291e1082c2e4e58b1cf80196e65092c88091a3b4763b0ee0c73b55f7ec2261a6956893b5937ccbedf3430459beb6c6e5c5afdc00d25f5121976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ed131c5ca8f06e05a0871e9a6589e26

SHA1
dae8e78747273e0c50ee4d3aa210e1d8b5088257

SHA256
eef6cdec122f5ca490ae474c75b662d8eddb76f7db30349a247c7b6485abba01

SHA512
eb9694da97835f51fbe522b490a063b7f50d46ee44af0133dc2be2ee6e3329dc2b1f5ccd38f1d0af70f4a054e1649c3ff37d02210deb1c63669e9383f24f512c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72b21d46a7683726b5790edb2683ae6b

SHA1
e395236cff416f1ecf1abd60705bdca6e770ad11

SHA256
d741564efeef3d274a7457ea8c1f88fd59d8dfc362c1be2e4128ba878e6c5c8f

SHA512
426a6676498e43945b9a01035a0bf1f56ad1e9a1fcf7a76244a9970e1472b1b5df27bf6804cd1eae9e6891ee812a5371a0c870f1953c46ff5c8124cb1426e9da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23b2b1046ec56ffe698c7c14ffacd1cf

SHA1
e35cbe925f958164192e936d3efc5e9f26fb3d35

SHA256
b55fed576e51b2863934506f8c8596b5110c10103d17c01bc5ac2fe2ab674744

SHA512
3a0ee4a7f90dff20f2c118cebf741d5d85542c21155aef7f59e774ff0400c3e2d3a66f6b95dc828ca6acaa12bbe157d05997bf217a76469000075b1af0663114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
965054e5931ee78b6b7832c15590a80f

SHA1
206acaf894a12d6fb20be3e82b544d19ddecdadb

SHA256
5a148200312bf9df51fb8f04059606048f259863ae424046e58731b20bfa74ab

SHA512
4e70ada2adfdae015e3b68c98dd648277089721f7162981a21ad14534ea462c264673a3ad8e31be3d6116df300389e4bc7378756e8d32524929af4fb8e731de5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13311bc29712ed63992cc6e6f1428c57

SHA1
6d38d472176091a374e9d0083b2157c9042975a4

SHA256
bd6f4b740faafb2a81b0110f159398796f56c4c896cf652296f70ea10b9d4b28

SHA512
641cafe63830361638793a0212caea221f9df1e8777b34f0d0d6181ea94666fae19a3eff52be9962aebd2a1ce9dea463a37ec8cd065f02dbde8160e38addac34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5d822ad8e0b1ff8ba3fb86547572ed6

SHA1
b784a87203034f0b4389c673a1042f337d5a42f9

SHA256
6884c963aaa05059c93d663e224b865e48e05fb31ae41287ca9817bf47cd6330

SHA512
aaa57183fc63ce1806dfd78f2b864a24afb8f69a16350b388645494f858025d364430d8293a133f58026c8e3a9d22bcbf23056f5ab23206fedb97e939a67bf86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff259b45586ae7922ac08152567c098e

SHA1
3b626bf31dc279c2497b1db6fb883eb24768063e

SHA256
6db51305d7e3f01c79aa030bfd7f9890ebbe4cfe1f7ae19a7a05b63e219bd801

SHA512
b527be2a68d89a5ae6b41556872291371224d71c4101a35920d771df154ab2286e626a72ff2e0b910e5b784dc090c27e4d7588e356d0b6a654dfc6cd05d301ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e661ae7e54ddb1331c0f5bd997cf733

SHA1
5d12b3c109a12838428500c4de015a93faf9cbdf

SHA256
f405fefb963f533e587101a7a694fd0cb58b123de0b7c20dc7b450a52183389c

SHA512
9cc7079d42a9fd84ba562ae8f889fef4617ed4318d0f1b93c76c5cf81e4c28989b84a5e840341dac318e83fa160a9b5788541cb63e1277fc71786581714c21be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce0c72fac060f5aff0ac74acea340070

SHA1
0dc7ca2e6d4334af13a91cecb0ee4e047aa49362

SHA256
616b4e9cdaeed352073fa715a249b521f0d66ebce55ca8d89b77edf7064c6c48

SHA512
6ae14a665171614ee7ba70a987f7df0afc4e0cd255425db666edaa6cf79e8042589e654b82ee5c3dd4e2a4312e866e864287ac758d0ffa0bc5ba44aa194e2268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0c2c91050835711a62e2d1dbc3588b3

SHA1
80866b14476c5cb16c7411b5fac6d0836690a1bf

SHA256
0ff758b9b104a4bd035ef859c724d06f12d34afb43987b06dbd30ba90332faf6

SHA512
11e0a74c4d489b944b1ddb483391c6bce0377587e8a1bdda060b3ae03248d9b334b1f174f3b19f644bd014e30fe42d6ff63c79c0bc4a1874837bd5815d3d7bed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc11c8b7261061270d821bb422b0f6d5

SHA1
9888e0da3065222cc89b9a955b9f5414500c730b

SHA256
2077028518351bbcefb68cc132a97e04ea7c9897062c5effc89ee63e150f47da

SHA512
e29b1df0ba6bfa6528189ce188c20b00991277cfc436a996b69716c602b31e0bdf87e86b918ddf74e7305426bdba05dc602fa6d35301efd6bc2eabc76f16c9c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
349fa9a7750558abc6d803244165d82b

SHA1
20ff4026c4f3944a87f2793f95178523a6335f64

SHA256
1dde9fca5af973ee71766277f810484d113f47b4094bc6dff8dfeea2112faa92

SHA512
3ed8183925d6260a16235fe2a0c047e2d0c6072de5413e55f3c9cffc9ccbd2ab993f28d4d7c95a2feabb8fbf7a2769cbe8b50c1fb1ed9bd6f33755a5cc1f4589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56836c8e34cebf4a934962118303aab1

SHA1
716c626ef3959d835b6107eba9ae5c8341d2dffb

SHA256
27b4bf29b6eabd42a5c9d06b74a8be25b8a1dcabb8faf4ff7e5e27dd16db10db

SHA512
54764e40443ae74e310bb156292a827816fcec31f242ae4890368cf1c829eb3729bcc2ddaf3b1bfb2db98346484c242245cb20858e2d2522d23e53626b732b9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d42b3ecf9c8377a02b9c8656f1b29a64

SHA1
8cfc75ed571cdbb9c9bb0b67775cbf798a19d793

SHA256
5f177eeb96c54b4cef33cb4c5e3b404b58b05ccf01ff462519cf78790b4224b3

SHA512
67222aa9e29e15b9846d4796ac079ba9d97db666a41b4ee87d858352a48616aaecf711a215c70e454d6db850666bffe9ed07e9ffb13ea66e1d145b3689df0438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3234d68131cdef6b6bdd3c9aac01877

SHA1
6dd504f75d0f38e1b75a649c95ab587c9fb8ed26

SHA256
481178ed31268995dba40c1976eec1e863fc5a6df72801fcc2e6827c33de14fe

SHA512
c5558b0e806237da7cd08fa16f847f90b58bbb53cec33c3f1a5e77231ea274670102b80849158c8067141966f40195a330c594856ff4f84716515dfccece23bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
964ad4fd948d7ab525aa026a45d33693

SHA1
886abf8b8c0c0891cac3f60487446402f62f8da3

SHA256
834789bf7819f1459ebd42fcd23dde0409fd0d6ea6ffa9b264d88fcc479a4a5e

SHA512
73f3c880ac485c8c9922b95b463bc8d7e40e075309066fca1c1da90050235a391931c5682b6d430c57f5d5134d37c615135867c98baf8a632c9d8f26894f7fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c0766b11d152de3441e2084374a3b24

SHA1
d3143b06f66aced5bf754c6d1f9e57bcdae3a660

SHA256
cd50738088da2cd64ccd7d04719e29f045196473607fd8b503698e3b6f494325

SHA512
fdb9ecb966dbf3be1e977fb625d34a61c7994706a5e90681dedbe045a6b57e46051059d2abb4f494ed45cb1d2b75e97aa6a29fdb7202c64d401abd4aaf34f4d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edd137d5924bb11b7dbb63afcf17a1f1

SHA1
210328466b8958ab1e4a4921a5d3be5e5f3a9b48

SHA256
60dcfb92999eac171340b1b249a696b9cabc35e410493314c6d62ec4e7308559

SHA512
1ae8d6bc6f19d75af40b5dc36377b7d882f80b91b41e91acbbe31c62d3bc94df819ac49fd0422a096ace607e450bd750f5f44385fb3a4029137550e2651dccc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab367B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar36DE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit