e05d2a424708cb60831c8d47483a37d4e215a3e10a84c95b28b07cc7c21614e8

Analysis

max time kernel
133s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27a0b20348f4057771495b2b43358f95_JaffaCakes118.html
Size

220KB
MD5

27a0b20348f4057771495b2b43358f95
SHA1

ea4a503c4342e3837a347b711196735cb7133f7c
SHA256

e05d2a424708cb60831c8d47483a37d4e215a3e10a84c95b28b07cc7c21614e8
SHA512

58060ddd1b78ae1a919dcf3fe5a14b247c957de3e30d3c54c0728f2166944888859e0cb2073ac4788535f43134a9e97ec99dcad52b449454306ec3dc5280c951
SSDEEP

3072:SsdB28+M5EZwLHyfkMY+BES09JXAnyrZalI+YQ:SsD6MVGsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421379641"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8798D01-0DA2-11EF-B27B-DA219DA76A91} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2644	2072	iexplore.exe	28
PID 2072 wrote to memory of 2644	2072	iexplore.exe	28
PID 2072 wrote to memory of 2644	2072	iexplore.exe	28
PID 2072 wrote to memory of 2644	2072	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\27a0b20348f4057771495b2b43358f95_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8ba5003697a27b604d954aefc3a1bb2

SHA1
77ef5f1e1a2df532f23c82ea1ae53648d1a18e5d

SHA256
850bb1bf9c5c7d8cdad4b86d7055ccd71c27d5635778ca13351de759500ec19d

SHA512
f0e826e87df27688cd2ad055ece272c579131ff820a9705ed07a6e9859966bd00621b7e84b982f1ffb948bf293902001afe092f9b4e5e4df735accc41754f3eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
327728a46d939e9f82ad59dc6db9a266

SHA1
4bd1781fb919cc0db1925004f83c96bfd6c0266b

SHA256
2073276313c29bb9c71677b1887f71d26478ede47bdbd59a4d86f9531066dd58

SHA512
be9d2e56df54037476b721e39a869866d5ab2a261e199e3251c5fb71d69e17f8f142b3d1115ac8c8ce18575f600fad7fca2cd20dd3e3f0e0d32930cebf20c531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc5698a68fe5a62bd8dff11beea9d552

SHA1
5c01fc80e95a472c2b6a3abbd1e323a02211c779

SHA256
f545acf4cb3a4d92f5f3ba5d497f1a13e83589293a7862c4ef7ca69691f06918

SHA512
83990e1d2d68d6062f06826c7f93fe2476689e5123c0a175abf5c83418060033da2be0b9613bd6d5ecbf90fc37fe8889f168b51fae3b79f9e73da81034c4dfb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fd20e890732951c70996cfa68c56773

SHA1
ec6ae5098f6548f863e31065c601b80e535038dc

SHA256
5d55d4ef25643c9a9933a3e9eff2e7c0b8605fb3718ec1e9f7999be64c90498d

SHA512
7ad35007bd5f1e99431eb9bee5ece45a560bb5e25858fd6db2dadc1ffe55ff3aeecffe97a04ecf8de958f6f7e4db4dc2053abe047f1bb76a5ca12ce3a204e6be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9bef0b5d38ebc7661ec547a9a6ad2ed

SHA1
6a18f65c74e5854561c3b875c2966c012fab1d96

SHA256
d5aa911ee00df68f6bb2abebec7053d2eb3cc5d96afc80dc168fc13420456edb

SHA512
bf102ed7d04ef5d8629c077f2dd421878443bc1676e15d057f5934c405692ef3c5a5f0edee13e6c8eef9c6ff7c47ae26a000c0581615bf04526e4e7e22d343f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d812d1d7cb5e8705efc66f95713af2a

SHA1
f78b57143c2f3d70922f5ee16c1be164a9ad3cb6

SHA256
b8235c92fe17234d984a36d7ed6b5c6dd80f92b5d6c221d979d5481f7301154a

SHA512
4e8524a89ea1bc2561cb8f7fd5a8e24087df8959b2bfe65b1d36a4579aec9cea073040c13e513f69510dcd6c9374866d688ea8497fe740ae0e1f6dc74b02c77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9e0f009bfdddd14ead35e95f4fae1a1

SHA1
0342ef48ba91647745ac1c1b9ff031f08395fdfd

SHA256
a478538f377dc1260749d0ca42ab93bf2c7309b2f18a977d3b80991452e32189

SHA512
1f26a2c14ad975430defac422e0f1f0c234e5e372689f4165c6883f70eec7088bf0af0573dba46f8acaa19a59ff79429b3ba9f5805e63bc5139e63882eef989a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6edd1e790db68c344fbcefd4b6721c44

SHA1
c79145ff07d879558dce72059ef0487967213df5

SHA256
a05a661be505eef3dddecd4962b1cd840a3e1294de68205c1eb3d9521616ad0c

SHA512
43190066da7f552a557d427663d148fbdfe90fead220a978a0dc4f017157b5404cc89fb60ea1f39cc97665afe5b4bef718d035cd701740d7aafe93ddecaf77de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4868b13a610a9d399fae1475cfe1ad2b

SHA1
5b6f90633afa5ba7dbe192e35d9314674ad00f99

SHA256
122169ffca87b93cedf43a462d559e66414c10c846fae0e642285711edb6fe2f

SHA512
844d0a3a1886e5d43d920d03fcc87a3d7b53f9fe4f69e1bc894de241ba89a82facd3eadfacfb19aea7d8dd2406ab5e5cd1b3017985e58c8edbfbdbd036cbda11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e651510d9114ef142d38549d3f3beb8

SHA1
a00e0753ba674aae39248f27f9ca755e6a90e32c

SHA256
998898d26750eb46016ebdb06dd5b2d34bba4bdb5a664347d2b8a7f788f9b30c

SHA512
3ed666698dc455e60d24419601ca6d6636787d3cfce03105885d92c6851337c4cc1c4aca1943a102ca66e929a4c76c796cddb5ad8de0618cd92e5aca8e3ed6a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b9f7b0fdaa36ad99e360d7dcc5009b8

SHA1
dda39cf1c4bbcf8e0d304a98dc0abecebe8c33f1

SHA256
541ca9ab005fa26305d1cacddcf47807518e2de8300d10193c6f2b98f9e0f409

SHA512
ced7420c6384d1b730e2a55c8fc262fd9a0956f915095ccaf98f843d596750e8b899672a6fc3c0ed092fc4f3cfbbf5801a712e7922fda7ad6579202458283d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af89740ab3459824c7f3b5a58f47091c

SHA1
5175425099af8869d3e2f7a37e13ada38391540f

SHA256
408e9ce6ed7d1786b81d0f5a56a92c19a597c3734760efb1b0dd0cc7c4d87a4d

SHA512
e7d05ca1f83c84d78b5463ca4868ab4eedde943bb9a0277590646a87b6d90f117e068c03f257b3916910e2623b97a7b24c399db728c29ef7c4992019182d89b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a160d1afa2aba558cccbde2e029e02fb

SHA1
67853255f200c2aaccb988f6594bba8721fb1e1c

SHA256
3d88aeefd5c01fd257036621b4f468b2f696bca0ca897209b5a725cc214b53bd

SHA512
94db3ce847972727642167293e045eacd0fa7857f1e19f2c608d1d2b5df995d88ea2fc85027c925de74ac6f57ad2acea71225c702142b958a8167adf4c964da9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
276198757218b46d28f4d93559d78ee6

SHA1
8e9638cbb0e7e47344c9f6e2b25417b25984c199

SHA256
a2cedc98e73f863559db21c3dd44ef964a60c43fdf4aec617cb822b63bd3e722

SHA512
3999397a08cdbe253e704f642b4323e6b114826465468f15e6e1b701b726243e5c20e349057dd8de904779bdafa3729e4f6183209cec6703bfe8cf851eb0918c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0faa6dab54e263f91ce23edb793d59f3

SHA1
4bd1d522275f814f879b17752159c75ceda374c8

SHA256
1d87194d2121fcacad016586f9fd4dbcdb8d5e81f10929e2844d565952883285

SHA512
5f4178d5ac2f975a51a894efc5c4ea67b32758e7356635592afa71fde2185d26466fcdd5fca7d68c96436f5464e29f4ff45f0f89571a6cab98097b2d19462d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1fe6b01888d403d10ae96cd8846c81f

SHA1
233702bfbebfab400b53f6e99a8523ae441c8189

SHA256
3b89c426df4cd5fe24ee451ae7cbe30df3a229b17c5d2dd2086567188f178b2c

SHA512
c3474dee3468555468d8d7a4ac110221cb3bb41e1b6603666c1ab7b52a88913550c83a4c947b7e5c0b00037dc64df724b7a6dca1715da4ed736f206b9833e1ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b81cfc14fc2347fa09c938c09a7945d7

SHA1
9ef97473c508a670519c73a9ead409487b583c0a

SHA256
218e960d182e452938d08eea01d3e71c3e73ef24da8b52b246ae51e2c2ab23bc

SHA512
d4cc353e0632bd075a0fc676ab55f806c60c8e5556e63f1b5039a7ce31f8bc21e275611ae459c51f865f50894a9477003fe0d3f535b27046d8a1dfec966c1605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37a3321d61243e4faa3a3ac35bfd0bd1

SHA1
0399f1d0f0232d247dcd77a0957796fcc5591d94

SHA256
f6e87d8aef0d867851bee3eb4e93b7dfec11f80cb20ed11ce16fa297b169ffcd

SHA512
7915b57d1e0bbca249c547d03b72bbc42bc5f21c711cfaf85fd9ff4af9413888b62e1ab7e6811506e024ad55232dbbfdeea4a0b244853321ba4f5e8bb2dc43f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2674.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26D7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit