b9be76da19d434ca48e9fde863290a394fa49df9da921ed439e17dfc6a935be9

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2871bb052a2d7704e4900592d27ae485_JaffaCakes118.html
Size

155KB
MD5

2871bb052a2d7704e4900592d27ae485
SHA1

af829fb6bd14b9773e784988e7a2c932f6d52624
SHA256

b9be76da19d434ca48e9fde863290a394fa49df9da921ed439e17dfc6a935be9
SHA512

ed665031a8c3cbc6537d2bc0a1be8ca71f50a073b8bac3195ae876d303ea153f11ea91e96b9854da5897a1bcd6fabe12f5aa165f438cfaca70bf0f0d43716f1f
SSDEEP

1536:SryUV/ln40yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SryEXyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421393493"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E973A731-0DC2-11EF-AB01-4E87F544447C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28
PID 2056 wrote to memory of 2904	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2871bb052a2d7704e4900592d27ae485_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7e6fb9aa22efccbf2457f398a193915

SHA1
d6d6458412c91e4895a6cc562719fe3b6ad71daf

SHA256
a59b2731f619284a9cdb2dd08a81acc082169ea6b954cb7e54262d99963b4876

SHA512
b7d4e4477a9b1a6bea822d44216580d637abf9e546e416eb86b04dd9f9db58c26539ed65c1673b992dfa286a35bae6d87125157f9188ec66fb779c19ad1417ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
386936f10f140f2d83897e1ff2d3cdc6

SHA1
06938426011b3a4fd9303a59764f35760f5a8450

SHA256
dee296ed873845e4bdf8bfe21799124d9f48102070fb3c149e6931faf663d918

SHA512
572c233d1b08438ba3cf89432e590818c6db64396552f6d86753885d3edc45e2b511a36628ff47f49dcd64877fe8f41fd6ab325d81e0628e1e1897bb15a443bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01cf21143cd7334100ff72bbe2834ab2

SHA1
f8ab694b3c77263f8ec73d6052fbf601c1f9d960

SHA256
dd288adbe8f9ec9621f5e2c28407cd770f9576f9a634e660481e4642ffd08e3e

SHA512
01f5165c4fc9a62ddf60cebfeb08371c0ccbe324e9a97d04113bd4a21a034f6daa50212f237fd849706347b2a35b4ceacbb1e15fadc84537155bb091f67bfe11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de527c657eb983e2a9d053231a1f8ef0

SHA1
fd691da2f7bb6ea0e23eb961452b69dd691b6026

SHA256
32f8f8b8460f6b2d2df4169d58d9b26327d342a8f0f136920c0e218841c5646e

SHA512
f6160160eabd2a44bbd4551665aa1f28d718721198574e03d74d7b0650eb7fb68250596961eb25a769ef6696217709a1a10345da9bdd4ce23e28b530f30d6ba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdceed152994257aee8a8fd670c78c10

SHA1
f87bf96bc18e38b4e7b402e140e00503ec97f1c7

SHA256
5f280b0815457645901e4e2bbd246fe45ff4ff93850685b9f046fb8a0addc99f

SHA512
99984c46813aa93ffa499a58b1c0e627e1a8cfdba072f015e7649781f9eb354fb3a50289f3636f6810437a62b48ad9185dd8a75826cb3907aea3fdcb9f851f1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f789f3b9e31a1c8ac9565bf6420df6a0

SHA1
158fcbed920fe8af71d6e034007b376530f67456

SHA256
391a4228b1c20f3378591609cdfd4295d9c99f5e204105c13183eaffd7e845da

SHA512
74c32242a5125043ee6f37d19cef1e70322db04b798c8cf8b1652034e61ef780546d4f3a1f26d653ca8f7a527d1416419bbb591f478669d8bd500eeda5dd3411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
135f37fe944d25c0a9c02c9f7fcc14c1

SHA1
6ebb187d32ce6cd97f2ce5ca488f7a35a7475742

SHA256
76dec047aaf49c7726f7773ebbf2e5de8db448a97b6de1d900fc66dc1a3be88c

SHA512
f8a5394e242d1b062687c80888fefecd631e749eef22e055e7b71a529aaaa9d4987b2d9e0ae913c2f18642a63bdb215aebe671797e54027eae86333e0dc7307c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66543d6c700490e116092d7489d50cde

SHA1
7185ba8e1ff94885c19e0f9d5d979ab6e2946b0b

SHA256
29e959597af7ad7b578662f041f27217af074ac33c2ad3a95ec906d4569e8b46

SHA512
1de46dc314629d1fb82bffaf2e9221407899b65abb6e402fa664279860d35d73ae30002ccce14d5b4b406ad4481f348f9f05faf00edc144729ed6e1e05463bf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1dcc483b41b54072849600b3a04007e

SHA1
9050277572a32a7151a6649b30621faedfc9f900

SHA256
f673f1a98bdd4a167a581c4fb9588e0136327f1fa5745f8156f3da2e0096a3ed

SHA512
37c55f1a97d7a0275ede80a090d46fcb4cd99b146419b52c04595ebb15f84e1db450dea105f3c59b77a81c49dfc77804c10589517654c40335d742a411a40643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e75e111989e21e8e1ccc14ace185ab84

SHA1
cf01320b2de20ee54ac9331cb9aac77fd3fe6be7

SHA256
0b5fc7433c872b758ace4fdbc410dda382bf95defd6ef922bf0846a600047a59

SHA512
12fce4aead1ebd829770db37e264852bfa389ac8f45fbe40597aa3985a474420248d021cd59568c63c7dd945deea2ec969d448f872e777a8e1367ef3e2c28007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
477c02d1202cd6f82ed444b5c949fd14

SHA1
ca3ecd6a3e273cd7ae4cde6a41d1a22a3e994be4

SHA256
4812994bc96a8497f41551fa41d9cac88b3e21d7e9ef58eae697a33d50a8cf88

SHA512
5de3eaee32fa4e26028f2f4a4a66fbb077e296556be5641d3d672d831fb9d192b235584a043ec54ee75a74085324998bf8563a52d4bbbe8b2c58ff7e4b98159c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1a07ad2d3cd64ec17bb1e1282bc61a7

SHA1
e56aa3c2cad6921407a299998e8c6898deacf824

SHA256
f4c045a4ed80f144fe4f1a98b644f7ad3b0de7ccff10bf95cbc65dac25c3ce62

SHA512
039f82785fbc8934b85616f1b256b9747594b42c9abca87052a4a15f6a70240f1b4a2294d54508cd2bd9f78b59235e18412387995c46b3ad4a33b9ed69a9ca00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bf4487b301f4fce5a46558e4132c6a7

SHA1
ecc1273f230cf3d62bb1fa585503777d9f81d664

SHA256
4c1f82bc09d1dad22ec893903067510f51bbda08f108fc3528549993a083b198

SHA512
8334464eed07d67f42d36fb14880449822177969653060de723bd4a2d55f2a8e034189ac1f36a90a23bb52d9bfdaebd05ac8a4a6c88a8a71503a7583304746be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55b92d7811284f2c51d28562788576a9

SHA1
c1b313747f29a8cd00bd2dd7848674e4d0c8ebe9

SHA256
1b15857e0a6e5199101b1407d43ddc7cde50fa1225f8b55aa32fe78f4b8bcf90

SHA512
ecb823a0d1cc7bdc7e6f4d50051ac76eeb374fc29f6e51e0c6c13d54e55719ca5c7a2b43881081fc943b4bf9b7a82e19f1b8216688d48c63fa022a7950c56822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4282749b0a47c1e32d73f1ac09a9d9c1

SHA1
ce5724e169e6e51308cd8fe1cbb1261e9c6eea34

SHA256
67c99e33ad31234bfd6bc9a7ba165b2063514fc1eaeab8bd8c058241f71560c4

SHA512
38fce44406068eda1fa0d1820b5358a6a0f5c726b751344a54f55ceb0726dd64365cfaab3640320fdd7ae6b95e7a39d7198c17443d7aa838e7aa8a94c6146b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d340c23aac26260419f0bba129fa74d

SHA1
320b9c0a9ce370d8ce37260eb777130827b5a576

SHA256
026366bd69b2818521272c89a6b71ab5bb19624d984e0b602694caca0f75c84b

SHA512
fa58b3a3e29c84aabe1d2d1faf143c9121c2633f1fa8f26dda4e695e09db8a27b5b90c8b7826c8ec6c3d4b5ea5e3886136dca31526e07900759e66cb70543900

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0192d9610a012828a2e0a1f5d504fd7b

SHA1
50d9da95f24c608adadec0584969e12e0dd5ac7f

SHA256
459fc0afada1e14622a00ac560f4dbdd1fd897ef5b98143de38440e76208c752

SHA512
0bb1bfed50f77fec1bc535e347cd88f487b70a4afb299645f7a071924a206cbba8401b95442f273a0b94db828ff7af906defff81f7cda5d21dbb781c9a2f82d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab20CA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20CD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit