fdcd0365b2f6c788ff4c22f0485cd2f08d8e4dbf72f5bc6d38bdcfc0a2d2487f

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29554046fbad509edda1af1e32b07061_JaffaCakes118.html
Size

213KB
MD5

29554046fbad509edda1af1e32b07061
SHA1

8d531341dae4117017d7368a6ae41031e40e0a63
SHA256

fdcd0365b2f6c788ff4c22f0485cd2f08d8e4dbf72f5bc6d38bdcfc0a2d2487f
SHA512

653bb2895ca44479fc567f70cd014898affe8bdcca56e189f2d280d5ee06478eb97ad62ba21b99b20c7508bd4f0407c85ab233be7f88805718a59e51ca1202a7
SSDEEP

3072:S7JT5i5iagn0UKyfkMY+BES09JXAnyrZalI+YQ:SFTvnvsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421408898"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6F365F1-0DE6-11EF-BAEF-F2F7F00EEB0D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1616	iexplore.exe
1616	iexplore.exe
2068	IEXPLORE.EXE
2068	IEXPLORE.EXE
2068	IEXPLORE.EXE
2068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 2068	1616	iexplore.exe	28
PID 1616 wrote to memory of 2068	1616	iexplore.exe	28
PID 1616 wrote to memory of 2068	1616	iexplore.exe	28
PID 1616 wrote to memory of 2068	1616	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\29554046fbad509edda1af1e32b07061_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c796f82189fec9dcdfedc66c2e175164

SHA1
e9b8e8abbc5d77ca21dc6001c74c445ee75aeb90

SHA256
a4174e0759b2e6c8626d47ea58682ce515377c5dc9cb0d7d6f557e8ec3ffab30

SHA512
244b96e5d8a05fecd22b334c2e4031695247668292fbc4b2edc61b1b172175b114fec701472f67f25b17201d3c73c8e390be724a4d7e3fc166a81be09da72d1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93aa5a09707bf85499f971e04afe17ef

SHA1
576829e8470090fc901252b3dc62a1c042f96343

SHA256
d0751acffd6ce858fa77ec353523b75afc4d9a4082db624cd704c9fa6f27effe

SHA512
0ab6947ae26f0c8f965605e79d3a424ebcd4524a7002065c85854312a3f96d9a0b6d2a773375a5cb9e431c6bce144691fcf85123ed8349cfab3b0aece9d8d331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef31be9970b61aa6f09132bc74d26e70

SHA1
d962f94a76d2e1f38ceaceb0269c0c2a1e46c92d

SHA256
94555b363d2ead75251a94bf160436b41c66c6c47fe303aa53c0748bc2338b8d

SHA512
e58db75fafda822adcd779a30b6b5294a9238321bb002d5457736092fd568c8141ce4e06c7581435590b0c7edbaaf41fe5654d94c528a89e01b456d7ae2cacd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfef222a90753a034c7073c5785c8d9e

SHA1
d5baf182d9d5fe9a72dd5f495667d97a0a9cdc8a

SHA256
4761ee3a165b605a21dc2c8712628e60e45e64e3fd93de7814af0c33dd110796

SHA512
41640c23d01a4e76878aa5264d616f541f297297206eed0ac8890d8da19f36c162f281fe57b5f0433696bf1a4e418b8f7a997cc3c817cb181dc3c528bf034940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57984c63c4917c7f8a14f51cb9efb719

SHA1
bfee63fb1798147988173d59cb9dd43024a945a2

SHA256
a3e77b922c48bddf88310c77fa9c9b868be94920e72120ca81f24cba0fbd880a

SHA512
849b0248a84c9ce52800e67643887bf943e70196cddb0ae4399fc0407507f05a78da095df07b11ff8cd0f831ec1e9d936072c41b7e9ab53c957cd2d6a9c3756e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
196166a9a83c9cd04c9e20e76484276e

SHA1
d4b4428cf7cc3b6e4a2c2ff68f35193f26617564

SHA256
c45d4f209112b59c2fa502a14a72ecc87d7bc1fc0bcf6b82fdd6bb661d5186d3

SHA512
afcc15f7217af3fedf37ec00c4dfc83559aea0ab1833f9b03114237e12b9106c02e80e6a94c1ba9a7168be4b426b301e4c549b139a1823f85af9b6563fac519b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b440ecfc3c32ef92b830771b4a7534f

SHA1
203d2c84a968f787f16e92d6e8c74455ddc0628d

SHA256
d58791e27c992f763294d2ad71ac6000d84c35019bfc23f686b52ff7f50479f6

SHA512
e5d2b724f10ae11ef254d352ca9264b1be215dd6ffe017943bc59c5c526b6b8a6d594dfc46c6200e6ad7cf7bf31c86ea5553054928c4a2c0d3a3809e0ce129b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4b7e061b4d371615752f49802d3ee3a

SHA1
c5650f16a8227e421d05d8e9ee2c8ac9c4fdd01d

SHA256
cae6723bb94364fc81e145f49492a46fcfde26f4119a8e5e46a918ac1427d984

SHA512
fba8c15f0a525ff8fba4186e525e7c59226b23e62515561bddc053dbd1ec857ccebf265a8b09ff84979871c23f38d095d528fbf4480eaec4387146625c389328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76adf2915995d787c44f708f319745c1

SHA1
6253fc9e3c6ed0645f045dd935cc5ba1c52c5f8e

SHA256
69c54e9cfb1474c80b86fb576fb0424fe2425f118f4c6990baf8e87647274652

SHA512
7eb5aa97500a9bb5d81f56177d8146bb82cba550f974b8b10822921f837e70c00ff8f2e39c04ebe8431cd7e2c2946170b8808011adaeb26836d01f3a1a2dcc34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f78c547749e7922c6550ffbe028f2f56

SHA1
1dc97137a7557e9f9d7d2b3fc79e8caf5c34293b

SHA256
b90f6216e4d4dbb158466cd3230fdfe5fb8b16f82c5223cb474860e9477eb660

SHA512
67a44a25e507a16b866b37686cda067bfefbcb2db5862bcce9c3b4aecf06c1e83b917966817cd3aaf1bdd6f998da72fcffb130ec7457983c059d69a08d2bd5be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4771194b0900671ae1629c8e9408fcf8

SHA1
57a77a55e30e5029d71b145299fe90f063bfbe37

SHA256
60c5866d7c66f37698d636e37f92541eab9353c687fda44ee93571bfd3efcd0c

SHA512
865f6f9a2e3c8ecc9fc9f5a757a61061f52dc4d82085755d0ba3d153c97b200d74fa4e15218eb4a1051d39c7e103e9de661e8f3bb6403bc22587cf2968bc3fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5193b71e9c0fbf4de8ed820d48b51518

SHA1
c42522dfc69343d9555dd433ac66f7553fd1c74d

SHA256
713fc77c7a773960b7e25ecb1986b4a1c3fd4c2530fe7c5526691faf000ed6fa

SHA512
030657e40dd44919ec3c32561b044be8c7f84f898d1251b812afd343cfea42f26ac0cc068d6648abec7ae34cc66966ac00d92d7e36b8e85e08e918b99882d63d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48f5bf1d59867f78cef9d2b7b8404df8

SHA1
031ad85e52d466c5bb03ba62d2592f42ed6b6e67

SHA256
aef5d02f23b3d0da8464a190241c43344c1cd5eb442e3b5b42ec56786ac8c663

SHA512
5e572dc4311a1028e94f226c9f906a32a20910477b9e2b6bb950bad374660c25bfe69e4558daf5ef4fd04bcc443f56600cf0203225081ab53a9a39bfa7d9df6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdb3821270ff00bec03dbab91a7c389c

SHA1
974b0bd936bd549aa97c29fc8b886f19f9860200

SHA256
8f826374a1ea4872e62cf90213da2c863b88fa87da3df25042e8d64e82772fa9

SHA512
ee93252bf2c87920768b1ee5c873b259e2befbfe4af3a9b0e778260565ace20222588d495c6f35243892ceda4f167a711aea3e39d8e2b9610c6f2e378518d782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6efee3072387fe5f1d4db484f4fe20f9

SHA1
33e53c53ee84b6ca70f04d610ed938972adff46a

SHA256
788b7077a711c9ae9396ff7019db4624e5c44fb779f32c5da1e376b327f57030

SHA512
83805253a210094dd48005200361e996dc804c1fad55bcf45036c16ad6f2db8d50a617037ec84bfedc2161d2bd6f937b363d00f5164b799191e6b2b958c180b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9f42dd3ebce9dd82524125b50975e05

SHA1
555f6d845ed6de86b5fd3d10d57d149807c1f689

SHA256
b3863381026cf6e7eb9daa2ae1fb35a6babfd09b5726b9cf5ee7d8e5813b7b19

SHA512
04146c4e210907551fab1708620bd4e10a89989702f3cc8c3c21a94860f2823cf0de6f47477a749858f3011acf2b651e2e01555c1a984aef7cd542f80d52f5e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28d1802ad156ab15aa3fcb2623a1557d

SHA1
27d9fa208ff2667242973c943d4d9de71b28404a

SHA256
ecb41a3ee0c3d563fd93100af752fa62b14793503b9594a38117fbceaa4ad432

SHA512
2db9c6ab028f6a394fbc8e8089467fa47f91795928966cb3b5d8fd18cb5a051d3a0067bb70e7b7f91bf289ba0ecb6d6428ebb9ed51d2e13c1252b504aa5c561b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e08d2022920107aceb644b5ca0bda57

SHA1
de23c0689f8c48516495dc51b4b5a96e03e18053

SHA256
5303961beb813b96ed992c005a61323f93fb980ae517cbb892af8f7437447dd1

SHA512
91c4881f6e99fa37d6284dbf81a0d43bba5715d86df8835c26b4669490b0f613de5b62aaf31cab64c89ccbe027f7dd13c3801fc10cf2d5f68b0d0a1269288e94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dad650de0d50b5b246267d28a921d84

SHA1
f9b65ad78d668e43ccae9ba0f37c91e50e99d369

SHA256
db290dc0d5393a44d8d0c2e439ea2b96dc7f49408c5baeb0fc6d39f377d72b0e

SHA512
33c90c8c5aec39aac39088b9b7237545b66dbc807b09a05e43bd64da3359697442b8c9e1e7ef7cb374f6ddf08adc95721949a265a3d377f7aa4c09633120977c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab169E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16FF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit