0b5e014f17ad934a2c715c47e565f2911ac4b5f05531d40ac91a47562c8a1421

Analysis

max time kernel
136s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b507f890942e54a6e05e1051b3e2a47_JaffaCakes118.html
Size

48KB
MD5

2b507f890942e54a6e05e1051b3e2a47
SHA1

948ddb208c6173acb05cc1a43b65129cab540299
SHA256

0b5e014f17ad934a2c715c47e565f2911ac4b5f05531d40ac91a47562c8a1421
SHA512

bb4fc4896e7ea1062a06fef72b9e620a155f92f8ac38383e23a020fea2807900b16b902dbfc811fcd7fcf049fb7313d9d9952b93d597bbd75fa9cdde0b6a6392
SSDEEP

1536:644OxRMad9Gs6KJ8W8+eV+ef+eU+eP+eG+eZu/SL88BG9yOwsGBnDCSO:xxRMad9B8vdSRsrBLdBIyzsGBnDCSO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C65F491-0E32-11EF-B937-729E5AF85804} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421441361"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1720	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1720	iexplore.exe
1720	iexplore.exe
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2640	1720	iexplore.exe	28
PID 1720 wrote to memory of 2640	1720	iexplore.exe	28
PID 1720 wrote to memory of 2640	1720	iexplore.exe	28
PID 1720 wrote to memory of 2640	1720	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2b507f890942e54a6e05e1051b3e2a47_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1fd98bd44c6fae66c097a7c6927352ff

SHA1
06cb5a932e69722de192ad80f448a7657e2f1aa1

SHA256
d549079472459bcd4157c9c0177447864d574a39a8713453fd47697dd307c889

SHA512
b7b4d20bac642166204e6e0e95d8d24ccf1295bd69843d23b1770aeb709768f6459ac3d404bf2b0de6679a5f4b3f0d785c302306485fc023e2d321a153825c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d42d15ff500860ecc054ac83fa252da0

SHA1
2a1848b010b54edb2964d83b0644cd9aca96c34b

SHA256
91ea15ab66fa83fa25605d4ad941d430b9201bc8a69901ccd0086229b776482d

SHA512
1eba9bc20d8f68d51d56c2467baba86dd9a78eddac4271a91fe8e23e854b138f9c7f0bc31d1780cab6bc541f2d631f80b537b179d1443eaaebe933081a1ab26a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37a883e537bba4205632714f1adbc91b

SHA1
769ffcca3af7ac863b6c99fb6c59333a1baaef2f

SHA256
97581ea00783ec4fb2152eabcb7185e718e971f1706486c73c2c824cafdd9bab

SHA512
a67665819e1cedfd54967b37ce6f4500425891d808dc7523eeda864e14d860ace9c33c2b1105e07cc31e3a29d99924812338e4bf98c50803e013a0a2cc8986f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dcdaa5fe9d839ea523f3d06b7145807

SHA1
75b8bd4d0116ebb86bd2613122d3690a08e03c6f

SHA256
8103aeb0be2ac9e65bc6b0c0d71a97ab1562938fb7b88ab1ba000ec69e417124

SHA512
9a6f76869037e3854384166771395d64b77e68b138b71eae61f2de33382256b7c6b57c9c11f07e664f4fd1fbe7aa8e6d7c8ff4880a793d5628b785f8936053d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dbde873d8915e9295d3864aed4953f3

SHA1
c596375cbba655c3c5667d53021b5739cb1f85ea

SHA256
fb1d93d97dd2b3609f16c185b7c9c2593503102eb746cdf8d7ead64a918faaef

SHA512
b0fc98e427a125950b9322938f0ebc15911b416c435d5f6b144266aed8db106a6f5263268234dabfec84c607344f1548fa2ba664de8e9c80dbe6b549cf28cc73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73e1b3d0fc41874d2c53f55b5c3a2cf3

SHA1
36d5b23c6229356b45e6048554ba8e71b02a3429

SHA256
6d69a8d4886ef736b4e7d453e5e35ccc5fe80f25c7edf1506e97deb9893f5f6e

SHA512
3c508a85acc873e8e4760ca39ec68284fdc705b34a265586a80392a6bd4a19c2b98c6f36d16b1134713931d7323b2b9d188d19e0efbbf544ee2e7bdffbd3d84c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
036eecc02a830f6dfcea5af1757823ad

SHA1
87e6fcc7cbf8c1cbda14495bfc9d310f92f42670

SHA256
ee5cce28b1476fa16a9ce62e5ae9f262440145ba76f43174cacebd357b6b2bbc

SHA512
bb8cac4f3f4755ff17b02ec16b4f9ca66acb3cf398ec3bcb8cb2f83020e0e79d90666aced8fe2dba2ebbc8e6b0e189546206565560202b73bc9ccb667cf4e5a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dab0f7a1617a7cb125b34d9d20a20fa

SHA1
be092e3fbb696e67b30d23825f44daa279b8ff7b

SHA256
299d4c510bb2072492807cc7416ce200dd0c472243b2fa55949d81c89e02d3b8

SHA512
e329f70198493fcb474e0266d21ae26fe6448b1ce198607616e633e10a37396112a76c5a683db455afaa5f85739b3c3719073fd0a7f6a920dbe8e6b02bb1fbff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82e1ca30b0dbaecbe65afc80c0b2b5fa

SHA1
ec8292afb5d788c7850698ef7457344b3f9b7a8e

SHA256
f76567ee05d01e2a79788445bab13041cc2a50af49da81950573cfdfaeb857bb

SHA512
4d2f9789770176a127463a3f7c44e3b428f7cdc504c5651b3f3f3318270a8e776665e96d9ef30b87deb32c8c565e974818cf6bfdb24c96a212fc92f813c43517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f51a56ad55b9aab940736b3e0b284e17

SHA1
e562133d3bdda6ddff5b1ab1e828f0f2156ceadc

SHA256
6433276a69bcf8dd6eb63bc6c431f337fbde067bfd6422fa73ca60a3e2f799d5

SHA512
b1bcf0585921fc99eeabb797e81206d161724c240b8d519254ee50e8a8d51993f43cc23c264a5bcf160fd87c53d93a44007c0684a7166508a7fc809b6d51eca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb0862d1c81e0075fe7ba1695ce485d3

SHA1
6efba3dc8a2db5af9a4c199c02b202bdaec27e73

SHA256
1732963dabb78062bf1ffffa1e386d475f4fd556fded49a7ce0d30e36ddca0fc

SHA512
732ec8a9f6229d0ecb2178eb433a8a13bf818463761ca937613df80baf3dbf6439b520e0f4c62d4e099a3c4303745b93e873db4eabd229645620a28be46b6a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1dc4a25916a9f05db35b50d4073b858

SHA1
2cb22a6a6ea84008d3b5498e8d075d10a42c0f0b

SHA256
dfb1667b9391f41218968930b864460f4ac0574986bd85272febfd8d8851206a

SHA512
50739958eebf717781cc2f3e911152bc4360e98937a86afc3247e335f83ed8db69b01bc43e5bf358db7b6cc2ffa55b19ed693686bbb2b1217a1d6f3f2d4f83b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a461e679d66c57433238f6ca1d52065

SHA1
5b3e9c4069bc8663a4f6cb0e1a68af437b4278c9

SHA256
068f5249812037fb2640d24dd8538f14f6fec7d0530aaa22e20bce7f9843579b

SHA512
8abff95497d2ce846ee64c01d2eed5571c534ee6ebf96377946ba1692617dd8fb9dd2a0674485a3a3279a70a831082592c2819ff181c5c318934057692d49e37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81a291a463da86a28ab54fde9b4dc04a

SHA1
45a9bfec60ccd2b0cba6bb7be1577312757c7c9e

SHA256
83f73ef74c134bf1829244f0c0583133fab40e47f4cff51652d49e8242bda251

SHA512
7e7aa5d450e4a3f51ff6ae88eab6ee21338e60cb06ca96c01ef1742f0acf3f47dbe484b08bdf8c3e4921ee21e41ee6d9648bb835de223635b6b6a0408d8c78b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
376dd16226129c87a494b7e2c66d7894

SHA1
fb78dc838a10363fc4b485245d9029aa47f6f569

SHA256
641f0b95118484592128173d533e6adeb768fba717a80b9dfd00e59b35fc048c

SHA512
b6f593bce6c1bc18e974c51bb57290f0380f0bb9b88b0aeb8becf876d86be8a372bbaab0bb12fb725a5ae0858b93d0e2dd89565a2a3e2228f59861e62dab5837

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae4ae12db896414a0b810b323715e2d3

SHA1
1d9cdb4016d607d64e4977eb6f9835caa9a35195

SHA256
a70e6d4ebb2b8826174982dc1eefd576a316cc1fe9d3968de0cd622ca7f49a92

SHA512
3053f20809b9e380376503f11fa30ab9dc7654512a5d8cd018300a7b7495dc2eeede031dbba120e283c044eb75eb3d3533733296e9b679f721627d3ce2d07d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df77e60ab8b6bf1573c1da79d24b1443

SHA1
5949ad764c0610a9cd3e92cc30145344add4fb36

SHA256
49e773b2bfdbf16d1957487572d74dc98b26d3cd015bc1e46d728bd3b2677294

SHA512
76f77925be0aa632397134591b33e33f15a9861d505660bd8a9029636ff65a27d49a78ddfcb7125f588d9ccbfa0722e5e96875aca4083593067d3324b2538164

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6f38a8262684b80b4cf3ddeb24f02dd1

SHA1
74bfb9fc6d3b95186c59a084aa352eec991dd2c4

SHA256
4be67bbbd560651e02f8280df621a17324976b0da5104d9659f3ca82864a10ba

SHA512
afe06ec324963005e93a804a3f7e21e83807b8785dfc32f6e88cc04cff1665b2fa39675b4ac1db8fa5551e6e7722850de4ce0211d5d8742aed742456bc87109d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF7F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFC3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit