c5f428c6334a86dbf88eab3e72c843f82d01e96a4c4c8fc66f10a021011b7044

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e02844bb79b6a6109c979c34e76e78c_JaffaCakes118.html
Size

377KB
MD5

2e02844bb79b6a6109c979c34e76e78c
SHA1

b01a67a038e76d58387875cbfd5faea78193f605
SHA256

c5f428c6334a86dbf88eab3e72c843f82d01e96a4c4c8fc66f10a021011b7044
SHA512

8cd5905c74ef5d349899cb9625f4b3375fc09a96f64c4c652e3ec0143a0951a68379f464fcec6b358aa600e2b48a8c2c7578f01b82d1cb75d1f2e93694b0f10b
SSDEEP

6144:YsMYod+X3oI+YqvnThnSRBsMYod+X3oI+YW:m5d+X3gvThwN5d+X3c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421487883"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADAAF2D1-0E9E-11EF-9EA5-C6F68EB94A83} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2700	iexplore.exe
2700	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e02844bb79b6a6109c979c34e76e78c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
268eecd1e29d8ec534fdfdce046788f2

SHA1
b8495a28289c6e801a17a45c718175a4354c6230

SHA256
882061b7e675e50c306158f0978a357f64d8d8263f6475f1d834f85e75395990

SHA512
5651134f57d86ed05e999617cef892b66aa91a2d4a672f9ad9893e1738202f257ccd7e52f22f446de63ac5bfe21034490551db520d23afb853c46e1f3e954279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5750859a8e296f9bf2d7811b820c7914

SHA1
6b1190f0c8d4cdfe667dd0910ad6a37051e54638

SHA256
9082c9b70105170ffc3d6f5ff103944b14435c53687a9a8b199127f6eba7b886

SHA512
0a6a6c738f66417a54078367ee9480c95debc4de02429636f020af4bbc689912cc9a04c1d9e40b0e9f1672b5206fc9511468c837ef7884fa4e12723a07120146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35eeb862d905103cbfdd52f2c449b3c6

SHA1
342b7cf86af5054d4a246ae732794de45973d961

SHA256
c0b71fad76252f63e58714b2235dd2279ffdf975ddf38812e773802970fb7e14

SHA512
b37b21f37f5765dcce049774f1a15f1de779f0d8e300cfed40387803559b8463e38c9e661e608ec5d710f170976e92b521f0ddee014066772b5ac377e6ed332e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aeab2fdc19b9f65e8ee59a2523c1a605

SHA1
5d33faa7f499607bea4fcccd7af0adb0cbb54fc1

SHA256
48f51b9928c239ebd31f87b48e0986f8315085c6e81a1a4cef698876e474c588

SHA512
f8046f2f3d6ba1260301bf93b67af329230eec9ca9f8a830344f3017968edee408d0d11e4201b9cb4161a4b415b7cbc6a68f7afbe5247553aac459e35f9ab75b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
263461faa43f539b1b4edb8418135eaf

SHA1
b980cbf3f50da61a646b7642cb7df47c9dacb1ec

SHA256
f1c594a1114e5f64181558eeae161f3161eaadf21f777b4925796f1a276f4608

SHA512
482f3aaa9ef18d1da1530f837387589a91b2e999c56536ffaa0c04be4a12daf854b59350d30cb95ee2b21719c20df43015a9f2cf971a6df264b6723d6aaef239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d31602478b84ad613febe3b0cf893c5

SHA1
1600f0db902e2f9b27054cc9b170b758f1018e0e

SHA256
adb30dd4cd9f02137f483c2f3c9b00c6f195fbc0d807b90d3ea8d3c5877bb655

SHA512
d846661dffbadfde28b268e0562dcef228d2da0bdf198dd04400229ae6edc22ad2c97359d1f8b54be897db85551fae88025d57bb9bd3bb6d949e00ca83caf82f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4cb69613b99a5ed1f437e8ee8c00952

SHA1
f0ef81faf0e14dab8779813f9b72f44c1ebb9ad9

SHA256
fd3a371d99d76554cd64245c33d369fa299828ddf462a058139e2ffc5f482e6c

SHA512
9002ad730f2adf744126074380c25557794418cc202ca8025ddf094e4f6b4f757530b9af9552b68c7c11adcaae2f67b1c9c513fd798bc8377989181b1f9011ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f058e10b545d305e85e483839f577d2

SHA1
b6001ab1757c1636a7691f3b5dbc3d501551ced5

SHA256
fe4ce1aaa2834e74cbd9727707c3dd91c1d317c0b1881795ce0fb695c7e8d355

SHA512
7bfa6088c45dcc4066ef25e41681be7681bab64f7760eaa69c72931b2f627d96a026fb7672e701dc85ceb9df63786852d4c7be620687898a952e71b36d53adb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
566b9714e6cc10227f8bd25beca8876f

SHA1
38837e3402e753b23e3118342ba891055baf30f3

SHA256
fcf9b56d56228e066c055219169a92c91a4bc108542e14e5a45a8e031a8f4597

SHA512
fcc9fd80a48c55b111f10a0c36c8065a6877a12acc84d924fce315adc5ade218b3cd70c63ca9f62a37686fa56603a01e9960a517ea05afb62ecca5105764e69a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cf01d493c329ad9d200145b735317de

SHA1
8e1fdb6fb57c0cf78cc9fde1922acbd1652199c5

SHA256
d0acf428ad0d67c3cf250e9c43883c256e15d5cd616bbdc7f4c5207e90ef2a48

SHA512
46d7861f69eb134b46b3a0952b9458cec0b5fcaf0d48899a73067d1260d1664b7389466a322ca7c8ae6b7b5cfd3ba287aed7b31afb6a9d517d1f7c63becfe081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4245de01dca6695985a0ec3fa994eeeb

SHA1
82462d18d4170751b9d295bc5ed9bae905522338

SHA256
46280f7790726deb251f8b67a10871e2d06a6b684c6892287745f0ab319ab7ce

SHA512
66e08f59c9be3d1a45143e205938653c02ed79d5c53bc2dd5ae603e5d1478344530a81cf8d87deb61185c7b9475040d9d46db660b8e1d729cb568f2db7720730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3a4b85c3ea90218daa38c946bbf815d

SHA1
c7c6d71ae264821183d090a80b2611f8ff0b0373

SHA256
f42cde8ef9f9b492d7d72696eae8728d3f03ad6ddc47834506b8984ca8b2e602

SHA512
c68110cf1d1600ea54f7d035393dfccd66bf465c2f67880bc9304568160635bc18226ecb86719e5fdfd94abb4f4d9847a970e9ebde98aa94a61d725df85fdf3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b83d7a2c9d3ffeb9116c63358bce995

SHA1
0909d84284d65043f294a69e53e769c70a7d132a

SHA256
150ef2247fa026eff9c90330377cbb48e955645ae905c187c2b6bea7af908799

SHA512
1023a6295174c2930a2ca13a972f744176dd014204abeb0b9693295d5901c4e45de2b49d9416c05844a7ffa5ce373f31d459d17a2223a233cd79e0db1f9d7409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58d996996784a0e0eb3510e074958b79

SHA1
6b829fa37401a4baac273bd2800e4533923780da

SHA256
b1bb6e76091c87a979a3a9563c98d271f5b9ee5c9fd8e991514e4173df9e7b39

SHA512
985813f8ec6e445132d25e8c2f021a231928e2680fa0a3d45f4f9b947c6d5b0e6a88e88452d14d17e92c2f0cf29a9f8a75f029583065d49402d5f130abb0d9dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8486f21b3d1e2d342a8ed251130f58a

SHA1
8619d01eba069e63f3fe8ca2df13a1b0cf1cbde1

SHA256
a731859b361ddb38ed4713a790c49104585b0fde7a7d1b6d1fc5b929aba5d0fe

SHA512
887fc255001837642ec30998413c091c19b92db134d4fd1c6ff92b07cba2b21c4badae44aa1af73944ec507838e283a950ecef2bee1ff93c9a3415e8ec5b598c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d601b9c7f7ffac8a62d396cfe89ada7e

SHA1
875d980fd2285ee37569dfbd1eeff0c8883a9742

SHA256
5c6c22c0a001f6ce385b0552b32a349383ef89f392c54bcba512ce3f6ee9bb69

SHA512
024e8a147d7ed09e2c74a87b6760c43eb8f3c1b0ce3af29078ace6f2460c51ebee26eb843a271b8c7fc80e86ea1d33b55d33c164b716dc0c0f174ad015564f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b98cff02830adab4ddec8d07f391911

SHA1
1bb40d8080890ad216a24e366ba26b432da1521b

SHA256
4df36c1d56dbb338882d57fa945de8fadc45c014d41e4b561084f573de880c6a

SHA512
f45d59195155c7620bf2f697d97cb8a03383e778155d4a616e4b5142eff6f57d7bda5bc26efa8600554a9a787f27c24ae33340ce30f9484b85c077b69ac0d55e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9c8089d9c3e4110ddbba7437471c67a

SHA1
f60897a5ebd08227e9e9424ecdf6004ea0261a50

SHA256
2e14f516b478699eafafde182ddb5d2d9b68e49486bf399909b92e2e3c0eef6b

SHA512
5b870b093f3063b914444733df6e5136357d620cdc5120928a78d588dbe9c0b99678e0ee523ba0eab497b44a5286a86defeec7712bda74c1e8e3ba44979e386f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AB.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit