338bfaddf1d4fa610941f4afe24a5f16789af450ac421a107504f59f809607b9

Analysis

max time kernel
149s
max time network
148s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 08:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e435e2266fe879941c0cb721d03ee3e_JaffaCakes118.html
Size

130KB
MD5

2e435e2266fe879941c0cb721d03ee3e
SHA1

23452a6ae58ee0852d99014744d63b90c7946c22
SHA256

338bfaddf1d4fa610941f4afe24a5f16789af450ac421a107504f59f809607b9
SHA512

7db9ad1d1fb3a6804ac392c2e92045205be3add65eb77269bafe872f82b0cfb6d99e854cbfc345896aba14640db703ae1554e5d80b38a9cfd134b5a9b54f9e22
SSDEEP

1536:SuAxASLQJEAyyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SuSASRnyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421492198"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B99B5C61-0EA8-11EF-A4DC-6EC9990C2B7A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1888	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1888	iexplore.exe
1888	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e435e2266fe879941c0cb721d03ee3e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
10c3b374d6e7b6cf36f54c8ce9f89a80

SHA1
e515c5afab0c83034f7337723c77bddb5a6d90d4

SHA256
6a37dc86139cedf2cb1aa81ef00e8f020efeaa80416abbcdaeab23a9cc82750c

SHA512
984a0363edacc8692fc641b98c40d2e61cf7221bb49cace08d0e6610318dcf6cc23b1485df8e4686399b302e2d23703ecc4119f624d78597abe53a5b59bc76c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f06f764d02d78309e3604bd589dab36

SHA1
5900b5c2c3bf3f0375ce17eb1065d77c628d0923

SHA256
6a957fc67fca71b46767b73630ddb36d77f5a0144568f4139c7ef25e7341b2db

SHA512
e422b89cb3903641f708cc7b974a95f58d07b270ca1aade818b47e2f60f59638f11f1a1fc6fbcdedabae2fd5b6eb742a86a5bf362baef36eb3c2f2629e8b3a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d0e8fd6401cbf5f102f5916ae3e8c19

SHA1
e7ce242ac8ec2726e6500c1e2a319346d9fe8127

SHA256
6843dbb73ac5cc43ca820548a35ff1009679439177413b8f03d0d352c39033c8

SHA512
705f9ba6150ea281fda905a414bd86f22ec9a99cde435cc7f579795abbf0d22e2d2bbc779d8503a5a55fbd2614f624447a151c35a6a588edd3a4d813a40f2669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2f3c1e995adbad219f684d0e3df82bd

SHA1
ce60b960a4a6c23b3cee4b6676b2c33b00dcd13c

SHA256
5f1cab9b90ca02f40c65687fd1ed54822c70818ce154db917770b088f4dc8413

SHA512
6eded6e98833bb917d8cd6cc4bfe9faf0bcf29c2a690f1686d9e10b0401dd1c7bb98cb22cf720f2b72d2b4410f8ea2891392c8decdd2c7b97e9d76ea38f9f713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3481f5df0cce88e13e869078675eee2b

SHA1
7c4cc6308f636fbbaa824ff95b922b548fc0d757

SHA256
2234da5935affbd5e74116d96a90f5eac4b62f9c120414845df50ca11d553353

SHA512
02cc20a980903d718c5ad8eaeb9c000b51fac0c1faf44beb4676c87cc671df902884b85f3deda2101d060eecc6ce35c9afc6c38bcbcdd179a64df56688a62250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a37a661a26757fcd12110935c9fb31b2

SHA1
a055949acf731efc8dc28392b06927971199b8ad

SHA256
123339b5358061659c8e299d365ffce359989778511409323d1bc5b18fc9f58f

SHA512
c7cd69296fd494898c90e703cbe295ad66b1f2614ce463f86be66cc7bd044e1865a50ab2aa8ce6af2aa6391a7b9d7a4c17a067b5a86d6f72b55e6a3797a197c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
843be9c5c71a3b48e6788c75fefc46d7

SHA1
fef4b63cb7687a7abedad657d77f46e98d01547f

SHA256
45a8ef91244b7db06e37da732c8c2286db45a9ddcbca200bd0a7f426c232ef06

SHA512
06111fa7b9654b99f09fdc59bce702ba47134f427abba48506bde2ce74563250200ea01c6effdbb0f36e17288ec4d62dd604e2d6d58839500905d8549f3df27f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b5ab1350a12bcfe413794291484c31b

SHA1
f056bd075f7c198a84693dde50c2c52cca0efe13

SHA256
4d6b24d18ba3741f298496d1a8016faeb9abcf1f588ff0c23c70e4526e665547

SHA512
f8e3ecb626f7a44776ad42e0ae0bff8d3098b4fcd58291b710a04ca1c8e51785d32f8e99868fdfb1a0c96bb9e549935cf162d4573bb71f8962cff8fe9522bfaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7468adc3195b0be7031607873fff3e03

SHA1
3cfa21902993499dcc45b3667571b0e3b9347c10

SHA256
815a94abcb61f8ed1d20ddaab7c36ba35401648a5386b61bb94868ec065c9da5

SHA512
e263717ef1d458a75736e16c9887bf50a90eea5ce41f2a0de5da8a38c28fdb1c0c5ad9cd14ebe4ad09b4f812c06e65b2ada3b7c7504a1628764a054e53fb5708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0ad0a23b493ddc18604ebd4dcaf095d

SHA1
8e9dd64e67d1e00a37b17fa5fbf87b5d19ddd047

SHA256
e7c25065dbaefce47e458d8bebedd48dbedd89d20274741836f79632232fe785

SHA512
c1ad190d6816338a1430fe77ab1eccc52d6c07dda1b9b9e4dc3a107bb2ada15b6253c2f432d0cb6c5f4123235a5a1183c699c7c5de325885b4f7e73ec6b5e699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0438c36f8636aa42563be7737edc9fa9

SHA1
36be54b921a44109c8efef7d56da6c1fc6550682

SHA256
b85f3e66af93df099b412ecc1010d2f8ac50a852893cc650d8d1f3ccc24a939e

SHA512
bc70e26c62827e4c29fa1aaa9e85284b140b418a4be75d836d158d82c92277c26d4f74366eedbe9655edc33bfc7c75f453212bb05e98e004d436b37ce806f2fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab117E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1191.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar131D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit