20e54677a116d63f6238b794bad6df99b91cdc0288fc2a539158b2936a88d066

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e94f3ca66ec208222374664b99fe931_JaffaCakes118.html
Size

391KB
MD5

2e94f3ca66ec208222374664b99fe931
SHA1

0d726cd24c8c5f6da1a6103b7d92d5271ecec094
SHA256

20e54677a116d63f6238b794bad6df99b91cdc0288fc2a539158b2936a88d066
SHA512

b013362077bbf87ad0f938149bcd83fe5f1ce2338610a86d92f335fbd1e1f42abb6d43dbc9d3dca4f6e877b7cf400eefa431ecf91ae1623d0735e2399c9ad3d0
SSDEEP

12288:ypz0U5ApGAckijPEqLthybgeDVAcHCWyLAkcFGup3+SrG0O8WeFBGkcr:TrI8WeFBe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54E969E1-0EB4-11EF-BD6B-4E7248FDA7F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421497184"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2068	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2068	iexplore.exe
2068	iexplore.exe
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2604	2068	iexplore.exe	28
PID 2068 wrote to memory of 2604	2068	iexplore.exe	28
PID 2068 wrote to memory of 2604	2068	iexplore.exe	28
PID 2068 wrote to memory of 2604	2068	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e94f3ca66ec208222374664b99fe931_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
fca8af0dc8436b9952fdf961f8c7f401

SHA1
ac194f887a84a4538985ece94daf59cea48fe65b

SHA256
477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9

SHA512
ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4640538c2ad1967d7374de2861e0ea6f

SHA1
9654c81d63c060df3bb9fec293bae768d6d09a93

SHA256
29304d4508338b38fe65cdececaef76bda98ca742a01c671a9e2e02b0263e9bd

SHA512
bfa2e0f8298d3116e602e192fec01fc13f2f2f68d472b718c1b9029297943d206e113e7f60206bd5bc1c559ecf57040f895f7ad1216c5b19921f78f22e67ec67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
5e795ca2a94a85460ecc4ff11771da90

SHA1
15132e0c967f08cebbb950c4e9d020918323b899

SHA256
e6d61b4184792054fc73c7d68d53b61dad83c838c247b0d3343252dfc0f66622

SHA512
aea0b67c898a5d68ee6dc39e8d585c310be12f5f91d9055cd4413fd72776e74120f8f2905461910d4e082483e65ca05e63a41f94e68566690601b7861d42ea3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0010fa9a977a28cc87d12d44ed1159a8

SHA1
e7bf86a5ce476df5924f163f1eebf0d4bef19101

SHA256
90f24f08335ac29f7d8140df9995174a8abac2bf5e269170f641c79570f9a69d

SHA512
1120706f7ee67b0ac0bdef766961f37ff2c2c8931cdefec46f77afbb180c4d3ab678235549c7ef17f41268579ed8c6babbd2d760e9ecd11a47f04ada27d9b943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86e08c247b5e744820b6533d6007c70c

SHA1
b07630f350c4118c425155c234fcd5818b688a85

SHA256
1f94d974300bc113bc34182936a324e89e466bf363ec887ef32c0ca3d750ba77

SHA512
76eba6e8b5fe996de20203bc56ca1247f4c162100e22c61b5c398603ddf01c6848238e2d3a85465f89d190b55f2c7fa0e53c52d018e3f50ca24e7e9eea97ba20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eeac525ab8b9b614cc8d27891e283c41

SHA1
33990dc96c8d49a5a1c1690ace455d7d43b0d622

SHA256
1e49199cecbddc88c8d8819d4c94673574f6715c885703d759f1d167f03ed53f

SHA512
798b9f498c0d77d3ee849ff8d492e65a6a6594fc721ae859de03c399139f9433976c2ecf2ffb6ff1ae136e036e8ac4eda50a5e3ce35993ab4db37622653e044e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0ad8a014e45b15200c06ecc9a3926b7

SHA1
be07a72c6e5a3abfd45146ea0489ad1882126b0b

SHA256
e828f1a97cb3f6a88e4d804f94a84a642ee800d9002669bb68ef92d70146b3ec

SHA512
681056c81d4ab72ea1b5aa9f5bd6fea52f5a9eb0b6f2431144a983e6ba8b092e90788e4954d05ff9713ee78f8d265a09bdf6561128b2a2394c0336ed5ff3316f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b7680efa81c8bbcdc2fec169a0d3282

SHA1
817e39dace1b4962f292ddb18ad5fb9d1a21dd50

SHA256
db5cf8f02ff702acaaa84fd8d038619b04a80de4280c64a2bcd330ff57ca2e00

SHA512
a7146e57294afc556a28f5566fcdf4a71bc1c69c39c4215e4f7508fe5f01e2151993af2a335cb512e1f023a97652c5e8bdd4c4d5ae6d7f1a70496a62412c7af9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f8d309876df6243408cba40ff84f60d

SHA1
ef390f9a0af2251272ea25a5c7374a58538de0b3

SHA256
73a72f298603aa52f13247548ed17cf3d8cedc7d944537540f7ae4fae86805f9

SHA512
74c0eab09ec733d86249097b4070ad3b5fdee8673b54409f4609a533954e5bc9a853507d074249254e994d459a0ee6e77bf5c903bc1b2ef9fd4f3543367cb0f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6680268dda02031e5f204470010f6461

SHA1
d48f8168399f4b0fca93bfa6ee0ae5464d524ca8

SHA256
aee30028038aeab297f98eee7a84009fe497b3ebff36f99554d619508cced63a

SHA512
2592e7a06aed55798ea2f60f6ecb75633919ce1fb5967d23d5875e09e6e0b8590cd9157b029f24b54d08737d272454f7ba53b70a61dc53b96ad410288de072a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28725d022d7f130d56ff6b670ccecee7

SHA1
08380e15a09098cde15b46359efe86a58d6573e7

SHA256
3a792df5389a19adda5b038e4cae5215066146e30cdc8b2ec508d01b0ae54b8e

SHA512
0f373d4dc7014bff910d2b1cf617221b8f461a3e87677776cfb61a05005990d28de4f8b5d03d243f98ebb3641d3891f08033cbd00107f35cde20847922fc7185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c379f9950c745d95fbe52615156485c

SHA1
7805624ffa53411010deea6539cd6f0bc24c2f55

SHA256
4a23683943b2ffaf9be6de71ef5840b185dc532ba88f7b5b09cb9aaf857457a2

SHA512
4dc781e97f8c7069eedc93afee09dc95e6928908d1f5934dbf215f7106a5975347f459612ea76165f56167919507ed454ac250fcc6c1d6be963f39e59ba1fee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9f252b276fa6c5a93cff2518bff1a25

SHA1
82918144ea299d23026b49964f69529627f2cccf

SHA256
ebcb9b55ba2cb5c9aa26715d7bc03a71a16162f332cef6ee1161aa58d1174812

SHA512
6bcfa4e44f76a0ff70a933d1a07fab07911246b0cbdbabb15ee09d63b9f877b7eeb92f95ff1c94056fb4b6f0f3889f8badfa8ba445e7488b81af2ac8e2be7424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
afc97f4ebc5e65cea913d572611d0ceb

SHA1
405b0568ea692d76294b72a017463dfdd74c2f9c

SHA256
54f33510ecbeb93ddcd667daf3c61324a8470bb9e592c9f3beb05a780a98561f

SHA512
4c3b5ef0f4c159e3130452322c4201230df2e720ac9132c2b8c07051bc8b913b2a7d357952d2e8265d8fb2ae9fadf0e54f239b976a0dcac7dc4d9355ae501c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab15A3.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15F4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit