8bf800b6c8b5384228e1e505d877bc91002280e17078cfa7a0916a26d8935ac3

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 11:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2eed4b0cb5439b4d3518220f33c61760_JaffaCakes118.html
Size

213KB
MD5

2eed4b0cb5439b4d3518220f33c61760
SHA1

13664dd463ee8bedbdcd6ff17d1c7925e2eb4f19
SHA256

8bf800b6c8b5384228e1e505d877bc91002280e17078cfa7a0916a26d8935ac3
SHA512

a9f270670f6bca72ab683217d90aafe116d6af441ee816ac28c769cb5d42e6ea9a76039b4947d264e1c9ad935ba5ebb00b2c7a6ce5fb3c66aefa7cf945f87fac
SSDEEP

3072:SyyuB2WwOKIyfkMY+BES09JXAnyrZalI+YQ:Sy6tFsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421503027"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F03AC8A1-0EC1-11EF-87AA-FA8378BF1C4A} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1976	iexplore.exe
1976	iexplore.exe
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2936	1976	iexplore.exe	28
PID 1976 wrote to memory of 2936	1976	iexplore.exe	28
PID 1976 wrote to memory of 2936	1976	iexplore.exe	28
PID 1976 wrote to memory of 2936	1976	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2eed4b0cb5439b4d3518220f33c61760_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83d58867493b0bd20aba6107d1aa8e72

SHA1
c0dd310cb808aa9c72bc45b450b4f00b3f53dac4

SHA256
387f2616ee8c9c1e123fc656cd77fac7ada4a3b353195b8cfac7fc6e9a74f6d1

SHA512
a38639c80e52564c1af6caa394a24f6a7ce511a6f06c35ceda5e13f4fd8151247794d62f27956cf3dd4d765f8ab2326fffacf0d3757d7a950b9b8fa95587ff3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4877470ed48cf90c9d90737b894f1530

SHA1
08ff586fb33c4a01c1a4644db42c4db22d2d2f2e

SHA256
2d1b0665bde40b2882aedce1bd7412f1d744a6edb90785af30641ad6ce409143

SHA512
2473a6d10d50708c7d550e1a7ef6f9c63ed59eb938d8347768497daf1f4c0a89486143bb68ab06691a03e5fd9d692f6dbcb9d54d500aa402ebe8e11ff46471d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8072b0b7684e013204df4ff2fd187a5c

SHA1
0d8f7576675d2ad57a78ecc244a66034c5b4f2c6

SHA256
54a44225a8480b711802f235dd005e8b08815cc418a183eaa1e987fe16d675a8

SHA512
88ddc1206271bec21604d68863994686255541ea86a51265839528c6773c0934a576257cc3fd604276391a544b3c0506839e464e0c371bce45f0731ffe0968a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdadf47ba5a0ccc07dd3607065c5af00

SHA1
2ddccb69b368867a35af9eb0fb7c33686d767188

SHA256
d93e7577144839dbf513e9307db0ad5e1115b9a6da4d02f4548945b3451bbd4b

SHA512
6dfa75b2caf94c4cbb441adaca15f5800f1ff0db7f3a3d138e83ab94f60245b8092f791d60a893098ba0b541e6ccca80a882f26729bd7c4dba5493199c13af92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c5205fbc44ee31dd22e65078d97cc72

SHA1
d55f751cef2deda458d47ba03958ac342200bd13

SHA256
1d9a54976e148c7bb3a44c44922f17913cf2dafd9e1ae5f482d5b775cf3dc1c3

SHA512
cdee920702ccbff602d2482313e890c37923c3d46a5ad391522405f4c45e5f2502a8e3e0c481c122a69d40430ea70c585629c0cb804c3c110daa40da13115489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf57f6dbb12c0167490531e9051b4c14

SHA1
f36aaee8e63388e6c294e4cec5bc7b1175f303a1

SHA256
9d1ceaebcf08ab3877fd9f7230a8e2101972a1defda948b387cc0ce23837c204

SHA512
a39687c43e504471c195a985ea83123d6d73eecb69a055a672a1715ff83a46de20c9b82a92e62606381679ea1ade1542f3297dd3f9e98d6fcae3d1a7fb64724c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a512a659ee0e22e3352b24bd14cb78fd

SHA1
f4e15b00ef79c7d5653079e253ab3c5266d0d3ae

SHA256
0f1036cc55b9fb1b0352b3d7e2407a19847ca559233cf71a157235ba3cc325fa

SHA512
c1d5ace60b94cfe433b9c1dd9fe999ac6955476e531d08edce569e1a5091d9650bafcdf174ca76607ea2c62d5f10e64e5e45d95d1149fd51d9ecaf2e536b6017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c51e6cddce2a89022facc7ec993822de

SHA1
8c356612711299a0c8b131ff2371824b4ce416b5

SHA256
05e99de61f5dc3bd76c69203e8f72dc465dcf2cdc20323780a35ddaaf6ff463b

SHA512
9854b5687cd33f7dd886a04ad905da44a1311231cd03e7c812a4dd91c7fa41f1b812db52c22f3e5aa00c835ba2fbd015cf575e39f3e72361adb9c3e77368ecfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
949eb1260aad1fea38d462987ec9856a

SHA1
af45d7c1cc400cb2c8f1d5b657e26b1d4214cd49

SHA256
fa2ee859f9a4fc62fb1d31af263d6d3ac21b89942d17fd7516b7cdd72146e267

SHA512
12b7b46c36bb05fcb2f582ebf87742662e870581a9986e5000d8d256146822cdf77abfb6251a0f422c999e17b7e0da29d30ab0f3a1b7b6d6e57755db6f36abf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d40bbb8e108d1bd3eaa89fa5ee9ab40

SHA1
a3798560968f194815fbc9cf058ab8d6c2d1616c

SHA256
a066d9f12b0b93357776bcc4f98024ff8d0aac78c1ea5e82b78befb72d8247ac

SHA512
2662c3fc4db0969bd06d1cb203fa0b5ff7209a12b9477fd870f532216876084f916775894489343fdc297ba6517e077d8d50282608a8344edf90bfcbed051aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00488c5df61c23ea45cf0974d0765d24

SHA1
0bc08b4e7808b2f2eb1fb1c54277d2d15cc74da3

SHA256
cb65f2fff85875bc8820a2aa7bc3602a1cff71f3753e972525708d72cd7cb3da

SHA512
59c9b01b765d4c8b0b1f690e810c5ec686ae445c89c2a64fe90f6cc7ac6ce4729b6697f474bc793b9f941445337d272a21ee5049908aba7e762a2f47474ea956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa344ba3678d55ea8bce2548915379aa

SHA1
f1decdd1165bc1eb3dd1dbba12f0beb27bf03cda

SHA256
b82e0e1cb3748d3dd597df12db6f93252d75058813bd0b7d25167785cae7603f

SHA512
313fab7ff273eb15027aa2ec9284d37a74fdc961c0b8736f4a2667826273394425f2e9c321c4ec56d1b4625631b768c7f75919d8d124f4ac76e72aa7fadc579c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
706e6221ec1a6f1ef28b13255b948670

SHA1
2b87205a665b234f0d1a39aaa2df5f4714168ec4

SHA256
f565ba820edee7ab4394141b1929c4bd373e061d108d349a66b1b8053bf1e354

SHA512
405d9ee83a8db29202f5a253b8b7cb764210fabd9c203a4e10410b6fe12dfd54c6a9a8d0f1d7f366747cfecb6c50793fff228af3a2d9ddbf0cbb628a12ddf748

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04d4162ea397a7140ecc5a3b67542079

SHA1
d3118ce4d084fa42b2452beaeec2b33511b925ac

SHA256
026947d9c33105f2a3e2b68cb0e42af2eeac99f6bbb86b501fea03936bb7309e

SHA512
f2ad46a54cf64e132bef6aaf96f6747b7df576cc8e304f63b5aea01c6276fb91dc9a4da2dc9726a9dd9b8aed7a54af3d87b7e1cc69c9a9e363e8685d8704b8c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
398e8d6bd18184a55a10688360524887

SHA1
79873b0ce0931030505c3551432032c7e22c4b95

SHA256
52bf9cecb3253a9a28345ca16e383af8588a00c6eab920e5f7789e726aebeae2

SHA512
ed1523e971d52ac069d38e1e65a0f39f541bf4c9e4917fc3a4053facd91acd8cb64d416c398e2f389e6082cf4ab80621db140aeec3f5d7eb5cc54d3e3ed95dc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c27bcaed841d952daf85dfe7decbe96

SHA1
ce360aac4a513d8ef782d986e675986e0b3aa659

SHA256
3611bd695ba7358bee7b4216929f5ec66f11290b8f45e8dd86ff0ed05c3808f3

SHA512
dfc2ab4f992b8f77e9013e0dbd934d610433b52ff41f67f6fbc2bbb6bfe089503068e19acc7c91c697a83706c097ea066aee742ba32d49fbf7df110ae735b184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9b4d813a7203f7dad997f4f9294b991

SHA1
0363179939a077c3e8b40b7ae399fa80e2ea24a0

SHA256
40402e64519d178e4d614b205d2aafdb9578616431a2eefdf9a8f651a68c423e

SHA512
d8743484f294e901dbd77c99d55bcc830aa1c86a9f6e47e0df4e39303c7b9a3ea2da76e7c0df91bba5b6b64de820d4002ac2ea4a7725165da79d09fc92f97cad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b9d6adec336d5ab227157137d9c6f11

SHA1
3614f48b2a5d5b2a383cb763fc6d4af13639bda1

SHA256
4c9ed6d59b93d9a1f82fd8352e8e0c3a9e965337f96ad90e3e2902a0984aa2d3

SHA512
2a06ed6c423c0e4214a0ad6c005889a7ef0c6d39214dcbfe94581b7b0a97d8d8727a21551a9475ad4d2ac1cb55702e300025bf6c2ebf76602e4b1ce1a8f7d261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ef6740dfc8b3e8f17d18dac0f2ce03d

SHA1
c1aa53a3e71fe0ae62d1b750cd0064df302c3c97

SHA256
a41b8c8119202d901dfd2f7a2336d6d06f4c588afe1f2549f213ff803e6af76e

SHA512
5f8a7dd70d0f6157b48d8da601c37533d29668dc19c5cb932e7b3dec866dcbbfb3c857de2578d0d6bc5f9a1f855d65ea4427601affa2ebc39428b9e365b35dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C68.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D4A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit