06ce7a677113060aee762e748a274d24978936b55b39db8cae63dc9a8047696b

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30a68c3d31a335d639e90ad4a37a7ff1_JaffaCakes118.html
Size

29KB
MD5

30a68c3d31a335d639e90ad4a37a7ff1
SHA1

a2dc906be59d4ce33b979e777ddc56b9bace7841
SHA256

06ce7a677113060aee762e748a274d24978936b55b39db8cae63dc9a8047696b
SHA512

51a9934f1747b967faa16e2b209e08c1213c7940abc3f1023d49b0b006727e7e620928370bac7807cd6191392820c953f03cd3c2153c03939906b4ae6aa3e1f4
SSDEEP

768:zbiopE4xMple8JL7kGrjyCs4EELryU1qgNslk5YwT:zbiopE4xMpTL7kGrjyC5E0yeqSslk5YG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421530934"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAABA761-0F02-11EF-928E-6A2211F10352} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2068	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2068	iexplore.exe
2068	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2732	2068	iexplore.exe	28
PID 2068 wrote to memory of 2732	2068	iexplore.exe	28
PID 2068 wrote to memory of 2732	2068	iexplore.exe	28
PID 2068 wrote to memory of 2732	2068	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\30a68c3d31a335d639e90ad4a37a7ff1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf15850f9dfdd3c467ab5cd54656b92f

SHA1
abe99e290a8ddce0874c033b9130fed45280ba3c

SHA256
24a6bb5d0a4581fdae71e0a9f5f53b4ce0ed0b97120acef9ff55d4a41bfbab78

SHA512
8c1e9fbf4b75faab64ab96c7a3d708a27faf92a5136129b6c231e0e5f6e9adc51825003d529f27131711cf935e4ecd6488a23b03cb53c1726405febaa063300c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a74a5510713da9c86ca2e18bc3b24881

SHA1
98b97020e2fcd1300245cc1676fac470a74f0ec7

SHA256
606b6d7d2a830700d9f6211f5299b1dbe8b429215696d8c61ddf01b4815595cf

SHA512
3ab0622d22715ee1dc3c8c6c1d1c70966fb638a9dac34f2acd297ecaa59e56e91abd93672e370a3d097ba9890d2753a4073f11303059e489d48bc057b6ecbddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20b0eaef85f2e27b57c1e4c1ae82bb43

SHA1
7f2f4e28b291f600437ab20ae1c71cb927bebc2e

SHA256
51db421ba43df511fa32ccd03708a2e3906cbd4d1af6e45a5334e312356940df

SHA512
85b91453c95c094cbd110b4ee101bee3e23eef2971acde1a9c6dba6a7dd49ae0611e298db6460eecf667cfda9b86b2f15fcc87f6c28ea364bfc6978a6ccc327c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f827628391eb63e252ca5dc0814cfff

SHA1
b24e1f6dd88826f5b9d22b7d2b2e429f3096efd5

SHA256
1a8fd9279b9b8f0c57cd2658c5fa7a689e68dc5965a254b99efe5521be1b725d

SHA512
b5ca1a3b2473f2b0edb031f964941c49cf184d9d916b026153eb85874d7ee7c33355b144b3161faaf0dceee7af3a95620de03f52f2815a520c5587e8d6041415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f25cf686e6a2defb22bbc98551767dd0

SHA1
92aa02081bc6c1431a429a9cfc9a60b513dd5330

SHA256
13ae89ef832af718ae09d1cca0542c70259101796fa09d26856122d8fe00cf0b

SHA512
52ab49f3d49980527a0edb676e09426cbbe9b7a3ffd5866684dbb76f17011a02e3a5734aff93621523c99c7a17110308c6520de06ffc5efb959046596cd0e56c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93ae3468798f9e0a5229542dbf14e110

SHA1
e2f799a2c1d01566b43799f11f3d7b4dabf7b121

SHA256
51de92a1f9c359ce6a6e0d5c9ac60611e9e4e35ac37cd5fdc041519562e53033

SHA512
52a7d1ad5c4c573999bfc8d4ef1e8eac793de08e8b420eb5af0420809b4a4e31945034a368142ef76a801c4136e38f8363c9bd84cb5ad468e3141513eab171b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fbbf9fe0d1701e545d44429048e6684

SHA1
2599adb19d4d8781cd2410907aa8bf3680e430cd

SHA256
945b135e6f3b1d2526df2026e1fb3ba54a9a71719f0dc5aa5dd6990c9f6595dc

SHA512
fafe3256c75cb75b882f8726661f0ab8e2b273a6d27a82aa02302ee7e1222cd621ed8141b3b17d53a1ce85a76722c67cffae9bc85d7dad8b89f617d37f121fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d82d5f661e8e86108133a9a1c109ede

SHA1
fa05bcce7ba9cefb418db44cdab3d51f848b3d0c

SHA256
679c3e43da02e1ce5027e03769c2de5dba9077a5d12d7b97cfa79025b623e0a7

SHA512
ceb8114f7b29e8169b508cade8e1f58c3fbeb778fd4db1ecc491ad076bd1facaecfa340c36e83fe449ee3c6c716876bef60ebeaf824b56e24763df0d9f793825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c0a6df3f7976b26e7e9f88371c0b22d

SHA1
67b869bc2a6f876073c684cf47f3dc19c3a2a99f

SHA256
042f48c85e82bb1ce4585d38a5d3e0613b7377649e4b71786e3893e08c669f67

SHA512
7ab22048ee371eb2fb394ea5247bdae7dfdfcf02e2ba031776130e038854f2b6bd21a81a1e563bf2f083d97b109bca0c7528767526fd8314cbf74955b2154392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e2234222948da30e5501cb1f16edb27

SHA1
1c2265281b12ff6fe95e7d3167d6c26687c2a5b7

SHA256
474fa3090acca78a5dc62cf2d74b108d6d14c92987427f8930960d77c4b0a852

SHA512
e9e448cd04b232a998ad43ab1d68a5a71bf9bea3ba637041ad7a66191d610b9bdaaf824b25c3643d17fb11ed3791430a14cac45126ded3c368a110635385ab49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
110313d910167ecbe5e8f046e7102107

SHA1
272d2552515ac78e4fb5f997f5ac60fc36a58d08

SHA256
2fdccc2cd6e5a913e4e49da8dd9409eb21ecfa2365c41395b879e0f825080f23

SHA512
08d86b5e0b767af44289a493555da763f1fb74ca73ec39b1cda67291b2f97809fe0956909ee88fb9b80597a736dbc9d65d5397716c72154fb67d7e830dfdba1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22b475b57589a094485ecc312565219f

SHA1
5b24ecaf80903890e71b0a4c71e20640c6e2d098

SHA256
97e4221e1537095a3003b498a406f3abff46d98843c0989686a35ba6dc650e61

SHA512
7ecde018eebcb9812b050ce6cd9e927d235afbcdb1c6dfcffbdfb3fb09c83d2d67bd6ff1e5a8824f6519c656bcbc0e5ecaa68a2e76f10f6b0314852b58aa0957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dabe0f2509858104d1dd0a2d4292920

SHA1
99cc35d9da2c6d656ff5e26cfd73645bfccf7506

SHA256
38fd4bd2faa3770b88e8da511306903027bb42ffacd3811b0fa46e7ab90c95e5

SHA512
8dfc9a3931a985cf96d402cd439cfde8e267d41cd09a5cc8d9babbaa50d76fbf5e33ff5e9938d27092487ce993b9ecbeb78258d93a101d5040c46b0d87484f57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9ba5b0d8fab6cd48f8bca16687d6d45

SHA1
c0e211b0e68e3823f2129d323aa21d599bd71dda

SHA256
6161815d594254699badd317f5b55a10087371f4da8aa6df9fb2609e4bc26c40

SHA512
bea7f82e6643b6f5d85387c5b476dcc5b24b35b7091cbf0b297ca4f1b2f5f9b6b84adfea5986ff36920a84e714565983af21b8978d552b2953f832d01461f806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7effb7e758a7c725a304525fd1143fff

SHA1
2cd8ea21a0532e6eb8a7644d8ae039562c4f27f7

SHA256
5e568b81ef5126a7b54b034b422574855118071fd2b6be57cbc2b729f4b6a283

SHA512
5df214db8c4b9af07f32ffc6457865aec4038e0fa1163cf1c7edcd24dfe9b8241b79841702191a61d1f51b690d9b279ced3db3825219ffd740ae2021758c4985

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1b0e5bbe9da43abd6adb0150386d82c

SHA1
d01cfc33852cf7da7cb19f7f9be8446b2970073d

SHA256
8bc3597e9e01570da31d7aaabd4e1613ee2189b75b9533867bafe12748223f23

SHA512
b77b531e0650645badf617185ffd301496a48f25096bc2203962b3f54ea13c3fdc3208a12d57d1c21666146f675d513182a87ca7e76eca6e0192a4901a4b8056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf643ec5a572feac149499ec4dce6f41

SHA1
d1218763c9085f3ea0bea2ae7b464e2ce533d11b

SHA256
8b90dd854e5ee50536abbd0dafa71eebbedd6e336b7be75638e71eb49c5a5863

SHA512
b823cb2d8b75fd46aa8d78a421cdfc48e614fdae726494fe094f3d076657f7fc366ba8c47f6fb6b4fde8d6a00e83bccce3a5cdc9fe1d37525f8d984e346d995d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae74600ee742a97b269e354a41469685

SHA1
2de0166104994653399005c6b35d2d392f875a45

SHA256
f77904ed0082a6925909bad109879ace73a688d6c50316bbeae409b60a3f9f3e

SHA512
6a3bf8c644fcf96c7f5b7ce80fafb4bd17e51e3f5e13f75550bad6b139babe2647a31f4518651ade0406ef39b0984be23efd23281f3b9abc6ba5ac1a1605bdb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fa72090c293bcf7b316507cb6d46cbf

SHA1
cda2d91204493153f9a905d380778f3cd730c550

SHA256
1f215f988c8eb514a22d5781b04ef5bb33958cc9bcf7880c9ad85446332b3e0a

SHA512
ea923b93f3b1199ffc2da5e34dba6b6f90ef78a8f000360a5abfed5273048eb089f6fc53cd328f000278d7aace68c841a60256b24a036314d827482e1293dccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0230c9e5abd3a7e3a4f99da34111f7ba

SHA1
a7964bbe535d54b3e32dc974802804bf284624bf

SHA256
5ab0473de7c7150de21eae76ba082e7a91aeabceb8c85c2e5880725d90a97cc5

SHA512
dda43b3b507d01b1dc162c54754828cfc2a1f9ae1434cc4b76517f69d98de336c954c18545ec40cf9110039b7a1932ddb0b59bd74323b3043eeedcaa18b241cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df91faecc295206c9d19b0a42893338e

SHA1
48c7696472dfd3d23905ecba1b57b9908248480d

SHA256
4f2d910ff56b669253a90f243ce02335b8c50da98b85f750da0a031cd1c19832

SHA512
fc287e80a2fd3cd5c3c29f6bf3e6bab97c205fa00a26502a29f7ce9d14cf418f81ef5aa04320d400de9e2fd274109b2c97dcc5c7a9d527c648180f4f8c03a7d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1130e71fae45ead75aa7d136b5db421

SHA1
af4651ec2c25a88c4ae2b47d51bed18b05f88add

SHA256
7b5bd93d7bb43631e3321d89cfe299a49dfc39f490f1ec12fb7a7f63896d8f65

SHA512
76b6d467fd6aea5fa735e5025a169ea3af6672c69b393be0310d6623e3bf1632eb66185484fb185329cab84e301d2fa4db62ddde5d94efaebfa8e24dcacf6372

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2020.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2071.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit