442c0289eab6b6bbe2292c52ec2bc134a163238182f8a94545d8f3c31fecfd56

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30db88a90e097b270e5a2aee2239af53_JaffaCakes118.html
Size

1.4MB
MD5

30db88a90e097b270e5a2aee2239af53
SHA1

6ac3fe2d0678b53f976152e516cace16e6d8d2f4
SHA256

442c0289eab6b6bbe2292c52ec2bc134a163238182f8a94545d8f3c31fecfd56
SHA512

78e065822d0d7701be7e4942a8db6169442de99759e9ee094eae0d5a5350e6e149a9a23295df0a41d76c235122c6a2a1af563c88906d249a7863674e08f74e96
SSDEEP

12288:/GEK+aNM9yINRtv1nxaJpa8Rdqt2Zqg2seKb+S6AWAqmq:+EK+aNOhRtvlmpaYqIZqgsKauZq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0FE90611-0F0A-11EF-882F-5E44E0CFDD1C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421534004"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2788	2912	iexplore.exe	28
PID 2912 wrote to memory of 2788	2912	iexplore.exe	28
PID 2912 wrote to memory of 2788	2912	iexplore.exe	28
PID 2912 wrote to memory of 2788	2912	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\30db88a90e097b270e5a2aee2239af53_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f101b1ac199f7aad4f0bb39571286b51

SHA1
dd5e4bed336cbcfa8b7812b42fac8c25c4a9dd0d

SHA256
274e85406a84f80b541d591e153cfbe4c3cda737b0f6510277d43377911a836d

SHA512
75d11d14553475cea2371c812bfdae38857d2482f768222243f4b4825541ae881413640f93d2effa338d2a4db1d186afffa219b2aff008b4272419916443b124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9835cad6a60b0b8b8d6939c1eb946097

SHA1
4905ad31b4d6ad75e3dd153fd385648bc350419d

SHA256
d3eeacb1b13ac4ed44b26b16bc64ed14619ae867f7022e70b0366c3f7b18e773

SHA512
e8eff7b702034defe1b2ef9263757151b55648f257c25c4be537b5400ca8d3bab7d8e9f447fc9b09c03534e702e458b223261de1b023ef2b7202d6c61f3a23e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c021628a19efcf88561981abbdf80ad2

SHA1
1002c0888c5377bd3b0d783dc6bc20e0602223af

SHA256
c64af095b502489d15c9528ed324a45dc8f5e17d4a7c96ec50b3918735526dbe

SHA512
00860926dd67ac51f339aa7b21fd2fb34970dfbeae971a7628f6dcb6890dc9390f68cd5fb498e448311cb2cf3227c8e4b3da3f099db8065b240a673afb9f5a2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59bf33ad10490ca2e26f66667d8abe11

SHA1
16d0b135eb1792fbde4803f8d6bf8828df0f44e8

SHA256
b332d7d94e4994716d235d38665b4c93769685011310fb41ceb2f80058c0e99d

SHA512
285c29a11878fdfdae641dd10442b6a25bd58814a81474b346ebedf43d7ad4c51d41c312553e6023a7f052bd4802e5940ca9bc6f1e9612941fba0ed8b5c82c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adc39e1c22d509ae960166fca8f6f8dd

SHA1
44737b0829764dccc4b7fe0fcff59095ce873f87

SHA256
1f48e4c1702530526f633f3ae6063b0c64d1e657cedb4f90bf5a141e2e3eae3d

SHA512
0e98989e6d645ddb08a4c867df90216093e98d98787849205e944307e7b9d7ef1aff8b5897e4115cd6331f44a9cbd110a5434c48d32de7221a725fd8c8470afe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
117a3c49d3460aa611cf20d9e7e2cbce

SHA1
6eb7aaf0545f54381d5080397da04baf2349e655

SHA256
cee3a7f385800aac3f0aa85da2a7b00a344e1c69360ef61882fa2ed68513a602

SHA512
00303e4ffc1c2a98a367d7584954d2013087898f2308181f0183321d8f3c033fab4b3b8f3fff1a33189a27ebfd21385bb2cdeca89fdeaf5559dd93245b4de279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f9e08c44e0dfe6b2422282f6c18d104

SHA1
d4c22cfc7fea9cf4e0cb6d110232a976dff81ab8

SHA256
6f67e52418e26e01eb6467e9d7bde766ba91fd2ec37ef5477bb9de5609701143

SHA512
7d6eeef11f72dae991988d480fb4aace3e423b935eaa72e0dc53f8e5a5ea95796ecb96fc1769d2aa4ba54660e5fbb9fc3d9db6343e9fa0f675da0e4a04a7dfbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ca0e59ed6149a4e975438c8d0fb34df

SHA1
c5575a8639fabdc187d6dbe329b95fabaa8e2777

SHA256
9a00211fd70c0dd8a1da837ad22eee364e067552b08d11f4603a0d146eee7ed4

SHA512
2f0d0e0921725204e8951362fe77f935d101aa822f02077eee7e3066af99db044ab978d39cf541b01459fa27f37b074e3760329edd4609ae0ceab88797677916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ff012c543a151c23ef7bfc573771aa6

SHA1
20e8f84085126321dd9c145f7e3efebdb9a3fc8d

SHA256
118b6cea98f6329a296ecfd588e79e9303a08e78584abe1a90587c753ed14bcf

SHA512
e525c774fc1cbdd77c8bd9f87fc854980ed87343bcd5dceba82e988d8fa8ebf462af2c2a1d18914e812a1ea0975d60ffb6153d960fd15ccf81825cd0fc4c0140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7d3567d60217de2078e394dee2a721f

SHA1
e0e85854217a3e9c1b5b199cd8e9007574e7ff76

SHA256
59c1620d45d8e284f00836910d0d8c44800ce49fa7ebf7dc239805b2736ed231

SHA512
14bc0432a5dfc9c282e480d63a3dd764edb2b280bec592117de745fe05285834a8e6966d42990066ff290fff45be490d9a503384455bdaa879da05ce2bc0452c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e013e1aebd3f63f87429c8463994142

SHA1
023b5a5b5f557bd81294e4b7d6aee4ab83bc27e5

SHA256
59ce8b2a048ef872022fdb9ef6e79c6a87c168a27947f72347cc6b4f4e5f732e

SHA512
9d93a978ac8ace25d9796dbeeb198b202da29500cb74cc2fe22e303a06f90e6a44e7442a346ced2c0e70ba87cbfdd157e44a89f04e26526fd2ab87eb4d73f2f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
42275cbbd57f66322a937607608ed4b6

SHA1
14d9fa1da98d39499136937b1c917fb5d75687f7

SHA256
d8457d49b9752776f35edc46fbc3ac3e74f56ca4ba95df651522bb774b9c6486

SHA512
9c48f52f93e08a81af754dc864f4490fc90d48ea44aa0db2c7745732b51a914a2a40784ebaa1f58075fd57421d142995c950f042fc964363105704fa29f79224

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDFA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit