84920af14b9cd681c19ac2e2f63ddd54d79512511b14fde7e721de80c16e793d

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3205dacc343c1085f6a41d46d5aa552c_JaffaCakes118.html
Size

65KB
MD5

3205dacc343c1085f6a41d46d5aa552c
SHA1

0557183918330a80fd077d241ff380e09147bbac
SHA256

84920af14b9cd681c19ac2e2f63ddd54d79512511b14fde7e721de80c16e793d
SHA512

7e3ca89d0e90f018e824004bd337392dfa899f5f8a696d32d1b7553208f0c79892cdacfb7b85c26dbb5356c6696e4c6158a1e9342ee2d5ce74ee24d5974b769f
SSDEEP

1536:mofR9rTJjI9bpzxxryx7pxO5x6EWE++eHedJxaemedBo8e6edkcreuedWc3eXedT:PfR9rTJh410oW4qzVHecxY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44CA03E1-0F35-11EF-BA3C-D684AC6A5058} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421552560"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1276	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1276	iexplore.exe
1276	iexplore.exe
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 3048	1276	iexplore.exe	28
PID 1276 wrote to memory of 3048	1276	iexplore.exe	28
PID 1276 wrote to memory of 3048	1276	iexplore.exe	28
PID 1276 wrote to memory of 3048	1276	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3205dacc343c1085f6a41d46d5aa552c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d6781db79963ce003f31cc8fe58c97e

SHA1
8fde914ca294877fa7703bb1f407deb28b101e77

SHA256
0edb704e340ccae7bc93dfd4a02723cdcff2c18998bac526152f69b5eb1a8e6d

SHA512
07bdf63c05e2dd4ee75faba009f1fe453bd1203028b425a96197a6709334bbd5751c34b3aea5f0dd6182d4792e89f70c5d262431a19ef5ea793d55834c60d114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4317d0da0bbc56e8a189d7ad30a6d7e6

SHA1
ee99f2128c333292fcdab62f2522b1af1c664b3e

SHA256
5f0df9c6db2bf855d165b94dcfa82f87f28aaf935dc8a2f01f1183f2ab7bcf14

SHA512
e6829b8c565a9863c6f543681b26c426b406076e110a2c644c5121a517ded174c15130797873509cb3e40569cfc6ed89699b4ae3fb58a06d4e5b5ce37f67718f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc7f03fb8b42bcf1b31e193eaf574d3e

SHA1
30861c80922dba40ebf4beb1f1c2545f2a17d35e

SHA256
14bf495dede770d2ee28470ed53695dd49574b7fca3f83fbfd571ecd719be6d2

SHA512
a6d0d35cb59c9e7eb438dfc004aa8036eba5791c0e6759016749549f42e2047b928fbb4880aa0395130e4ccc76ebec801b1706212d96d7d7cc5c3b5120d7e503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4ffb4b8a20ccc1106a68a4af50bba9f

SHA1
aa5fdd52703c05daa4da97da05802c008e1825d9

SHA256
6e5610aa0cc9a146603d8897158211bfb6d0b33a7c10235ea60aa35b0bf46bf7

SHA512
4acfa3ce03a5c9a994152f1c511819c81709c7ee09b039a70277dfa9312cc4e95e7050663cf0340ccacf62ce36554635d3cc6fc836f2c82e119e1362b10037b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b91f931563d2a68ada32d614692a7e7

SHA1
4203c5679a1762342c5d289cde95e119a2c8f0f6

SHA256
ad6f9956fd8bce0854e8430408898803f6ec328a6ea1ac741ef921dd2d53d516

SHA512
4b81b585500f1e30ccd1e68c21a702ba7cab1458f457abb25473e95f986366f29478cf2f5d082ca88977a1202460444f903e93d7aaac97e7fc8ceabb77c825f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd5fe2e1b30bcb6241f27c5a151a45f2

SHA1
cf56a727d648779c35af4bd80ad84a14c1459cee

SHA256
d7e764d7ef89bfbb1c3f17e8995eb02e8d7993d8f1d513688567bff9f9333d54

SHA512
f308cd3ff6ad8b87f73206c6421fc0a1a35cf03387597f0173d6647b5b25b48d2e7582d1103fecab57d3ca1f4743c0c9cd138f517347fbb6e8f578e9e44c6521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2c6598f4e1f3b6c8a83f63d9a093de1

SHA1
449d0e3bf0b2a85a17c3b7932b747c25325f594a

SHA256
5130ee190b4ed0e727161dd895ef43c181a705bb58dc54ee9fbe230a7d68a521

SHA512
c6857254382cb7e95300c97be18465bcb175d4bf4d4a3c4132673f76f8f245bdcf607f1b0cca7067f8f2351f782bf238e2b404ddd9167ccc41fde4a502cd47b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ccbfef87da13da095c0735ff35cf1f3

SHA1
26dcf45389fe1f8966ab73fe52e81feb0bf19ae7

SHA256
961d580f1219382029f3d33e9de266d074fcf96989858cacfcf8e4af01215871

SHA512
7a3e86ec4610486da88cf4aaf02be408d28f52d4407b88fc49d1a08e0d09669332813dde9611a338a2da264c535e0f5d7b5baee44da54ed1abbf4187b62061b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdd3c264a9672af9370750d543a0bdc0

SHA1
06607a2e96dd28be8f7d31a5ed4b461c4043d9f5

SHA256
6611e395eec2f2a2de79b839bc2a15650af50240e9674d8a78e3dff150fa7226

SHA512
e2462cfd1d00da5b3b18b83b90763845456a09ffdb2697ab9a74cfe2d467fd03bced1ddba28aa3ae9ce73f506ed053c92cb17cedcc1aac4dab490b319d0e70b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f4976d0d5717216c5c2b6fa09e0f8fa

SHA1
566999e99bb4f8920133ee51bbbecc456b6ac2e9

SHA256
d4b142a814e154327427b70918002929181ac142130c2d07d3a189ccd78218cb

SHA512
2f1503c64aafc3157da2e56439b8de1685cf8ef8f256862e2ea492ac305aae64a5424a1c0e3bdd87d4646fa2a15e20923aee92f1b92a2163db93aeaed7f543e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9efcb41384e6705865bec57854cae8f

SHA1
b7b5a38486ce634600ab0dd27b437de5c72cbf4e

SHA256
908629ea65a55295244eeb519921b6e9354694a3d429f891ee391c2cb64a29b5

SHA512
b08fc526cce55363f2d1e28c5b6623ce3c1d8aa566e3c95a4250f0cd0e1df346b2c33447e2a7de3a6385b1a37050dfbc9a441efd2ef62a664e763316b9ddd945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca38d52502b41d20000ddedbd57a8d06

SHA1
7189d762590d0991567a03f15c091733317625c9

SHA256
9388751aad9c3431a3057a3a46bd3112b8d73e11f1c93be844e73fd861ec069e

SHA512
334100696e82d29da844cb7caf02dc6b0dc81dc6ca75852d03a3c0c2b16e800b6b7a39b4548942ce602744fd3713488d1b04f694256839409067763e1346e8d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fc3ed13aac41e5cb777a633ea8f8d84

SHA1
660f683c1875cab376ca2a9e47f9b1b3717ec795

SHA256
88ca71b7ffe5e267d3eaf1dce5fb5530c1c2fbce71ff6891453ff74c6e164eab

SHA512
66ad3b04c82ea36b58997227539edbab03ac4fcdfcb4dc8b0afb47670816494526ab5400b91709f82e6024895ee0b5c894df045d37f15ffb5e3253c5956f8934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15093f2641467c2ed5a465f331994270

SHA1
da1eff78622aa25fb90cbf88c4dbf286920e9b3b

SHA256
55df461c8b6e39ca3892cef9a6ea32b81ec4651dcce294b40ead6d62cdf3d4b1

SHA512
16efb8397b70f65ebb065496efd1cb47e97a5fdd024a8e28d506b03a5fdf68c1e014b731da8113a976c5d0dcbdd0c345cd0e8695d4196228f22b05e30843de00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0c1841c3a33eea3ba661aa609a1f7d9

SHA1
067409957f72a3689e45ad5b6f3c89a0b8423c28

SHA256
7706980984abc454b19307a50e39206534a06cdf116311be8c159404974dda12

SHA512
21607c17efd0d38579fab852356cd058df3389b611f324663659944d377f53c29d03d687c51d795b57e4e9fe366e7c498bd59a68409fe4ed1b1e44aa2e794c27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fca72106483e34fa32343e0f844e0cbd

SHA1
c331c66336cc3cd4d06796757b3ba1fe76445bff

SHA256
74cb56c93dc3bcd58782b31254877e5067d0dcc203dd6e0f5dd5c35a76962f59

SHA512
c148412359557faaa08610cf70db5fa5bb8c08ef1cd48c189154694e0a384d33a613947d202b0e4771058d9f8c8e3705837a15c790120ef150388401fe7982d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ce2941635466fefe455caa6b6dcd93b

SHA1
af1d9129e80f8752bbcb662e634e5520465a6ca3

SHA256
2c16e58ff0b1db1d8767cf0dbe8cfd24f02330e6d394e86a5fd82022c4624c41

SHA512
f95c81a52c6400425eb0b2e3913e6bc420ac0141e8c095f6137c3c24e866ec798f263324e5eaa6a81dafa2d737547f3ce7b392a99004619b4d54c3b6775288a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7553dff3d21e4a811118d331497cf65

SHA1
b3c36957b0baa2f42816cab10ad07a3d7a0353f3

SHA256
254d509694f097ecaa1f6beb3d6f96b2afb4f3e96f5efa81fac5ef22e4a88d1f

SHA512
3f5e42fab29f72422e7955f598b12b79ac4d288e3cf512d082e99218cdbe7913a71774a2cb999bdfa7f007a049d9f596c9cd6c81f1acfe95e430a69f3bec1e36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0c1d35fb274d431ed91f84cd5f17a3b

SHA1
40481333a81e21c9bc57802225e076e03714c450

SHA256
2bafc460145384b472a32cd0aca6fff0fb8cead5f08948adb681f8803d3ee1c7

SHA512
42135ff9e64edd7f819cf6d32f5893559eee96de062e21beb891c317dc22d110348603b84716d25a95026915c76b80160bc8f2f2a2f176abf50bdc2eaa1378f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a561bafcd0657a6e8f18217c79ec14fe

SHA1
7b4e5e5001705b7067103c4a1972f67b31280caf

SHA256
8c72c7ccbad4fc217a3bbd851fb96c9a14c4c562265f33b793e8ce631e0be161

SHA512
be697e210ed9ad5c3c5ad0c66bce69ce78329c1d564008b98d712f69952eb6080dd809bdcfb089dca923f4126d4fc2a9d1c6665c6d06a02001a1fac4282a569f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17E4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1875.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit