8b4d73b514c09e69ae318b9ec9f673cadc0f4d60297b20522cdd8b051d859e49

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

325ccbf34e825457a0f39245eda87859_JaffaCakes118.html
Size

220KB
MD5

325ccbf34e825457a0f39245eda87859
SHA1

aa41075d94069cec9b00a45e89a0890dcdbe9afb
SHA256

8b4d73b514c09e69ae318b9ec9f673cadc0f4d60297b20522cdd8b051d859e49
SHA512

7943c6d3fd38b40a8147c3dc7e69fbf14660df2183af3f7365383b46d18f329dfe1f8c5b523850218046ef67e6502f5dab50c28d2a8e6e83ed83dd68ad392ed7
SSDEEP

3072:SkiWJkcUVd6lyVflwEyfkMY+BES09JXAnyrZalI+YQ:SkaLhksMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21EE6B11-0F42-11EF-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421558086"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2100	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2100	iexplore.exe
2100	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2480	2100	iexplore.exe	28
PID 2100 wrote to memory of 2480	2100	iexplore.exe	28
PID 2100 wrote to memory of 2480	2100	iexplore.exe	28
PID 2100 wrote to memory of 2480	2100	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\325ccbf34e825457a0f39245eda87859_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd69d9d8da3c3b39fd7bcbf5b661560b

SHA1
3ff8b74100afaf2518fc2b63b87314a57d4a62bd

SHA256
dd9f889b9d08656c8304aa961f04280c31177325e0f5b0761d2516f8aeb62773

SHA512
62b0a0511ed8d69fbf58110bf0e17bbf82b1d950038fa60be5d2bf699ce90df3d63762263364e8298d992760bd4d763443844980527f66c98ee0b713968c59df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cc8c00ce0ce68c7e08e99f4f94ae4d2

SHA1
c30f338cb182fab4a4af7954e40b84b43ff72fcc

SHA256
005119f5d5971c4fae1d814bc66d93bdfaecc34f8bcf4044ad63b6ba234d55d0

SHA512
a0db75ff9a21807861947c246d129b180d5307ccc6981280c43583de582516e6785bdd3f176dfcca760fc6d5a31eaa1c69207ba9e8bef94bac2b5699e681fbdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc53e9fe952aeb7bfc55131a7b22203e

SHA1
f95b6f55216611eaaa3e3dbf0b3c1ef04e0edcf8

SHA256
a53840e2437d9b68c316fa7a45a5550c6cb7eca0e8ab141ffd412acd246647e8

SHA512
3284b9503d55ca539c6dbd6ccfdd72dcd19f44f9daa3f726b617d734eefbe7f2b4aee81ac8f5bb61825d855aa7507817a03873e0dcbd7a0735c38a11070dabab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee1c0f3c79f8b1f1f685ee90a8075725

SHA1
dc1b1e7434385390f89a2c449053daeb8c1084d7

SHA256
9e33b018eb5d25553801966a7ced944d30ad02d1ab111c0f0bb1362fd395340c

SHA512
4d9821ae42896f603e64ee4020e2e1ca20c7bc126b7f6e9c6ab365c77f68dd1a8d3456f09ddaeeb91f20062d9b396033077f283e8425d06dac8c03b201ee44c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2bb4534767bba4b1ed51f9d6ecb0866

SHA1
05e0b7aebecb0df33dfa3f95637799d055146ba8

SHA256
781568e002f6281059c49c51b6d028e0609d9d5b19ef994d75ffd6e9791b40f3

SHA512
4a1151de3499458150dabc5e9e36a8e9753958dee611bccceaef5e9eacf0bc1c573307bff60d007a088341a7c8ad460746edee4a5ba53af4eba8b52fcc4c4421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af8d07af8594fa1dda5aacc945f369f6

SHA1
81ce1c51ce5067c6d174650cdd6e691802bcd85e

SHA256
fbe8b897027f97edc668345b1dd5bc2aa249c554dc765cda705ecbd2845ac5b9

SHA512
0cda42174e5934249b581e9a887451b74144cf304f9a82341313e6ced58a35c84676442b5742e69071a5383be71013f357f0f0ea3f4d908adc358d69f6c13719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33e5cc32289e872bbaefff85da07fc87

SHA1
ca7a61b773419617fbbe471bfa6ec8c2d2b1e12c

SHA256
6a66cfaf724cbc6affd4c557b10cafab5ef7c5863b66b75e1d6cbf1ba0de3daf

SHA512
4d21854aa20e028cdce3aa1775b84861f397a43804a677a7ab50f27c7d36f9f05c49364357f849a118fca698d23512cf2c4d9410d6b39553f18be4eef13b9506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78a7077ae21254a465e2a834d4d6ed56

SHA1
a52d61c6bb0853be25ffd28a349bd0ac8c4b65ed

SHA256
401eadda963fa3b395fad62c87dd66da015312a0967f96b5a9038e1166e24a6b

SHA512
5285b0c7af3b0a74e0f1e1fe201f7067b5e0e86137be9553ec8398db76b7154ae1d673858cb9e14e4a9c241684ccb7aac4f9fca492a037b03872393ab5a5c5a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a97060adac18a1cc96e83ea2f8cfdbff

SHA1
f1ee793821d5c006f30ff8d02a47bb7c75933601

SHA256
693f02d19fb9ec91f8c021c298701c8ecd6d31ef15db21a7321754d8de2d8720

SHA512
8bc28a95c2309839a0918d838e9206d115ef787430f72669225810e58cd9472172717643568802877acc0af998ebf74afc0fe1a22339adea35ca4faa30fded26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef1fad74751cf67e18a3697c04cec643

SHA1
62c6297dc0f42b1cc6bc184f91ad15c6bd06f175

SHA256
043bed8bbd46de7cd0b3db6fb535bdaf50d75c6ee01296cda2c6e7a4518fe93f

SHA512
1f0de06406d4dad5b843f9a0e1042b62b71f45fd8e1cd9a917a14b2faa1f05174dc51f7f4fd209bb37b5712ad5d1283a41aa7cd62e59315c08e6356f1b0dfeb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0551956d2da5ca2b67dc21e8383834de

SHA1
93ed19dd480365caeab143a42dc18fe6e3eaa0a0

SHA256
efaad90ce09a374a60e5903f9ff91b9b5bc6e22b27ce61aae5dd7ced703a8a08

SHA512
c2801d0b83140d1e030c35fc7ef27d7aaab699bceb106b0f9e58a86a4062e0625c3348f2d132761ca051072a896ab8771e3da2435786ab12efedce8e12165655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5da5e6710bc51025f1e7834034e912f1

SHA1
4ab27584f6cd595cd0cac1171f5e87aaf1ea5f75

SHA256
e14de184fbe9427615aff63ea4041019acf8bde049d4a8d643c33d0b873c89dd

SHA512
d6db9bfe6e5d882f47d72f44a6be1d2e2892b54e477705181169597cdc96be9b8c4455a0d64126f1d8109ee5f126aeb0e52c33737247ad0c88bb5e4efa051848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69f83893890639f1e7731e0c350748a0

SHA1
c64fe1a6299d44e17697311aabbe9c1dcc51967b

SHA256
02cb6df04df427e80d5c0b483c6caf816dab9cc726ac86ec7339e7e2e2c5b07f

SHA512
536fb2b3797469b378f1da559d7700d302ca1eb307e34a07fc003f593c600acee907b0a15d3ec2ecc11b5c4536244351062963b7a5829bb55cfb2cfdf5d2e760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3017ce5eb362e56cb74ff5a92475ed8

SHA1
37d9ab23ee7f6e9e92dd33f9a6bc98d7e125ae67

SHA256
7d4c3131278ae001d1f8d3e8a45340dfe1e37b195cd703368953a0ab99a87285

SHA512
f400ec1abd064b97b6278fde748a060e4127333518f7e1e3e977a9eeee1682892ab8aaa6774dab5ed7dee828f4bdcd1ba7480c613771b3bcdea02c599fcff7b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03de2794048fd1bccf049414254e8813

SHA1
469197c668b74e63cd90a9c90f32e6f81e691491

SHA256
964406cc3433ef1691987c790ab468b30d5e631d3ae54962cf92ceec35e0b3f2

SHA512
e0904761a5cf7b33763bf0b9d1041a8ee9b7748a88fc7180d65f9abfa9089e947bedf72543ae6a26d19666d2e87f56bdc63c102d6c50f7ed21de8a4cb85f9ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
320bce20d4e9d174df9dbd4199bce8b6

SHA1
0c49626a655ce5e58b462cf8f5d07a595fc62f6c

SHA256
a46830bac8ed1de16795ab31637ffa91e8ee507a5f908fa49a537007c4ecdb11

SHA512
bd1e08b0d4175966b23332f4823102f90516a4bdb0cb4d1ce51480804d6fa9064965037c998c11b347bdee847c9dd0e8cfdee5d102a428ad0d267b22eab6448b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bec05c3485fafdd1fbcaf2efa3109de

SHA1
d1435906de44affa43b1e3f53badf93d4bef7eaf

SHA256
005f30b556b5f2e187b9f1e11bbd6469f1cc0c69cdb575593237521bbda69d45

SHA512
bbb97ff42914bcfcee257aa72e5d967b54b20a3900ce7a02c8c63637e6d468932c9ded4c67b8a4a35223ca7e13245efb64f945dfc52a673e3b5871818b19e896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2517c398131b3d09c65aa12720f48914

SHA1
e9b8ad316e9420c89151bd0c7c0607599a5526a8

SHA256
0c326ecbdd09f508cab0fc2a05451bfbea10ab9c9b497ce9ae02361f1432458e

SHA512
457625e34a93672d298b06d597a557ae1667b7619966d5347d2161c0d2cb9c6ac21fa4ada87ed18cc88a01cec61614eec8968f0fa8faa22bcd894dfdc0c7891f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa5065865ba3a6f6829417ee49d68bc9

SHA1
6da7cbf285a792a7e86f54b759a953f885235c95

SHA256
ff933244edcf1f6405a74b21bcd5ffb897858e3025febca9c00dda82092cb342

SHA512
42074395a63a660d2dbfafd420b21252cb818d14902390fe914097daa094389b9e409159a85e57e4028e863b34dcee6af300c8c566f457e964779a729b6568a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab11AF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1281.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit