e91f4e39bbe5394b75208aeff8283e7b43e7ec82f8e64a723372d1da25611a64

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

328e2d3afa714073b8f5dca08d258bd2_JaffaCakes118.html
Size

213KB
MD5

328e2d3afa714073b8f5dca08d258bd2
SHA1

43774a7ea52ee2c65883725ea0471e639500e8cc
SHA256

e91f4e39bbe5394b75208aeff8283e7b43e7ec82f8e64a723372d1da25611a64
SHA512

a765c638311309420d83e63d1ac25d41f55ec96b7289df21b50b1e114cc79b2a2c92e50ff4e34fdfa17604e5ff27e9df211a7730aab8f12f52d0db5b936c46a8
SSDEEP

3072:SHsGhE0f9T/RByfkMY+BES09JXAnyrZalI+YQ:SHTfEsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421561035"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FFADB1D1-0F48-11EF-9DC0-D20227E6D795} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2684	iexplore.exe
2684	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2972	2684	iexplore.exe	28
PID 2684 wrote to memory of 2972	2684	iexplore.exe	28
PID 2684 wrote to memory of 2972	2684	iexplore.exe	28
PID 2684 wrote to memory of 2972	2684	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\328e2d3afa714073b8f5dca08d258bd2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32fda05675fc132e039bfec57d0044e8

SHA1
f701d976ad9e69098c115f5538a2da06ad917f8b

SHA256
79128455cd65888aed32ddf24e83e3ef6558d41de04e9313a837048eade05e3b

SHA512
a203daabc23ae5e4888584fb2f5c52523d5cfe68159e056497e7220837f598af4f81ebbca49d8780eb981a0ed9b99075077a12d07e350833f2a459892a0a281a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4e575b718c2a0f696d3676d00cdbe93

SHA1
8953ec15e64be8ef89854046513cad4553223fb7

SHA256
aea32d943fe1b54a421f57f3ef1a0653bf31985bebf0fad0a3976097475a1257

SHA512
582e93a1680c5023383f73dc4e7c00d3b762ab8670f05a552353a7d3145715ce56dfa6380efc38d8b780d84ada6228e5c3c704c7e0a593e610f7079b4f0a14fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb505cb67183807ade11778afe1c6173

SHA1
95b6ef3cc8138de6ac1d6968551a9a1ac45d6055

SHA256
bd76c6674ab90544b5de8237c89a2d4b39f882dd344aa41f3426dae777a1dc3a

SHA512
4c73f90313a39470bc419d8be0163cbec83fefeac368b5126b973ff03c4c896cc3f5bd111cd6dcb0cdd8588426ec87fa899d1f8e825e334f6f5c755bf052dd45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
302a76eaa9651f8335061fa7bc6def1e

SHA1
34ce293a182e830e931bffc3ec74f4e15e7232e6

SHA256
dbb26d4509802cb821baadc0a76871a048976ffcb926b3cb2f460561e268e4ff

SHA512
cad1b66259f12cbcdad825a99f87a5ad08ad570d495a974910c36a3bda0682204827a20a433916cc4bc40a09e516defab2cf1b3206fbe77b742fe93f53491be0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
665defc2d123c281ed7d38ca25c69806

SHA1
4f779e71fe9dc98cd0a5ffddab7d3ccb8a80ab3f

SHA256
47e56de88d59cf8fac422b9419c7c21bce897d2648067d43e926a64ee7ff1f32

SHA512
fe7d7298c7143552ca779d04d681ccbaf500bf1a615aaf15fc02a4d219648103dcf767cf1833755928cca6d318ffe9c7ea40f22ee8caee113594f26762ad309f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9be30a8638e9887df43fe399d4d61f4

SHA1
e6139b2ac5a98f3b1fb8120c7f8fa4645594a1f4

SHA256
27e6146075997fb6987e487e0762a454710526293996a7cc67ff94bf5ce1d115

SHA512
8a47ea61bb94cb8f5b65e5d74e2ca037d71000c69102f7eb8643dcae462b3260282f28c5972ad5ebdba0dc24704d14349e769a966012496aaf18e21b3e61dbd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b476140ba0f265e88dabd918e5089ae4

SHA1
703c3093023039112edf3eee4b89f80cf6970fed

SHA256
9812a49d8fbbb08f57b10c9f12cbf27dcd15243f1fa9b43882251a865c7dbb41

SHA512
1298da6e277cfd72245bbd48444c039895901581369fa855c6beff71e196521bff9e0fbbe6b3c8ced1024d4b056f16faad6126762248de91418f8eabfcfb14b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bc4078d0cea68d3ffe7a517e7b49515

SHA1
ca35521c0e367299e72f7d9758e3f4d665cd7b93

SHA256
abb341a038629fffc7fdb179b828b2ed05391ca46edafb76ae6978d543daec59

SHA512
ad1fa086eea347719bc9d068eff323565cb0f98a2855dad300a4a2d276a3295f775da6a5a5c0bec91fffa8c4583a152d1caa7edab2b4d5b081001007c5427b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3efae31c2e1d2c26883bdda6082500f9

SHA1
1a1b8ffa8aae45aecdfbdcebc9104c5667b2b876

SHA256
9f65ab6146e8fa0a5ee2658945b61ac7f9e1fc21a98ff9ef0ee4ba19b5b4e522

SHA512
8b6e63c09f8460a1aa81ac7351ff32834ad252db9a9f8e0c1a7544bf0bb0c4fa5c86c3fd79ba7e91b0b65290543ea06a8afe161e0c046991dba210f8399bb474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc1d0bd93140b397a13be61c6226837b

SHA1
9a5436ee36128d4454aa08a8334814bab3a92ca8

SHA256
32743ac191139d0c9e4db80b8502eb3b1c1bc2fe392efbb6261986f75054c372

SHA512
f3c5291b78e6a190ac4f1d61d2134e6dd739c3d56b8a3348e0d3e221ea4ec480e093dec57a0d1d3cec71d16a0234bf155c983a12389c08592fe83ef4f91cdc61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d84f54b75d80c7e050826ac4f74996b

SHA1
929ae82392d98bebffc17588ac2f175fafb751a0

SHA256
007d57ea2e8f80f687685ddfe2d7824897b28f7244eaf1b1ff1ebbc2b9d8e276

SHA512
83905a5aca631eee885e2e197accd87bb3e682187d38ba151cecb977bb890d7c21091459fa7b6ce387dd848ac08a7a174fb043ab4b6a7104f511a1bd2d1a279f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e27601c17d3241c3f669e2ddd241ef9

SHA1
83450852b378f308531dd82f5f3739fc263fe5cc

SHA256
ddc48b5766b21099ae01725b50dc46980d17826b3ebae258b5ccb4e254c68593

SHA512
1217d8d217690a918697e4b430beb3beabd157c44b7a482ccb7186b382af9511db651b85d3ef9aae458a4147448820c5f6a5eace878537f05d70155aa5e285b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
446aa128d2e818a5b9882cf3aa04b50b

SHA1
1bc092329c55b87b5cdaa41ce045f9d18b0b03f2

SHA256
19ee2adba089f5abe4ed9be03e883b2efe67d9e39bfc5c55357c7a49158e7fb7

SHA512
23b32cf703629ff635e1744110f6178094535b17e5cc2140e3bd8490146bf1866e1baed3d7b55e2667831c501e1c88ddbdb6c8a4d6d35997aba130c6d051e81c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1581c2bc44e8833a6e08b969203f41d

SHA1
70d546f6f300a15aeefc259dc2c7c2bb6c51a58d

SHA256
9d0d2e6d2f6b98a541695639e5c7f62a84f5dca1a1f038e1619b8efcfa59d631

SHA512
5f11eb9b6450b40b1f724969878787da8a24909e2351cfdca29de12d56c982e5ed19ad89328ea7a08741d62c2bc7f8b02f72610346ba462a712a48879e80d756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44283c5dfbf72cee2f7ccd03c93b88a4

SHA1
c4814d7cab4996c45ba0fa9def4e36b5e90890d1

SHA256
38e45b3978aca25f1e7f3ad3a209495b7b77665899e12c39c89821939d17d3a2

SHA512
5f4340533bc757a7ebf8ff6e2ea2b7aeb452829ddc1a546bb5baece8a02492c8cf0a9caed6a76a8f4d554831e8b1eac0ac7896875c65066931a2c416f3b29f2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0040a9fca72feeebe8f8a7da6c7e11e4

SHA1
6e7ac5dcf3e42a81ac68467848727158c19b6648

SHA256
0b04b5b010c62fb385b86515ff509a96b43bc6649ad8aa6640a3f8b7b6b25224

SHA512
f83a0a3525cf0c2972e088bef122275bd7de382ddd211b2628dde7b32a1f02894129ab5608745ca0fb042b9c4c1d860fca573927877c42952cf416a356cbeef3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d4de7e1aaa3c0d4190a5b43f088d3e9

SHA1
a03620e1253c5196dccedc1f9024f14bd6ad0fa8

SHA256
2cf19145b855cb150ce1e13b37bb0fb90c57402011fce38f57d605d8e96cfcdf

SHA512
ce703a9b43539c75276ea732c2ffcaab15bf66de2acb9d0d6749855e79dc1d87d12614b9fa2aca0903356a4b6206fbf91a2e4ddf0b8906a329c42b317c4c7cdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7919f2a4e4823392cb61ec6a9f8cdf0

SHA1
29fa654cce67e524c7af32a8086195678c2b5db4

SHA256
75284b33a97cc81cebf6bbd30d05e6f79708afd00cdc21881669d3f0e7919bd1

SHA512
03bb5242b848240f2bf650a54b9ced49592e294b12b0a1324e93354b7b39759a813b0f4e5ceaf61e154b831ab2a8043fb2510c84b58137d52bdf9a4629bb57f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
578ff392585bdd885a10de4be606645f

SHA1
25d7c57131816c418a5ec753b2e960bc7db9477a

SHA256
08b778440b019e8cfcecfdd93e2fa8558b86aab5932ce3bb2a8c7b9e26a2cde4

SHA512
41455aedb8bea75e3ff5d86b9c23b4d39f94c8dcef7db834293b5e253cd6e3042d1c54c2c89e84f87dae2b594fae1ba7add18cc86f67ede4261784eff6ac4026

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FF8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30D4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30E9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit