68647b8a9b68fd06deb2098b1fc5ef09588e456a40450564c25ec4638195b1f4

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

340a5ee63a0b24f14fe9d4d9065c140c_JaffaCakes118.html
Size

213KB
MD5

340a5ee63a0b24f14fe9d4d9065c140c
SHA1

61b83f3e5a414e696937ab93b8289cc27415ade3
SHA256

68647b8a9b68fd06deb2098b1fc5ef09588e456a40450564c25ec4638195b1f4
SHA512

1df205b2b7b021628208f79a5d48d3faf2d0a85b135bdf60d6ed643d86fad1339214675bb359802370f3f3108209d01293ca643a28d3957cc2e6d044f6317820
SSDEEP

3072:Szfu3AuyTh9yfkMY+BES09JXAnyrZalI+YQ:SzlPIsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421583914"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{449DA9F1-0F7E-11EF-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1660	iexplore.exe
1660	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\340a5ee63a0b24f14fe9d4d9065c140c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9f0a8bb1ff8fe1522913fb7875e503c

SHA1
dee3850c83c1d487013a24d27be3848435d7b760

SHA256
2db863a1c3bb883e18fc9e7d46508f8bd3fd3a9959411942df6890ff82290319

SHA512
3c2cefacd93c1439c3940398f8a4184446253d59645ff8a033b1b49237fb44d6023c21c62fda3a376204a78275399ce25f8e5694389b02c9d6c2e2180164ac31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63e5c8a9c96f1e0becd664a8e5939ed5

SHA1
089631a21237ca0f61cac316537705f7cc831cc4

SHA256
d8d0583c857745019322a1c7a4786ded0afeeb1c106608b3325c4cb893a622cc

SHA512
96c592af6c341fc81b6e298e7091bdc5df4b05b6feecc23f4c435b3f9dc4855c20202e017e16fcffad5264908d9c1795af47a0883e324c08f345eb34a7d0779b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46afda947c39f04150d79a7a8d675b62

SHA1
5d9dab4aaa5994421eb6973fd251d9c7c4eaf2f1

SHA256
c59ec875c6d1f3db6d89acad204017366e43de92423bfa57a7c0f38eceb2858e

SHA512
4965422cb3cca1dd7fc37417a85f264710f24693477ea495294110fbe1cf2485a29a3610514ada2ec44d7a58ef5e7e6fc2d7c5c93e3f7890e22697993bc58158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfe24ad6dd4f521f488c61b0d815bc63

SHA1
28a785d32592b2b6d9e16b544918c691c47826b1

SHA256
54731dba449f018c5519a7bb9386dd0ea4132a68a642094513d073e121a7b937

SHA512
548d79d7ba8e74882f26bd74f61de6c23b84620bb4fdafdf6e58f623529f2469eea661a5bb8f1d4a6c0d746fcb8aac3b0a0238da32912de2b70d8e898b31c6bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6294f80416a9a07f109ab84175f1a4cb

SHA1
086667726db6c692a64f80d28364ceb191c5718c

SHA256
87d35c1923e7ad48d6d0e5acbdbb247fda7494428f052347238e98a22adf7f55

SHA512
c385e935357d9830f133e8630c40e0812a938a1fc7a45ad1f364f89417f862eaec5562071545cc3cd8c9791b0d67ac7efdeb395da10c018eae78740a19b77a45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42968d042858ce07b8cd0f10fd7b6a12

SHA1
879cf0793f22bc44b10655d16bacab635fbee686

SHA256
f1d6b836099af09e5e01e3d226548afef3c89ee45f1b482313aaca76e1e9b389

SHA512
bad2b8be9262a3de4b7b040c6845656e632a30c4358453fae7a32b184fc406badd3cfd37eadf2d4c088d9b7a4cad08456c0d7bbc9541ff3bc0e6f9dbca095bee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86e80afd44eaa5e5dccb74b70d5a332b

SHA1
e5a3a093096f96262df84bc359cf5e6952f340a9

SHA256
0d0dd25284cd0ce6b520fab479448c789a57e668aa84d24e6aeabeead94ef20c

SHA512
e4bcfc986238b2637690c49fb6ea04549f93ee6b602e808565057ac876a6629be6b9468293c814fd013e57d3c2ab42c7e39ec1095e1964faf706e6c64caa6d34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eb9a0d726d08f12240b82e5e9de93d4

SHA1
c75c86b7dfa1fa6b1a3e18328d0165ccec909c1c

SHA256
d3240818c52a907bcfef3a60c45628947b7c0628a52016425f621eaa367bfa1a

SHA512
7ac9b2a928dc14f476fba0ec459a8795213bb9699032dc07a09cfbc71ca0f59fb1b643aa0eb148f96d5d51242539bc1266931dbffe585527e2dbe52c89fb38a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5894162ef47e0d8456757f70aea105a9

SHA1
a543804393c8076f9b1d9e8f5366de4491555f3f

SHA256
09dffb0170dfac00ed32c1de48f47bd3e131bf73a1df8716914540d7c89f164d

SHA512
80043f999832bcbbd3304007d08a037a3108884a54f48fe8b32aa5edf6a6e7cb4332c2793026d4774446d67ff74ad0e51c1b0ae2f755822bb33e36e0215bf40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
031d176a987ebc374763603590a52747

SHA1
bf639d81e20222ec7dbc323a92796b902d03659e

SHA256
d422e17b9634698febda12bcdf642decf6f5f27be80393ea224b14b07f78710d

SHA512
a1b7a7c3ddd67f8c5e00462f27ca38466c2dae7d73dba79aff16dada5c9d59cd262a88860c1393245fdabbfcb1f08e924a2b04f4b5c67c4ccd6e179dd27c970f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ccf210cfceaab912d7efb6d853965c0

SHA1
053a388ada2ecd4323ace3614fd5ac73cae9c975

SHA256
ca7e5b8b0f94d23ccdfb311004413075451656242c8e690b784af6134421729d

SHA512
da54ce5c3bdd7f55430fcef4794dcb5564d1f43b917e45a9d242b57f7f4a78f975e4eedae0f484867db184696124aa64da2f18bd03a3d8b47171492b76020d71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
875e5eb89e613e9106cdb3d8af1d2ed8

SHA1
d0a6cacdc578cf49f711bb014edd006a02233c16

SHA256
c39a4e4017b8b1fabfcc7dbf47e91435b1aaa958b7cfdcf735f39af8e0806c52

SHA512
6bd6d4620cd7ac57d278475e704d3f9722d5a12d25574a6db46eaa876bdb6c1ac369df03f346dd1a3d3da6aa0951bc275338f5c4bea6ec71d4a45d79382ee7f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b77d926327910eb65c9d164f741c9a40

SHA1
9bac5560021349510c4cce4d668fbdaa9793487e

SHA256
db7474b63f767c37e37bff4ef54687a14fb390f4b55a6da631ee6f398964d255

SHA512
ce5813a63a54a5a427ddf1b0558bcf7cb9f8793ae8e3a2f7a91e25e497f03bfa1830e562d705e885027cd385b9f7bb2fef612345d8e99ea808bc4eeda77fb008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
907773879d82ecf74a8366d499f0c29d

SHA1
b99ce661c9e428260c291d7a846e39e5550e6ee4

SHA256
7b4087c8866b0eeb8f6a95e0268c52fef633d7105cbff0190613019313e4e6b1

SHA512
29e1459d8ada0e7790c62d02ac6b14c061f2ab2c10ddeefe753b1b809581292eaf685bbfd37fa152fba0bf7f2993aab13fa61f69a4f1d7d19c32298176444c8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
131230bcbe488cd12f568ddaa51ca4ff

SHA1
9d6ee5bf3ccf5b264cd50b365bce3fea12236d43

SHA256
8cceb95c279976922a76ca5a533b3450afb6ae5f299758c7667162e00dad2ec5

SHA512
4f534c4ab62a2e6987ec6bfc60a32facda2d2b7cd2638d6a8aebbee56a1d297276db9b2d0d38189651e21d36767639e15ca67e5e115afc35146046b36b4aa288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d67eeb5b06b97cc3a08ca4a67b84d266

SHA1
3ea035347b6bf7d564abe5dd7c7136ed3697625a

SHA256
53c11da3f8d4595d9fc53f36b81f0b86f06b5a025cfa680563939f5adab14063

SHA512
68af8fd28b51c13de95968042f48fcd6be95af326f9e0a8c414b8059c60cf95069f2e9c8ffb1cfe99b6fa931b3bae21419519cb113923f1249005a1b2aea6e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19697caf37a00bf948b4f17d89c465eb

SHA1
6df8cf8fcc0fd658c215e12fcc7b659f314e465c

SHA256
974c428ac688b11bef803c17cbc1385ec0b8bb76529b1f15d30ffc9298034017

SHA512
f3a43a5f6f38e47cc837fd10b42ab1eddd878f8a7b5ef072c2f6fe37dacb1340c9643a60af8f197f0a0df3accde6169030acbb1f5cb86cb0d971baa552a4a5c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0bd0a4b35038e26694abd42997efe7b

SHA1
bbc42a26a1a3c8c63874df4286ea7db7e47cc2f0

SHA256
2340da5ec517b21f4b19fe78e841c6a0edf1b5c7d253089be93b73d67e78fb5b

SHA512
44df1c8b2a80ba1abd80718f1cd591232e3f6d4c68d764d47be17d571dc6aa0267dccd36b2a3a6f5efbceaf0258997401b0ae79228e3e2f3d109e5703cd7565b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c8e1dbfbd7dffe82a2e1c27f5d31f1e

SHA1
879c90c3538d01c3c6680ad208cceafea841cecd

SHA256
2d1847f3feaa6503e160908d501f3463949a1067d874488c2adec2778d31cf21

SHA512
5a7124131510534541d557197b121c31f34243a741f45686095c71c022d27700adc307af0a1071064a4c78ea365848fd86be21a4c2817bd41eb5f456207eb385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab11DE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab128B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12AF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit