bbf84186659058b15c331c6af0add00b8ca0ff7f9e65bcaad641f0a44cf82c07

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34bd91bc957bf919ec4bf5036551ff23_JaffaCakes118.html
Size

220KB
MD5

34bd91bc957bf919ec4bf5036551ff23
SHA1

7514214149017325e4f0522b03e7a72138d1662c
SHA256

bbf84186659058b15c331c6af0add00b8ca0ff7f9e65bcaad641f0a44cf82c07
SHA512

deeb0927ead984977d39711a135b585a310fc5f97bb57e57389b6ef3d259be8ce86b26ce16904d29850763a050cce4c7aa99f5e4846ffb7f40a04449c5e4a59c
SSDEEP

3072:SVXsLdRrftSyZjyfkMY+BES09JXAnyrZalI+YQ:SVgrWsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3E323C1-0F97-11EF-80DF-F60046394256} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421594865"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2900	iexplore.exe
2900	iexplore.exe
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 1564	2900	iexplore.exe	28
PID 2900 wrote to memory of 1564	2900	iexplore.exe	28
PID 2900 wrote to memory of 1564	2900	iexplore.exe	28
PID 2900 wrote to memory of 1564	2900	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\34bd91bc957bf919ec4bf5036551ff23_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a52a84d563d62ad4f8ffcc1357e1df89

SHA1
de9d0e0dab886f75032bb46b66fd8867e5779bca

SHA256
f0e7b8fcd01d09670662cfb1c5759967c2c2efeec9a0ca0a8d9112db8cc9b202

SHA512
4c462314b29038b5b5b983cdc4f914afcd10b1726c6442c8ae8fb307556033456b79bf587390b5960384aaf7ae99e5c94f4f0dd744f9ecea7c3b08a48ae7b731

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8c11ea30679acd921aee0b2a878a4de

SHA1
fd02be4fab0e0aa9e5e37f615204b00da23af623

SHA256
59e68a724b19f7ca88b122e44f11e644910f27d26e569382f1170d800857e67e

SHA512
1f6150b9cb948b04fc6b513beebfe2f34adbcbc3d616dbab459f58870ba8aeef61ebf09a19a2ce2786a93f16fe4586df8cd694db6891ed0ded292513a8c3c991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec58d2856253d18a0b55b0c0de546b3b

SHA1
eee7b077917686257cc729e9f240a1de6f871105

SHA256
6c6b157484e151230ab44b0143030d0fd4dd4c4214adf92e146ca7f807b2ccd3

SHA512
32432633b58436d424fb7e5a5f058c55cbc18431e1afdd0b53c81410b488f2a766b2ae166018bae064525e7b079016427969bbbd02223372eaf7a747248d8019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df40d057378ba9f2645aa53fcc25c1bc

SHA1
08e1afd1e38af0ce411a252d95776289e36d6e5e

SHA256
4c70194cf492bb505222d85b0fa0b34392f401abfe55f15bced682c152ec01e1

SHA512
46822c1564470143bc637fddf624145527a3a43085c4e961f7eef6299d7af1e5515d3ef6fa7fba602b2e3a4b9afa6d61bfb79a817de9b7b44c0439e075ee86b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ad78a0b8fb627bc68837e1e0fec4e54

SHA1
6fbc1153feb12ef622f2b631f8be260e8ef89df1

SHA256
c1e616e30bc87dd9e53d830e7746f6fe8532b48ecbb8f0f50a8fbf1a1890dea1

SHA512
81d50684c7bcd1b9db09e8beb3a34a2c51f47bd0020fefed2d41c68fd07828d76092b6b439b4913d5c0f49a0dbf5c04c5dda2c667085c8e9e813222936545391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
587305aaa8b1b2b9dbffa04961635816

SHA1
d36b501bf87b8ec5d3252ea1b9b7e20b480e64e2

SHA256
80e9d77bbab20abc81f1e9f63b853c3c2e898b36fee75b24d79476b78bef8222

SHA512
d4eafa8243519281056851fea3d9938b4fee20cd8178b2645ad202ce5d5516e81296f7c59bba2c0261ecf9c84f1cfe09ac3643a0fba01aa8a4cdc347c4226e82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5b722701461c4d61ae0c5c70c791ec0

SHA1
80cebd048574aafeae0dc527e7db5cb9ce28f940

SHA256
62c0eb3f4d8819a6134485ca7af11e63e966b33bed804cf4fa1e927939da188a

SHA512
5c0bb4613160abf4b1c38d3eac6dbe7f07f392e3693265b75d8365b8f9100c07dbe45574fb40a45e0f9e4bd4fab91751de13f25d7c66daf1a21a68e0876e1b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fad0a4fae7c02240480226abf0688387

SHA1
c1cfaa037a5ca0e85da313d847fb06a953b8f7f5

SHA256
88c632577886132bdc81fc056a21f2a413234eb0b170d585b8baea75c5e789a7

SHA512
ed9003a122d602b01d6f3eb8fec15e9265e23829d11af94b9b2fb0d31a982ca6cd1c2e225fcd7204a029a10e041c844ffab038fcbcbbc402834274680333991e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a145c664306060e58408b357a8773dfd

SHA1
2f6635ec39e5212f2d72fd11fa11ecad8cabb47f

SHA256
78dc886526017154f74b150e81e8af8f8c537a78a07e37986e09e829743b6c0c

SHA512
0e6c79d9199b156060ab6d93f29bef6b2149564091076a4e15a0426b226085b92b6ebe5cc1bf6d15c92b6f4f8415cf5c5fc23161f86458b133dcedb386ba5d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e224c0faa26e2a9cc5d43ac536d139aa

SHA1
037436c70cde0f967526af10e760ccd954e8357d

SHA256
766a1b3bf0e088eed4b45b22605911a08a31ab139495ea009de7ce429eae0e83

SHA512
4a2f7f04019c41eeebcc0fed7e90382a891f1f8544738b55ef537083335445ce0ffe33e69998ff0efad18ac16ba658a4553951b67a28505787de04d13b4e5afb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bbd9805f0bf1db389337904209e96ec

SHA1
e29b6aaee8a1c083e7104d798b2a717254524ecb

SHA256
f00c93a3430848c856dd5c25ef97c29dfcd9b2c320b22e21355f32f615654590

SHA512
8cdfd2315167aad41ffb7fb30ebe58d5e701ceea53b794dd4970e3aae58b27f523d295e593a1ae5e90d3c56c850a191b6fe4969ac66887eda10fc7b5cfbb10ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bedc10fb400ffd87b20f90d25f021b76

SHA1
3e152f90dd59c93d348d0e432c2131a8f2c1189e

SHA256
fd284ff624ecb82252b5bb35c053474084a9bffb45561fb7aa5a8099d9e2b033

SHA512
8e72b8a73f55cb4624964cd9412ae4459b3e02fa4aa97c396b6503c106f2616443b64018c23935ca0c22efb2073c00b450acb58cd997ac9cb8666cfed7eb4cb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ffdf2b761a739529d33a5be04c6dee5

SHA1
f3f048459aaacba7736a6e4c3cbc958d4d5281f3

SHA256
0aa2a2fdde18a797e8c9fe177bb10d6c0960765f89262d8aa7abacbc66bc8d3e

SHA512
374aabdbef16a60bb8a98ee0af141796caad3d74cd2f4e3f303509daf9386bf49706089785fecee613c1bb65e348b8104200bd85f8fa63ae942eebc5df836507

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e17f3c80f29e61fc0b3d395dc60f9d40

SHA1
5a203cc50956b54e62aeb22733c86d6e2ff18ca0

SHA256
1d98846bb5b4061afee74050952dc08cd0f3308fe6ac769489fdf3cd2b6261ff

SHA512
a90e7ad875d5eb129fbbd0d1f277b274ec1682b4bbfbb9877c09104931013ab7629054fe2e154b24802b19e89bddf83fcc72b3f642dd4af531b6e28212ae9215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09d3877839956058948610b832f34be6

SHA1
35c73679d9a4c604de1058d3c98a5de118f7f749

SHA256
913094e736a5fad7d21af2983bd756db0e7e0076a2f8e503474fff2082ee9ef8

SHA512
d42a326924d793015c18444c8ac50fc1bf2892d61829bab630f7166468fbc00e8a8585786b698d5e41162795efc57e2e52afa93ea56e0043a097c0eb831bd7ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
769d19861b4fc25c23de75dec9c89b7a

SHA1
1b587c38cb37e9dd6f12b9b216d6664979522e18

SHA256
1616857c0ea814bc19ca7d7698a0b535b1357e0f2bdf2596623ca70ac0dff177

SHA512
6b02ad6b7fa65a8c33938783e3e7395893f5b14deddd6d2d9f3aa5266e974d268d019113721301338f010d61c437c6712e717e9ff7555595f7203b7842fb89eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21700dde1cda1703b297a50ed6c43693

SHA1
4a0ddabca5d92b6b574c5afd9292ceaede6c7e05

SHA256
718faa6a74f3efe35edaee7e49bfde09e1ce3b361b364c6937768ec7c362c0ae

SHA512
30221dcb451e51d7719dde185bddcefa7d6dc01ef9bb66649f8fde55b9b3f2c0863110481ef15bf51272eb69c0221335c546c91fb71d75b0d83d4a8abae95ad3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9266f845026ef1f0cdb1bf997c312d13

SHA1
819b1a245c372961dcfb296b7dbd32a0d0aa2293

SHA256
ec6de544328f2eef6be90ac0f5e19d4dc4c531416df03af209ce899ca44109f5

SHA512
d3f71696b80311148b0bfaf047a698d6c6e24edd3b72cb5d79c7e9cb86ec5a63c7fdbfb4ea9c2e6c0da7f2c94baaf7f4819f44d4a28828f0ee0a46f78fd7dd80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18EF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar19D1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit