2d8229aa08fdd7f76ce12329d4c76e00a0a1af3fd92bb08bb2aaaedf19d796b8

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34ccf3ca0a6269effa7f07e9b1ca0a1a_JaffaCakes118.html
Size

142KB
MD5

34ccf3ca0a6269effa7f07e9b1ca0a1a
SHA1

88e261685345cfa62d7d055f90663de39cd9adad
SHA256

2d8229aa08fdd7f76ce12329d4c76e00a0a1af3fd92bb08bb2aaaedf19d796b8
SHA512

9a3dccfd50e84c5c88af145e4afe03ef6870157a16e966a90c10310487585b81369b955e90b93410519aa4c4a7aaf676d4859609fda8d4cd681e7da84a322000
SSDEEP

3072:SrhsrjJX9Xdx7dyfkMY+BES09JXAnyrZalI+YQ:SrhsrNx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421595870"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AF0B6D1-0F9A-11EF-BECC-D2EFD46A7D0E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2932	iexplore.exe
2932	iexplore.exe
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2760	2932	iexplore.exe	28
PID 2932 wrote to memory of 2760	2932	iexplore.exe	28
PID 2932 wrote to memory of 2760	2932	iexplore.exe	28
PID 2932 wrote to memory of 2760	2932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\34ccf3ca0a6269effa7f07e9b1ca0a1a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3eedb207953f5ab5dcdd3a7a17a3dab1

SHA1
335f63af9631e2e1a004a98de2c56dff5f7a8140

SHA256
1a2eadff95e1c4ba48732799d38681c868ce031d32a232ae8cb7f7f0ecdfb7c6

SHA512
837eb83b95627d54cbeb67d9257b444ed15272bdc19bbb6b2853e405e170f31c520a06b640a01669c035e8800f5b034af637b5b977f0c15486d91aaa475d9ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72679bd9572448d3181cd2eb9b6294ed

SHA1
9cec39cc1d569d80d275560b6dbc365af57be705

SHA256
3b330025fb803cd16c01618d6e21ef018a3b629e992d3d0ecd28a1a3f12f1d05

SHA512
8d6c8ee790cc4cff5c9fac96786ccd32040d59267ee2d5ecd00851d7d00894abcca2e3832a0dfb72e1000bac3f2d9dd957127da211ca34cae79a28834377ca28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38bdc79b19a1e881910ffd22097e32cf

SHA1
3adcc2a6341beff8e92afda591fc2a7fab69d45a

SHA256
6dbb6c3335c2816cb64c8a6560531d35ad31a23b66c874ae2a44c87a142ddca7

SHA512
fa2e953b7a3a661c344e7e98e87392c5f6ff1da388f5a812e7fee6d4905a5668d315c346bdf420145e586a2d843562683f15a90b2642ac660a2aaed1929c0d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7469deee002f954f61b904b5efe22e4

SHA1
df851f65b6735dc9f0688e03f9c8dab7d167bdba

SHA256
94561aedeb4a42d06cd6cbd5a9a418734b12a65d6e7817a9fe7933e27671c5f3

SHA512
dad2d39cb43b5d6cf7ca32891ba993d108429f8e120b8ff0e55a487a2058f0d1b8a35d9b033b1406139e1c57b0b070c740b30d784377cf07119859acbef28ee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9b9833d737a7f6780f8a29689cab764

SHA1
b8a3be336ab1c5f08196d72e80b5c8aea03a35fe

SHA256
f4aeb666ac3667b3861e80e45d63c7efc701c03c96a3f109ee6a3ca82736d083

SHA512
40b24f622045c6b7bc70b32f68c28dc8f13a124fc547908a42f41804932be111a66b40081e89cd97be735b72efc2a7e93aea7c929d2064ecaef386cb919a9f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
079d7056b5ad6ad63206d08a082f217c

SHA1
d0cc520d40f1f20e48b9973612ada8492a6e04a4

SHA256
f7dddf1e0eded1f79798037242ce7bfb27689964126ccc1f8bcfd05d2ab77392

SHA512
e20d9156d42b078864da5c0fa61270fb05a38853961562fafa2b49df651e4ef6e76be5cfbba767ddf21c1878c49fc39891120a0137993b7ce1e84cf220e1df3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37b17b0c1bd8fc50469d6a65e7563b19

SHA1
ff13c1eaca2eb9db476a5a01b6ba993eb2c85078

SHA256
c286c614a766fb2f048362bf11c042d9a6855300f47c72ddd9b0664ba6323da6

SHA512
cc9dc61c3f36a8bf58854bcf357787cb6f96cc19fac487b0f948a7265a76a45061466aba9a70352eac461836089e3600f1e316562e46c3f6c1ab008fe55b6fbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77dd06c8199ad0f80bce98d8aef29741

SHA1
fe185a50c7e5a555a9427c84b10b4b4496c650c4

SHA256
f3d1ff5592482d235baf9e256291b0a4dbfe75d29c09abb589434e10419561b0

SHA512
2b3626a040afdc4c5b881a7351963c3f689901e2cfbf3d9f533cc8ee97142230bcd47ea1a4cb565f58f521defd09b2abf9e34cfbec58c34c1ec5846127da3f81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de3e6b68b97d62ef4a5a72e7ae74d364

SHA1
390d40bb3fbab987d3b501bddf7f76a4b90d2520

SHA256
e94799108ace4885b2fda043522b999231ae3e779390c4ee4081d8be076823b5

SHA512
c0b20367c1a154b0a1b8deb698cd195ed6bc4f54b757919a01995f01ea29a52bc7d6da99a874af0d3f7b64b68f0d4ca90ae394d59cc9fcb4be510c03a211c409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49b39877c7257b1444b5cc207c7aa689

SHA1
c0b1dababc60baba8aaadbb0188f93aa948f9ab6

SHA256
59d59269967ed39e8d5096df207bf2aadc8bf9d4d2e7ce05c2e0a6cdafdbe112

SHA512
facd4ea91ff7f0cb8c8a19995bfefbbf6efa4f399cf3f6565783cab29296f1aca11c9319779f0507486378821d9d919d5bd9ca3aff4ca5c31b7072f0c0d5d352

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5653ca9ea4792fb9ce841e390a2fad47

SHA1
1c056ec678b6f40244284d5b030a31bd80ad318b

SHA256
8f87f2f70637738de7d311d11445db52be4e46b60c9a1b6ebfcf17af2bee535b

SHA512
e7429524ac4409df10c49daaad0b37e5158d9435f4aad7571b6dbde1efbbb44e61af74c976bf4beca6154279a4fbf8449cabdbf106d77c2439ebfef67746d9bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4a86874e9d3de38bf23c5e4f9d8da97

SHA1
54b843308cf0cabe8e973ab7b306a7b421ecced5

SHA256
9628f63b188ce773e45330391fa69ac1debfe18285e9a3140a039064d043b330

SHA512
5f2703157c13611fb1d4907299de3b15c193ac0773dc107742ab68837e3c8e20f7c95ef8ea020b5f0900ed4ee183172ae1ebe50a1877d8beb1fe705c6db99279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79d329691ecf011f66b25f590dcd4ed9

SHA1
2164b29b1c0834b64394259e21769ff56557bd3d

SHA256
eff75467ccf374efb940feee7ba9cada349ec0254a0661d671b8da2f5632ab90

SHA512
4cdb3c97609fd62c3ddef9538c37af5fcd78c571630e052029ae7584c925833e34dc22c12561a2fd7025c898e6c243ee7a7562243b3c66cb3fd8e6774eb5960a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf4e6575ccb52cfad621981dc85d5bd4

SHA1
f37d46a6584042472c073c0902fd5a08e091bb31

SHA256
268a3504c8646aad2e5e7be604f2c8ebd06c9c744afea84bb9cebdf32d4e9214

SHA512
e72b2bef56302933907041566c30c24bbaf6605fc3196fd56983f7803b4a053417c113d9029208e31e7586cc934cd3fdabc495d1286223f16cc8ab206ff33bcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47f172cb52cd8413c3ff7a55bcf06b31

SHA1
c55ee31315411e695807fd1fb97a93e542b396bb

SHA256
a53fcfadf8e87f7a99e3e8fd6140adeaeb86389d3aca32e0f059a7737dec1db8

SHA512
6d63eaa95adcd0160e71627098f398285995284bab4e977eac4fedc100842ff4556339eea2778def2a9d5ebd9f71b27b7436ea2ff84e6da8dee1d1a844308319

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcae3ade6077a10cf6b606fb20bc6761

SHA1
4e0807864e3d1b050a958815c7832e354ce5b44e

SHA256
2973e2531efc46ca1389beb74e055d4ba4a2be9f9bc334fdbec4053f877bce1d

SHA512
97a913754ea05dffa8553ef9c26cd1ee66324e51ca6e7f5eb405329ecb7c8506012939bebe67b8646b88a4b7b4a5df24714fabc9b2421a97cc2d0c4366ef3532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fe5414b7a01544ca2eed54e15db7df0

SHA1
c3c04a9eb31db48c09dce28fd2ec964963dfc761

SHA256
d7bc2a79c303149f81c3e2448a8239ac9dc63206998daa6c39bdd98370c19fb7

SHA512
e48bd5c27a6008b450f7b65949a6ac54ddb5bfa985305492e3874c4743857e055ed71fa9f3ebeea92a349383d8f11c754ec880c5bab92fda753486d48183c23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
decd5193f9f41e2cdc24d8fc1f91f5e2

SHA1
23e02cd59148c2dcea5db091dcda486639804999

SHA256
6c7fce7f49f90bb3eec56e05fac2b1c46ea82bdeb687cc8a724f7d0687144a1f

SHA512
4322f141e333f228e7c05a086d475fa57a410988e36c2529c32b3fa56fef0757d0d602d2e209589990f13c12992b73cc4a7d4b0d1f059c03ddae96e0a93bd9fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
453053985c84d0ca8e7c11d0b4330408

SHA1
bde8599ba548b7f9b7d287eae682f3cbaa10c776

SHA256
6f5d05b4212387b78d8385d4429f13f0ab3a7dde89bd648bf4417065c66c1497

SHA512
4e6030c9bd7655f1c3b00686c13e9eb86cc144bd4763ae08c2e12dc44b69bcb910f59a909d71c6e712417f41a24ab6c00e62768c4c0dfe4eed9aac2e8998817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD4B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit