18edab9b3156d0ae9dea646cffbd3c135d01340b3b309801d5cc27afe8df89a2

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 01:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3797b55b6e7b8ada94d4a039560547de_JaffaCakes118.html
Size

104KB
MD5

3797b55b6e7b8ada94d4a039560547de
SHA1

20ab064e273416d1a162087569944e75c5757532
SHA256

18edab9b3156d0ae9dea646cffbd3c135d01340b3b309801d5cc27afe8df89a2
SHA512

70b7a3c4a2337773cc8d294163c60559b156d8a39abe60edac23ddd47631501fd6e50f63d2a493171f6b1def08c199bd59e1284855bb52b9fb245cfd57dbebbc
SSDEEP

1536:irp363vCcKKJvg6EA62RbWAS2/VFKt6Jw/WlNOVjA3mEPlqgbFel:uqzz8QM6JwC4VjA3dbFU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421640052"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8E13D51-1000-11EF-88D8-5E50367223A7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2396	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2396	iexplore.exe
2396	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2856	2396	iexplore.exe	28
PID 2396 wrote to memory of 2856	2396	iexplore.exe	28
PID 2396 wrote to memory of 2856	2396	iexplore.exe	28
PID 2396 wrote to memory of 2856	2396	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3797b55b6e7b8ada94d4a039560547de_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
ef5318bc395c571a0381898374966cb1

SHA1
dbf1f7880ce9bca614d9388e258c798062afd4ca

SHA256
cfbfd4e4823ff77810a1813805a40c45a58bc863c35cadd748d2baad824f0d56

SHA512
25caab99ea27e61040c1c27024f19685f47f984fea750ad708d6816746885944e8068bc65b00e35b99cfb70f9819412368c894695cd7ad75abda7b016b24b8c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

Filesize
472B

MD5
e1d843c7c481fc7e55f1dd11b92d281d

SHA1
97f9d8598907d7092b0aceaf405060793e8e3dac

SHA256
079cce29639cfac402a5f853db0956fb0213f6c9c9563e86ce43cd72728c5edc

SHA512
d3a399ef2106b232772c493ac3dd3bc2a55d846ece3b82eebb86c2bc53482347feb896ab45ac474ee163d3c891a9305d5cff9393b9b4e90490b1d8446b0aff69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
719febb45784de1a9acb95bd3496cdff

SHA1
dd91f6541a49e04e56ca60be04b245c1f3874d16

SHA256
f7a19df95ae86eeedbd47bb63f36d75f7a89a4a501dd19e149ebbdda784f312b

SHA512
e3e4dc5ecb80312db27d7ff34ce56087cabca652d5f5f86d8b6f6d56535bfbe5435276452454489889648b7d450d643744d2819424ba4dafe287c6a83d5219da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afc7810835911db70c15387202adabda

SHA1
48abf8653b5eca4120231f9743e65f2131cf147f

SHA256
ac3efcbc9180b6476f6a060b83e41478255ba9a5348dd2cdaa4a43ceb3083488

SHA512
d546162fdee5f8e3003f7e26799cc069e9188ac83f7c962e95c43ef0bb3ab3d6327e95841ec485812abe890c5c27e50ad225c4bafc9acb6762b071c68adbf7e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd90a68bd9dfb5a3dd3f255c6f485971

SHA1
9aae6eda4c2b3ce8ea99d6874284dce9471f4439

SHA256
28467088096ef50fd89b46c25bdcdeb715e891ca99c277115e62173f521029b7

SHA512
8e6a520ffe2330440968aa2e9206d623e597b487da6740f660012e2603e0cd295097d981dfdaa3066e7c5d13f21aff8270a06d3f561d9adf72195ad7f5142c07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfaf29c94360407fb1191f728044f131

SHA1
061421d20014f7dd835d8536c09078d1fae579d8

SHA256
2855c33b2e270344ade2e4535fbf84aeb0d723d160235fdfcee998e449535a0b

SHA512
3b44a6c5bd51ca7e158de106d349b9d6a3f29bd2352050380a337a78e2ea12facb2370a4a7125a6a888740e9f15a6528ee1ca051b7fadb87c3744ed63801d6bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5b79562105b485b6e5a572bf17fa2a5

SHA1
33a41b576fe0c929565a3e5833d8a64d2a16afe9

SHA256
4cda5143d1ca7cfaa38f13684f828d032eeb2c403e90e9044f78868770e1a9b5

SHA512
f245b9b470f6cf4c0e9f0d6d1d79e6ab4dde50efc8679ad023d0cffefc127967416cbcb643a3f03852d04fc4317b5502f05d20a45fe45b4cd7f01765387fec2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c69356c3c81078f61a08fbe3119ae8bc

SHA1
659f523885a09c6e1eb94e5b2a82b6387f19b9ad

SHA256
e119d116c2d09b448c43475ec78406cf4c0df92742294d8dd7e1978e2169cf62

SHA512
91382c74ac226a75fb1b9ca73246d3ff7b6a1fd4d7d1831c291d19a27fdd27f1acf257c5e7b0a898875bc9a6b2358301f0c6c612602f3db9299c50822f664287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d1a374917568400469b6b5c6668f1f5

SHA1
1b0b57ee9416d0ab293623d7361d788f8977717d

SHA256
25671c38201be38999daffc004c3ce8aa2da57e930c14db2ff1fe1763f211e4d

SHA512
3bdfb0008d51cefb657492ff14c86d6ab03eac809bc637cddcc83ec920ad0faaeaeb59722af486933e0a8bf1b4ee46b3c3b4c946d913786e6cf6fa826a86a5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6511b52efdcff2d1ff56ed8a0aede0f

SHA1
486baf8687db780cd93e1d533ffc37198c155fa3

SHA256
91f34627fda51cd8aaf867cdbf61e87189a7290754999ece2f26ca7a88636066

SHA512
2cb25ade707c1adfc88f61ea53b55a58f3075b4b76ba07a4b526cc14f6ed5aba718e661f6f02c3599d616dfb59c11aad136072e2f6ab2ecc1e06e642b68e9be1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b0c68b3d74a05dcb196ca2004db41b

SHA1
77b3ac34005e99334f7093babc7fc77016e4b8b5

SHA256
81e546d9f75e417414f22fcc540b5f11037ce24e48fe43096c4cf9750501f2bf

SHA512
8a8567ffc134bc6fed194222e24869ff67135305789d5175205fffdde01da5ac78541fba04aea9bcee6dc02f9cb66554592320a87b12939862d1b1ddc2d297cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d733090b1c87d12139fcd0af74eb6e1

SHA1
0654257b43acad4c3eccfa204e249e340ab841b7

SHA256
be5807fd27232a2ff906dd26c748c7464f08f39f0e51bf21668efce0c73d01c9

SHA512
934ac8ed7e417ef4a09cb0da1883a64d7773e96769ca4d55045503e387678b1f248e2c8a15e9cba7a765f8925a1cd27b8399ab6f51ee1a669632502129e4efce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a77420b60294210f339afd31f95dc749

SHA1
08815eea1a8242abab9027281276df8d72fdefec

SHA256
da2ad42518786dc592c51a45487191271a5f0f8e8fd10892223b508af5acdd58

SHA512
a91a2654e9e0354844cd481710e457737cced984b2a161d92d736c5e2eb1a55983945c9b4a4f0040f0970a32db78cc3ce5670c201abd1e644c05a5722fdc4359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
d928c32d95805888fc4a6efddef8d011

SHA1
2a40f6ce68dfd8c56e8bcdb44ad9723b33645111

SHA256
b1e3ea1cb40c3c63c4315f375494c1abde6a2a54467f50725ba05cb645f46aae

SHA512
d7ce75d29c953c2b5707719bb6d7aa329bc8cbd056510defb7678360cc53d48eff256879fdbf2aa57027b64afac42ba084012cceed82cca0632891ca576ce89d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB85.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB88.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit