e4edc1f7dabf87c67edfa0a50f6853fcb8077d067fedaea95339bd0ace0625d6

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

391ac7f27eabf06d92889410191d47ef_JaffaCakes118.html
Size

35KB
MD5

391ac7f27eabf06d92889410191d47ef
SHA1

09d7f8ff6fabf9ab34f8d82a2f800bb805731d55
SHA256

e4edc1f7dabf87c67edfa0a50f6853fcb8077d067fedaea95339bd0ace0625d6
SHA512

e392c37b368647514e1160894107d8fb9fb9e81fad9d427cdd81fa09b230c54e3b375f5dd8898289d45dd8f4a4db197e462c5dcc2526dcdbac81800cb2cfcbbc
SSDEEP

768:CQraSWAkwfcG/aHckO/1/jv/0/zX/wwXkZneK4Y2IwNS+TEb4C26I0w+rf:CQraSWAxfcG/wO/1/jv/0/D/yZneK4Yv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC35E5F1-1036-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421663143"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1652	iexplore.exe
1652	iexplore.exe
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2032	1652	iexplore.exe	28
PID 1652 wrote to memory of 2032	1652	iexplore.exe	28
PID 1652 wrote to memory of 2032	1652	iexplore.exe	28
PID 1652 wrote to memory of 2032	1652	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\391ac7f27eabf06d92889410191d47ef_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
96e15942821e425743db23b21e4ce252

SHA1
a2e91a6a7378e888db9c35d10960561b104b2f43

SHA256
885537348d47b22fa5deb33dc11d03ad8b3ae0f0f8fb495fcf84ba6e251e644b

SHA512
a759c55263bbe629e8ed378dc2431039e26739f7520512de3e95eb6f101279644c9527cec09f18cb6a263891149133c4d8e4911167ee0e7efc170a9ca17053f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
362018c1d4c6205718c21a4f8f41d1fe

SHA1
256c2e366c0080461339fe28322e4a2526f40e75

SHA256
96f4c002ba2ac8d802db1fc429dd5b28183d8d3f1459547c796fe38aec394bd4

SHA512
029cbdb4e726d50197e06abc87282c9016d0d2b6f8483ffdddfe6f6b4128895482f30ed0fe0def7df4471a3acf5181a2839524f77f1486db77e1d65212dbd6de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
115d42b06c0baec439b0731b8a42881f

SHA1
a0ca9b939207515a29d878a48eb643be31d33d77

SHA256
50a911dca8e0a2aed6e1de239737d72cdfc7d1e22d64556ae8471493e4be50f2

SHA512
71ca260e15887df4ba8337d34259283273ab15270787d8b02072851e4f2d825908354e199b019d23c5006bc643d6b3f93b4b2d36dfa3613fc196e19c45812e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6978b18d1f7c71180b02e648bad72ed1

SHA1
f84d141627f87370e26a5a76a93a3ef66c458624

SHA256
a09b7d2b9d66f680287c13a19abade7276ea36327d1e0f0dbce94e85db7d1c31

SHA512
9f7f560025358a37a790e852af181e310be7755804b65c2a68c70c4dd82b70e28095209527f59b2279988bc019d0a65ae2476370551ebc5132b9f01fdfc3ee97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c45dad1bbcdc111418f4bb4882c52a31

SHA1
53b2de43dacf7a0bd79e611f872deaf6618bd34c

SHA256
538d77048308e23ab61838014b739be740215b82e226ae5d28a95ff23d680004

SHA512
2335602652144ddf3808a9f848c882a03bca5aa78136e29179a3b1055dbe435ad6318a3e8427298869847a6ce3d3d14e0fc66a70fd693dfdc9da8fdda53d160f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ab51efe6b8d7c46f18481c88adf84d1

SHA1
e235a06b28fbd3990e14003535d3be995771bae3

SHA256
ccafcde1c4dc98c8b9e22fbc6e67f93210a7187292184328a12765adfe7e840a

SHA512
e38815b06fc54fd96f5b5480ccf902fd5944bb538fd92333cccd3bed7e355ff7cfb1ba0d06570d3b5201f06e5fd0a1e193aa77028eb7729d8eb5a597040aeb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b7a9ebdbafd09790394c239f6cec3ca

SHA1
64ad3a47028fd803cf3ffce6c6a96a8dea3cb227

SHA256
b75b401ce2c25bfb161fcd1864edc860ff733029bec18e88bb6bcfed69754613

SHA512
36e2ff752a3f2cc84762aadea07883578ced1a6556e264a876eb41df081409f2ae8a46a5adc70ed5386de396bfc53e5b5da9f02224b054d65988eecc33acb256

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f25e0464c792ff8be922c3560bf2a05c

SHA1
f4cca45a630322a6c6611e91faaf1d921b38178f

SHA256
e8988c9fc84ca2e0e1b28f603358646493a501c2fbc0b98a85a984d34161f9ef

SHA512
286dd1c677d0641e032094791ee84b93109ceec91ce788f943b3e7a2d643ff504d512beb10a1f599845f3f5071a5afc82840dc95e8ab461be0b232f4d17635fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34cc25496c4f1f43d851dc6d183e72c2

SHA1
78e4a10c817cd05456b8484361a500cd47d8a2d7

SHA256
8a2135d281863afddb20bc9442c50b7453d76a76230915d0fbffccb1baa08014

SHA512
d511f9b82197209b983e87a19ddbd89b9192c1fe4edf21473bd7db9818c2e5aa8ccf6eea068321aa346e84883d66ec5bbd237b8c256ae8b6ababac114def144f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d3c17a9dcbf921c358c37fbfdae9309

SHA1
335fee0451d0d629187c41513f381596e4fd466c

SHA256
578b7ccf66e1bd182ddcf872b6c1eab710cdd39a076ac6360b0cf96112f4d649

SHA512
e051a076b3337a6d59d639b9476e49ffa18e5c8b8acd9dd3449a8828f362fab7c10dc131216c9a07f88fc25c001a12ffe99acc183f60ac9567583d1ecaec25a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55b4dbcbb3303ccfc01fd88d1dc2c1bf

SHA1
d280b70ea4bcefb6545694dad87815b45e4aa486

SHA256
f1883d108f93e39f10fa10e0a0275b1963bc8f53a1dd422a3426cd309c060457

SHA512
fa99b754bd018805685832b2cf2ee58a3fee9a3e0c84685110c2280b216c99827a566143b9dc32b96d8cb0ee069f8e1e64bbebf10e311baf54f8a7ad6cf3cf2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a696bdd9bdbbb64babaec1dc1fb37862

SHA1
c4d017bdce60b8ac4f18ef3873db184d4aee6949

SHA256
ecbd33e199955a33d2f17eedea0848dc5847adabcef1cf1e76f3888d2610e56d

SHA512
8f520365613488cee981ba25576769ff542ee2862ffc5be5c0df00dce23d7c0515043718fdff01ef4355c96efa73dd4434e8659f3c46c80fd58538e6478a0738

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab23E5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23F8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25B3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit