059c7f21dc6b55399e75eddb46e898edd2350bef10b975e540c63edf09840b01

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

392bd8511ee46bd59d44a33f8ffc22d9_JaffaCakes118.html
Size

506KB
MD5

392bd8511ee46bd59d44a33f8ffc22d9
SHA1

6ddaf2fa1abf361d050a88b548677f17a07f2687
SHA256

059c7f21dc6b55399e75eddb46e898edd2350bef10b975e540c63edf09840b01
SHA512

8579209edaee9a4761474840545b28b80ed5ddf44d3683562a3261631d7bbce9ff6463d319e33ec7ca7683c05db527572f3d8832385fb8cf1b1ceda9f0ede991
SSDEEP

3072:wP+IpBxYUVf9zfs49PwVeL5AmPTmBcM0mqx1p:wP+IpBxo4tLTr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{579E09D1-1039-11EF-8C47-FA8378BF1C4A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421664267"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1592	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1592	iexplore.exe
1592	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 2188	1592	iexplore.exe	28
PID 1592 wrote to memory of 2188	1592	iexplore.exe	28
PID 1592 wrote to memory of 2188	1592	iexplore.exe	28
PID 1592 wrote to memory of 2188	1592	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\392bd8511ee46bd59d44a33f8ffc22d9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
efb4234dd6df7701ae5a7294b3052dc4

SHA1
8e99f28d99a7b22112e4e097b6d8bd94b93d92b5

SHA256
315e3d9155db37818b7a5ff0852efe250ee5a86017c9539f021c88bd28c71fdc

SHA512
ae92eff642f799a20222dba62201691075fd9e8c811a9c01352efa56c039b404b57de57958b8e8f0d8593454d5ec1d29dfda4dc733f30d49fe9bb9d55ba4b0a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

Filesize
472B

MD5
e1d843c7c481fc7e55f1dd11b92d281d

SHA1
97f9d8598907d7092b0aceaf405060793e8e3dac

SHA256
079cce29639cfac402a5f853db0956fb0213f6c9c9563e86ce43cd72728c5edc

SHA512
d3a399ef2106b232772c493ac3dd3bc2a55d846ece3b82eebb86c2bc53482347feb896ab45ac474ee163d3c891a9305d5cff9393b9b4e90490b1d8446b0aff69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f9aa596d00bae537e448ff5abbb3f42d

SHA1
13690e662cc66e2e6a412f95161b97a3cdcc8d6a

SHA256
eea7e363f1b0bc87c755635c56a66e951b95f390c16b34994d41710957ab65f1

SHA512
17b79c965233a140cbee93de31077293cab6f49bf2744b5dbdd684af146ae3b497e8e4773c10c9a0f47d2afdf7da0f545d22d577e5180c9ecb6c964508226209

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
aebb42e458ce0591ba5a91d17c35a737

SHA1
c552600258f2c41481e12ae9a2c45fd223f2c7ef

SHA256
7e774f8065ef8db7c9066c79348651435e0352edff22580e2dfd2bb74be41209

SHA512
401ace3974b1d441b83147b638842e66c989e32fb5a39a1408e0e7e5f993a320a98825100a04c5c8a12e3177a5d67beeda35576cfc61749f789575b9a8a086d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5853deb5ed9cc786f8b1d196dbec5dbe

SHA1
b95535e8cc3490826f21be831025332c2be04a4f

SHA256
ccb6445ab3ce88ac437cfff0064c0379b26548689666b498b7cc946d8be934af

SHA512
916ea00f48ba86c52ae05cada3a80932d5259e694a7f8bad8afcbf5e2d9b2c456d0213d47d5f100329f76295478b32bcb2e06fbb4ad52e0f2a0b690303749dd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23206e78c74cfb2e4da9fc065119329f

SHA1
b4755dd92b13257dc5e34d01e41609d1e9f85bb3

SHA256
94eb840e80740a1443c793f00f2abd4b7d524ef687fa1717e8321f7b8efd4661

SHA512
cfdfaa3b1d49947892f0c623843e0965057a0bf5e01fcf667c8036fad9cde0c584be1b01d9ecfce2d40574fe3c4af936323481a3847ff0a0901330e446771e9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be7e07a905f2ac8644a83cfb911163da

SHA1
9c6cb20f541798991a978bcd9eec331337bbdc66

SHA256
03a109816aba574a1d1ff9fef58a89d13b588582ae000a62bc9fdba5af8bcf21

SHA512
30c0d37085e09461703bbdb82dbb23ebe63f5c91f530baa3470b067feca5a449d56214d418b6171b67787ea24ce16577898917cb45795c35fc60b9589989059a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fcb8d482c378e73407881162fd340b1

SHA1
3ea41e5a4ebb0d8db9e7096ca2da3e3a951ecda7

SHA256
84e10fe394e9c1d091a7f6698da64f7c722d4caa8fd56e60226985a5492d2b99

SHA512
db3a95c2a92ce09d80c54830d80c17610dab57b3321f1319d2dc2b2064732c31df2a6d240b129e853113165869642609dad0ba140bf0172fbae1a90e4d15bd1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd77fe65cd69ed3f7046a8edf1e1c03c

SHA1
a652b1d570417b1f731852c156c2b27823ae7539

SHA256
49d0f569597f943a7b354541e4b065c29dca7b859fcbf0fb8c3fca2dec364e32

SHA512
eab67a4153c167960461db0cf22832f548dd26fc7d270928b22407eca111d5a3155a7764aff28d2a389b2bc4b1bf73da0017c4c3f56acc5950ae7f7b945c53ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab55d9d91ffc85cf3c5a6ddd61552d0c

SHA1
fb3a56cdf45ecaad292d0a7e53a602290d43644e

SHA256
0e09e38b4608a4dceb22b3291a7e96bdd3a7652401e139eaf7e3422dfc66eea3

SHA512
c9fcc0d38b01e8f1aedab64b9c72614ac21a56c5d2d6a62a001f6747762884bfae1201a41166c3b7059819c00957a4ab1f9d872323631339cd949432b0beb30d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b41205d607f0340b5c5fd7cab676806

SHA1
36d13ae9e709d4c630f63319925ee7c723e73093

SHA256
bd3dc3ca9e7eb4cca4958fffd16bc2cf073d95503078db6fd2ba5e534d503d35

SHA512
3779de9f560ab1b0ed0c9553e01016b0b55745aa21d9a713fc961b4325fba7e8ebc6b2ded7337c6085eccca352c5f9f0b1523fddfa6e79910290dcd5bb64ae7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
43cacff6ed99dc295e533f10d5a3a6f5

SHA1
ef157eec9fa33bc972bb9c1aaea117ba1e6ea594

SHA256
d5c8129c32a585a63be5ea9e3697457ef36a50da737d9b85c004502d8144d3df

SHA512
28e486e002711e5658a3e39808c8c539190c4f9636701509afd0331125ed49a4034494c0474073e0ec3c034319ea9744f61186929c0e8106c60efe5a42382997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fed7a05835c5a2aa3fc2d858ce5130c2

SHA1
a74e3bea493f147a256d0f5a40a9a1794cbe9942

SHA256
93578b582e9701807e5cf5467024a1b8d2b6bbe3926f601143c54fc9548ecdf6

SHA512
f73ba81ad05feb2960c61de161d1bc28657e3ec70a8cc82ec299fb31d4a7ebea77ab6bf15a28cff174e0cba24da27d73254f442ceee859a6c1147295031a230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\cb=gapi[3].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab930E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar947C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit