eede449c4a44b86dd0c8469f62792c0c427964d456ea83b0b22f19fad453cfa8

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 12:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a07d6da3af05b8eda6bcc2e5f1e7243_JaffaCakes118.html
Size

25KB
MD5

3a07d6da3af05b8eda6bcc2e5f1e7243
SHA1

40d3c7273f6885391986d84e27565da13a240902
SHA256

eede449c4a44b86dd0c8469f62792c0c427964d456ea83b0b22f19fad453cfa8
SHA512

a0f8668c2672f758b62abd28e5d52ab23540985cde43c4d0050c684598cb469388d9e44d0cb725f6ad8182e8a6b81d0f7a2f936259b05321d51c129d9b0f51d9
SSDEEP

192:S9kfCawBMC14mP08AHkXTRmAmA3n+vrllTi+nOY/bWneWJnQsbwmbu2dpNGa7rvI:S9TBMI1jjgpbStNz0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421677557"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C268CC1-1058-11EF-9FEE-EA42E82B8F01} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2860	iexplore.exe
2860	iexplore.exe
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28
PID 2860 wrote to memory of 2484	2860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3a07d6da3af05b8eda6bcc2e5f1e7243_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4dbe7d9c96553beaff0458a6898ee0cd

SHA1
598f235733a926459ea18b05287ab3c977b17c40

SHA256
f044ce03bc447c37c8a854ae9e59b2f9c90555c6b325a4aaae21e4fd824d7fcd

SHA512
58342c8423f1da914684c614c42e45a799096fb86905d38674912db605bd3cee7a9105f631adb4359f28cc485fbf6fd19801d2cf95db3804149a4eb41a23f6f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c18dfb72b37a9f1ee79e4cdbc42d241f

SHA1
2a52b095f0c70b269dcd7efc1f4b5f639dde9d25

SHA256
785ace786e7af7f3efed1dbab25aeeb35e780dda8e57ef6a3b03251eef0df920

SHA512
03024bf275c60c57f1f12d6b9e9556a55ec12e992fa9349702bbfe9a3fd58668eb65461bceac22b08ebfa18115ad2d99098a34873e4556e0c755886bd5b6a625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
478707c850dffb78255d86dac76519a2

SHA1
26399f1ae8dcf219f69808a5421b17107482aba9

SHA256
4beef26a82db66fb05afa863ed5a2c6a6deeb821643798b20aaacc18547f0f4c

SHA512
8777123d4615003ff2bab6b160780a27336c4785b1d6bfe187129ddbc9c6806f2b4fd8fd0333c46ff091880ccb27437d4745382ec6f97702de718c037f508ac4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfd807f439d61f7909b62f88c3099b1e

SHA1
f8589966d1fcd88c5b7c8b7b9bacdfc69fc87485

SHA256
d322c7a157a65ad4022ca33f01e1e1ab1057f6d69469df5f57665f9b7d82565e

SHA512
2f7636ef9d24fcce57483250ad6ecf9b22ab13719cc90586c94c2cdc3371e97d01f75cdb33101d5ff2357a7016a391a2c6af3418435bee21aab67dff2ebd6524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c0d7f65bb0149e1ec848fec36220a92

SHA1
ac05e3b527025a4918b31a392dfdc5e66fab8caa

SHA256
cc8d1314da7f44f29d00ecc5bcf355be0eecd260de0f77f7ead6e11f5dc9f6c8

SHA512
359a14d6541127a504bd7b5b3468df7ca995441ec68383a1ae39f1559de5cecbe2df6b6fb123f7ded1a205519360a10892a95617928fc852906d554b2205bf35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d474232e6616faca8f6198a26ee53253

SHA1
303135f38502da38c3b8a0f457f0399682d0e91f

SHA256
0f3184e33107caa08a3cb432fbfe0bc2b0eda81226d2592d155f054df1d5748e

SHA512
adf5d16290a896251d8b94b683e83e94763f62101b5f5908fad0d6301a1b1329c8bc143473de4bba1b2d13cf16e8a554e1b88f223444a55fc5cc59fe3726bb59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50b0010e541502c2d6e2a51f87adfcc1

SHA1
ef48d02324145fa8c218b80dcb8203149bd5322a

SHA256
5a079c45583699d033f16a18438be9994d602caee8e4888818bb82a1616cf653

SHA512
529abb436a7f26d36c33fcf045012c291d44811bdbff0acf59e115caf3738d38cadee87e057d20be44451fd7b3b09ae8b1df5bea6f08c4901444348f24e279dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbde6c16a8a492adc98dde189cf4e3ef

SHA1
a22457ff7b6f4ee4dc69f72f96a403a1797f9637

SHA256
a7347a5a01cb500637c11db77567bcf15858da799c6f9648fcce0039ef3e83d8

SHA512
280435da2d6193100672c09c6fdaf2697f74646acc313e8e50b68dc33eebfa140f0bcced12f48f8be06f1e506a914fcc30adcd3450ee5493be773f8699726da6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f080936d52a6ab7657bcd23c891c460a

SHA1
6f0c425c0f286f6c0c6fd78157f0ada52eae2a0f

SHA256
cd56e7ba19e7e13c94ed6d98b52adad52f91707486cb877047792cf640921607

SHA512
f168653899c7fe7dffeb35d3d7c1912b256871436374c1630e84cf9a6473de1023de8ebc869edd27b9578d40886fcf77e4e8445a5eb52a8ea190eb061d44f85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71807db5657a623739e1fc507405efa4

SHA1
451e839fe726f7b36f979e4fc4581c28b5acf055

SHA256
64b278b8935dc9303cedf87cd82dabb19f4b33158ea69556e4fdb830a31ae544

SHA512
e53e34a2601b7633cdb3dd7daddfe534156ad1dcf8da3fd39ce94e4ccd3f7e5d1053e08ad75ea41f0f306c5a79710f6032c4df06924c88a52647c15fcabda6b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2efabd6e23f8be070a9d254b5d071d02

SHA1
083ce258d40754958c637366d2da5dd337de9abe

SHA256
c26a036b7a2799957b1716b89626a7efb627c98649fed3492dcb787f95e34747

SHA512
15f65d655897af7a7b2db5272b9ebd06179a3031ee98778fd1d93d30c9bc91f220c0bef1c3ad5c208cf9ebba2a78f984a3a897ce25b0b7039039204e2f2144c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc0b03349c4893b64d0b6f4937d9201c

SHA1
131502979306e6d9824de8d5eac4cf4ee2dd369b

SHA256
bcd69be7b018fa6e8d65161c1bd7ae1c21779a12969396da21c7150a2ee1ad09

SHA512
feb19fc5c817b648f3b62c31e10f1c3eb7a9a45d5d8468c35f480a6ce6d0052cad2d287febdb7c13c2e93b7f9530c35820462383b5960ff800da6c176b78d38c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9dba6345dd4dd5480a0fc0ce37c14945

SHA1
8bfd294627d78d38ee14eee8922bad44df3aed07

SHA256
02cecc8d6a91202fbbb4991aa71928afe9daa28f40b97b6d075cfa7449ffe861

SHA512
37065551dbc71eded344614ef14125dc810073a55fd8651ee0ed0f1a97f72630dd43730b4cedeaf695396db8698fc471ecb13b4e2c904dc12bd594b26acbef76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1868.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit