2a20e3e672916af4a62d89346d203872111cb4c7e3a638c42c9816a4d4bfd1e7

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a08708c50f5b95ca67f98606c11a99f_JaffaCakes118.html
Size

213KB
MD5

3a08708c50f5b95ca67f98606c11a99f
SHA1

697c74cc6e673df3935acfef37b0296bc7955d63
SHA256

2a20e3e672916af4a62d89346d203872111cb4c7e3a638c42c9816a4d4bfd1e7
SHA512

702b7b174a6c5629b3fce1ab7ef51fcd54ea3b8573baec8798f056f3bab4c39a8e9c3eedbf9860a7db25cbf421e2b620f0c4bdc7745480a5c4cff08beabb9abb
SSDEEP

3072:SdJK5t86lP1yfkMY+BES09JXAnyrZalI+YQ:SdIRgsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421677596"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64017BC1-1058-11EF-9486-4AD8236FB259} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2204	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2204	iexplore.exe
2204	iexplore.exe
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2488	2204	iexplore.exe	28
PID 2204 wrote to memory of 2488	2204	iexplore.exe	28
PID 2204 wrote to memory of 2488	2204	iexplore.exe	28
PID 2204 wrote to memory of 2488	2204	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3a08708c50f5b95ca67f98606c11a99f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
513d5dc4814696857d8ff594d0188403

SHA1
dd8c89eed71c133edffca67047ce3f11dbce689c

SHA256
55e84a3be1f60f8c2f29c4a79e6e739cdbaf73f7e0662e877a11edd195841748

SHA512
a25699ba11898a7685b9636b18b91f215b8dfb0f01006c6075cc4d3cc20682d43db6b07136f274b63130a094a4424318e65d5b196da3c86ee26a153b45da693b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42a1f1b99740022fe681e5479b2ec659

SHA1
c5d166465eab26b94eeab0f1fe2515025f3d206a

SHA256
a76d30e1218509549048e1b330954e3d027780054e719d2612344f69a08febbe

SHA512
aa8adc4179f05e47fe19df89a331a1664d8b57c3f6ec9aa775fa7cb68ec788c7b155f5263e68f47e217fae417e91d26bfc1eac04e56db298245eb79837a506a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e38f580d02184ca97deb046aaa29986

SHA1
c3151874680f2e2dc8b0b4731b932382a0528fb8

SHA256
e628bd8ef01684c59ddd1eb6d59de7d58f5081fdb2723a593e39fdbddeb6dbe7

SHA512
80234eab2f7efca2ab192c7eca680628c2ee5953b90685b174de18ac79d2681a40b5445369a395ee84b7a9485539237fecfb7e0021a63cfb73c3661e3b6aa832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
099b40c862cd0a1dd6cc3566b496f4e0

SHA1
981d5f3ee0acddfa6ce1423cd638adeb6b550c20

SHA256
72b4b466b109cde68cf34512e91e7c5d2ae2e37f11ba481bf28205759098721c

SHA512
23487959e2b5aebb38f969055a6f66c0c15b638f34a7f363f53c142c149818ad28392bbdf5e7048aff762792d5fd2e48c40b4c2999fcbbad36cb384ec1cc1bcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2188497cf68d6ada2361e1c0b6139bc0

SHA1
12c290dd6c8351a98d46a48d3759b11a2464ee4d

SHA256
ddca8a97e914c0c7b7e68ae5dfe768513b5ace3cc93a727a587f205cb4f1d38f

SHA512
4ee03851a761ff5b909dd1570b6b97259515def27292fbe7fa0a2499766b11c89b29a179530a7a88f8b5f4dc35715fa7e40c144519f234499a2c21a0481312e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db0970d86f9e15145537626b62414b89

SHA1
0c84f887eb8713ce49b598d0bda4525ad996cf9f

SHA256
7f9621e737bbc3f125d3c99e57fdc680759424ebe4b05a9f86e3de7f1417801c

SHA512
e2b1a61fe9e5fda3cb9fa9268ad20cf98e21be6c071582908d41ed7fffe43e53b3a77506e66393e65545f84159f08d358f04a3700f01beb59dd1ba32c6480f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9fe78978e37d8c47f80e922061b0103

SHA1
ab475cd3384bc525cc6e96572674fb7772a20081

SHA256
6130297c2c85098bf25ce4c975a20ebb66a83d8ab9ab7fffaa2298a53e9dc6f1

SHA512
016d06e198473d84deedd1d9ee7842d4abd6c9019f0b117d299c9edf6d27fb80872a0db254dec8f7e6e58c5c2a4e5ce4ff8a2b6561bd347e9af8f16d7491cb81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fecb2c741db3712d628ecc015e748b43

SHA1
9dea685bda228b22e66c8bae6b2afaa7621979b3

SHA256
eae68d8d0550ad5f60ef39d003dcc909059eb225ea065efb7806d83c4a5040fe

SHA512
6293a5c1a51b82909f565dac0ae2fbcd26086a771e478beabfb680d5bc748090d3afc4171d5b807ac83938719dbc6fe61d3ac5f258a0950d07bf1bbe52888e0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e93f8f42af6623fff9a8a22b4b0f18a

SHA1
284cb9926bb811dce9d4543c45106f61f0bec95c

SHA256
5e6b1c97e4b5b2e7933083886a4cc0cab446f10abfd2bf739f2bc2016d3bad0e

SHA512
6d9f2d6a32714b6e854f0f9037c66c5a171af17c00642b8fa676b79d060f5bfbcacd57e4f08d3db68e4d8abbae4b4beede303423f5a5a166cd3b685313b9ebd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98eac12fb1bd6b7c415caddcf730cdf1

SHA1
119705fefadb72c804ee3e6ac28d8c5328886a43

SHA256
873b963b63ec8f1dbadfd99f15c3be0de9c591f51a51206448cda31d1b22fb13

SHA512
ecb358df6466ccd376f5b3f67b53706ef9a3373a213ddf7270d6a93905873baadfc1e25f588b95639d90e9b51dc269e38267e4981b52dd9b6ea5293a3576cb50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
141ebd42aa15ef692b6a476fbbc0b16f

SHA1
aab186346a97a52f8ef39c66353b09adafd64a56

SHA256
a00185933c386880997fc78a04f101a0483c39833ca50d88219015ddc3ce22ff

SHA512
90aeb10c98855f08ecf1642ab5cd3744ba241bfb971cd0bb8189bbb46a3266f3fbfd111167b6015d8065156e3c363ad3cae01ea00f7129b84dbf0bca65735d7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3464be6ec42f0d9429ed3f4c3e87b13

SHA1
47cac77157fb262e2fb6b2c2dec26b38e43a6b0f

SHA256
ca8597a7d37511fb5c14e9df027eb307d32b6bc695f0af4fd4fa2b8d9e4b8437

SHA512
23da366767525999bf465914e4a109395d7542300d9092a9623648cc2496e36ec127ebcd7f526c7d723eb1360e63d765216f07d63599b6fd94b6f991cb549a72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb92422c5e0e425fe5926ec7f1be3547

SHA1
9ef83a2a71764453b15b228f4e08b7a1825f21b1

SHA256
317ceead4b7af7107a42408db3bb20a747ad1c9e0cbdb1733ab34cac9bb9df03

SHA512
60267755e517a63b04dceb783c1b5965e91a955195c4c6d7ac6ff6dcb79179edd844b5b060558b1951cb17a1209829037198a36d5589c00b409aee1b8ad14b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ddab9efbb2ccc92acb9950b163593e4

SHA1
f212fc737a2eb4481bc31a1a6197e64f00771643

SHA256
a5e7fec4c26d1e4c53630c36707a325fc4344a0d85c7a8b4660d83347f8c4ae0

SHA512
e77c9c2e8282c10e89ab2dacdae29b8535496623663b66944149816ed7ddc7e8b2e64e9708568ca9f62e1a6f9b4d2054e058c54f6ddb88853e35ee4136bf4454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24b89078c62ad739522331c875fbd19d

SHA1
06e315da6cff46b90adc190329992272348d4afa

SHA256
91dfe53cee51778f21acc9b7e8300a95f6431cac13c2809b31ee4e6cb71d987b

SHA512
1cb035412612c83670883f8b25a2e2b6dab9b8413addd3b3059f5a2a556a033fbe04fc5d08a680a7dd398738cc6d6ab2d1a6c98d64b8e54bce5af8521c0b9dec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed41441862457e746d90e73ae17b45c0

SHA1
45f7e4b561adbb1af067ccef2789b6aa3be17ba8

SHA256
a7ac117b0c52d729a8e28f12c867a031ea7d04b11bf22fc649f74ef6125e1bce

SHA512
59f9205c73ec4940e3e3a718d122db07a4a027efa454ed4f50b27e338600cc9cb9696d4c262d92a200624c8c7e4699cf45c5be758d4fdbc2dcd8d6911e807e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff7197bf3dbbafb7ce28adce358e9c44

SHA1
9acc0e48c8761567c1941bdea5af0ae01c3d590f

SHA256
b15877c32c47a02654bc9aeec38992c368885c21adee19500066394758a92156

SHA512
a475e37295d5dde64d265658068dd0fc7146398e5f61ebc5d3d95c6a4a21f7240782e3f536dae4cf202f80d9afb336f4dd01fd9feec0f8ad57c03a8dd0416ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba1ac59b71d073899dfdef599ef05223

SHA1
ced9bdd40080936d41f7038732669b277c3db990

SHA256
b160996d55eb7b94bc3ebaa49fc13cd425de8127c056ff78492712737b68a1db

SHA512
3bffe5379eb35229c9c1a9a444b770cac18fe3e82fee92dd1c0cc8bedec41da03a8ff9c51f738fe4b2c73e706a17f7a0c92f242b6da048be0c7e95f1e12cf3e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd9b46a3f57d1449b37345b38d1f20a9

SHA1
fc2fc01a5d65a97a9c5bce1421a7367baac348e1

SHA256
ac138b523296863b3d8544e27e53b9f50ebf86bc8c410908e3e5eb7edbdb695c

SHA512
9cd953a98be39880f6a244e7842bf0f680706442ccec200861d44f0e5d7cf2baa5f0ba02577fa78ee2a12023b7aad22e73dced14aa49599d0007e874b9b2b93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B7E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BCF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit