6161f58c980f4ac5dcf9b1a7784e30693ac64379c8d6bd535d0e97d261769cee

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html
Size

154KB
MD5

3af436e4ab0784e768291ac7cb6f39df
SHA1

32a863b6ce95944571af9b3da92d59802b5948dd
SHA256

6161f58c980f4ac5dcf9b1a7784e30693ac64379c8d6bd535d0e97d261769cee
SHA512

5b262428104190beb9a06f080cc1920974b2e9d2d21445bf2ba3e7aa5581b7c2527dc503a03f467fb4e85249584d4f71fb79d68fb1279cc439ecfa355352c0ee
SSDEEP

3072:2eDdih9fVnXr6GFQ5t3rN941m+cuFaGQfTajTe95dtU93vB6svTgRJ0eEZzUkaNF:2h9fVnXr6GFQ55r81m+cuFaGQfTajTel

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98418A31-1079-11EF-BB21-6AD47596CE83} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421691858"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2216	1700	iexplore.exe	28
PID 1700 wrote to memory of 2216	1700	iexplore.exe	28
PID 1700 wrote to memory of 2216	1700	iexplore.exe	28
PID 1700 wrote to memory of 2216	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3af436e4ab0784e768291ac7cb6f39df_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
69e5c78574f116bf68d5f3d6205f019b

SHA1
c5d9b1141934f8fd3d4126b2771c3bcf1157e376

SHA256
ebc5b924e5088c437c321cb97ba96ff373222c13367b4844e7a65d91e075e7cb

SHA512
8bb131987a108c63239bae032911cc7c4cc31266b211eae6576fff279f184b53379a42c1d00bd1940d4a13728ca3baada646dc977633061b7e5a72786e632e23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
15e00179d0c2a17585072bd76b73f15e

SHA1
cdad64797c2b283d86e24c0b61c763f47f46f3f7

SHA256
27d4f1612965fef068c75d84c5a4dc70ea0be0362f41746fa85e825ced66bb15

SHA512
e5189d5b8346362ab177611b7623f6b4bc1674febeafc598501c88115adaec0ae2aeead80f9081fb168c7ab96db08ef2d073f7f9beeed31446ab278673ce8cca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dff03f1d1e5826e3fa07ce47e9da4aa

SHA1
78a5c2a66bb5421166d07537dd6d9f72cfc60664

SHA256
34296695a5649a314028f924aea981e7288f5719225238220bc89549e22fcfa7

SHA512
501b13688c21e106d582b1b69f7b2381f70c03cc1fd9d7f7302a61455086e1073151b8abe900e7ee2e1892c76839a81335816d4daa13b3aee0577e8c3ccb6557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61147491b538aa9234f9cb0f01743a34

SHA1
d53109f73ff98ac78bc2f3df4b5151a1a87e3976

SHA256
e9fac68320b0f7f0d819c10efd890516d105499def28ade5c47ba2c81f2b749b

SHA512
e72f927bfd1726195dce511a6d2ae1da2bad569996076a045b629b377948be730fec0b151bcc125f1e1be53bb64a373d6e1972b3b114ea78f29f226672a407e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c724991c57b726331c7fb59e9aa977f2

SHA1
bc2d1a32a87bf34b7900680f0b36d72280bf0c97

SHA256
349e9f01eda64a5a139137eaeaea279f499f53a5116b826b860944ac3b896837

SHA512
8e1fd74f16ab94c17d4d37936f00c666845aa060ec612970fd405e773c5c63260234165a610eab1fc10aece36ebb9c17107cd6c5419ea0958f542ec2c9776465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9279018fcba10c6289fa2a4e2022da68

SHA1
c2cede55531387a94ce9013718e52b9f35b8a6fe

SHA256
550f33eb2c1896a4df6f985a14ce78c78e1de4da46e972c0bc600c989b8c9c94

SHA512
c8d74c9c8c9a68a758473146c11749b1329ee2ceee57051805f5e7fecbecf7011c31407a3acb422ce17e2d9ac87544684cb71789d791d5a17f1a1a1205ca6736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be21a611b7bb16bb1c3438b75475e650

SHA1
2f54c20c16168594effe7a8db09137b4ebc2c92c

SHA256
848e730b9678c004a1a95445657e380cc94349b2a2cee6b8761452b444bede5a

SHA512
985280ec2de562d088dc26863a09d53ebdbd603a0fe939edc24b8bbf7320d17d85b8c887e888a329108ca4860e5ada192fc466d7a421e518545a661e65bf0012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
610592abb847f5d7a3305081b3c0f5df

SHA1
6d17e7971f43cbe882a6315611f7f29793a00666

SHA256
98201f9b893251276942d3fcefc47e16aed2a6657c1e2083e9327184629bda7f

SHA512
064e9510da4242070f031b059b4cd5765ffee6eb17f1432b3b38e692472217e0f686e42285252232ea7a711b554693f5be5b747a4ae858b72fb9f064f6d07ce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2027a54df20ecebcf7e4b47117ebf7e8

SHA1
faa9bd2e6801e0a6fadf44b32936c490b5ae350f

SHA256
b281f8e05aa4825a925b4183e6911a9d79bf822e74327eb698542c620967604b

SHA512
ae05f9e38dd7a04912a7de8445e803fd34d0ed4aad0f342a3a6800919b76686fa8110d4144ba3a344f3d521e4e356a4c229ccd952e95eab402bc7bf992193e5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b457240c604af2dd25b0efefa813210d

SHA1
49a767b0e1248f8a6d8615b95ecf8e9c93265aac

SHA256
831484c0686200482abd42f605f7400655269d3647cb19d6cd5a15662800fe0a

SHA512
1139fbec7ad46af3b26b69d9bc4e6eee067fa1607631bc01bb59e871fbeac69503147e039cbae6d90f14dd60ed1be48bc1c969989ccad82ca98353dd1bd3dd4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6cf052d319e1a83d0d49513e58ae01a

SHA1
0737bfefb6430960e5351cf6904e2781bcdff34a

SHA256
0b7796e679809b96e1220f4884cd2906aa772dcbab58dc36c36305e3e9fd9c66

SHA512
e3cf53f95cd6dc4e5f670dc0aa7e9e1a7d1b3f1d7fc15ce193ead5255cc1b5819ff73cb60a706fb1a48939ea48a016011be24424d4b198728199a3dbe504ae02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88f956ba8f3c6da667c997bbf86b5b7c

SHA1
51c794f9f8f4a69165f0349f357c07f45902e7d7

SHA256
774dc98f5d7138dc5069a9239dd49aba2de5df3af732dadcd08c7547e1b04647

SHA512
3cec5692bdbfffac4f35b25aefbaa228dbd750be74f9bafb16f9b57ffe86970992de03926a71a0bcfcacc247474031083cc342b7524ed43836bf8ef501d45f60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
371aabca0df7a61c0c9cf60f89c15e22

SHA1
dc4098aece7bc0813466d024050c4195fe234c03

SHA256
06e2ea551a38e3aaa03ddd58cbddc6e0a99ab94b2838c0ec19ff2fd7a1a65f21

SHA512
c27b0e49a28c80ebbcb35368278bbcc0d50a86330d13e89c36113d44bef29ba1ab8e8e1f812bcf05678a23493bc830dba83f85e3b985b98c04d14ab14383e8f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdbe836525ca546f65670e82d0f41dfd

SHA1
a146797269ad80c8570b84923b3d37f6f2f7acd7

SHA256
065d941cdb08632b1ab9fe8cbef1661bdbc7b294e4d5c38fa94bfb077d0f16de

SHA512
c09c83cffd43f796b79d1f2de3ff6d4469df308c4f82bf09efbacc1cc1760b3270cb7139370a94df1ac533c99cf50b913a66c081d8be1cd787cbd88279647a7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
aebeee0f35b82f737950aef835175645

SHA1
0f044b108b231d5566fb06bb307585af366535b1

SHA256
9d511d3d38f12ff0df2f4bb8839e095bd1ba8d98debf250c3d199ce698bfc750

SHA512
d6e281a2c76f2a2eb18ea571ec7246e2971cf70a00df68c2121a55b5a77b2dcedb3822ce3a8038c4d3378147380b750ebb3fb444eab237054f85c4f5ae705889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
9df5810ec0847cc289c683a0dbde6f69

SHA1
897ea4c139cd036f574977101ec68ac0ac8deda9

SHA256
de86e7e1a1076f1a3d003a2d7160cd20763b07513c3c522ea6a1b43712bff6e4

SHA512
f57c229e920bb63a98b8e370abc2b0da88ec67af6e9131d272d368f158dc1ffae20cc59c5f204e27c36bb9aae464a90fd8aa39f85de1ae23b1fda3de2678bc62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
8d242cea1d9926a90ed609505ee8729f

SHA1
0661b5d44750014cb9db7436ea8a6216cee5d684

SHA256
e22f099148dc1588930a9ed4d317cb41b4f0d14f5c6d11c13e029617c213a39f

SHA512
1b72ddff3e95eb3d9462234f847794c014120047788bb596cda5d1bb14eff7826985493d35b67d8bf3e373131eccf0424ce7a90a5c144306b8950df816ba056c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\205d812bb7edea5eeb641d8cc40ce4bd[1].png

Filesize
1KB

MD5
cfb96af738f89728285276aff130783b

SHA1
1bfc5c9248e70900cd3079f6438ac5941da14f89

SHA256
7d8feaba7c8f878bc69a727d69991c7d9796913436f4aa6b33e14ad56f948722

SHA512
9e3d913a1a43728ddf4efe4ddd45ecf72255621860e7e1257d913a7ba0f8ac3d67fe403b9a561ca5c9fbeba001f9fabfbabbb926b7af5d25efb2101de3366878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\3aeb3fe619b96c130f4a2331f94cec43[1].png

Filesize
1KB

MD5
06880927e376fbb787651bf3d0de2ec4

SHA1
ddd0d85db7682a1c879b7180b0027619407742b8

SHA256
b09254841913e9ef55583dd707285a887464e6915df97ef23aa4d1ba895b2380

SHA512
081fc43ad4de74bd630dede27e03ea74e30323c3e2418429cbcb803b30132dc96cbb16962a56c7b475930b59f248c138e51e9e48e5cc827a833814a3c13df439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1CE4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1CEC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit