ac1fd29bcd9af9adf07831e809a4b98ac75c80d43125ebe2e4783f63ecb5f091

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cab95b2291d6e38dda719a11f326951_JaffaCakes118.html
Size

213KB
MD5

3cab95b2291d6e38dda719a11f326951
SHA1

ea3e97adf4c13ae2bfe227c3effc6d5fb63d1638
SHA256

ac1fd29bcd9af9adf07831e809a4b98ac75c80d43125ebe2e4783f63ecb5f091
SHA512

c25fef473d05bce59fcfe74ecd02ab7ab3abf308c4de4fab73d10be7194ed81889b7d440b01c3146d3c7e2dc0726278b039722fa9e8115e860676ee3fc29c574
SSDEEP

3072:Sz5UI5DiagOHD6myfkMY+BES09JXAnyrZalI+YQ:Sz5UynejsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E8BECF1-1171-11EF-BF93-66356D7B1278} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421798169"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1028	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1028	iexplore.exe
1028	iexplore.exe
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 1332	1028	iexplore.exe	28
PID 1028 wrote to memory of 1332	1028	iexplore.exe	28
PID 1028 wrote to memory of 1332	1028	iexplore.exe	28
PID 1028 wrote to memory of 1332	1028	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3cab95b2291d6e38dda719a11f326951_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1028 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea0e97ca575648503a126324169eae0f

SHA1
d76a1e49a1696c3278528180b2fa8f54bfee4856

SHA256
d4484ea5dcebcf6e36a1026e41f38db279b8fd94c5aff7d5c77125f1d5b1d894

SHA512
0adcc5a503cf71f633d37c6df6d1400342d9ab8993326a879ec7fb51180186ab75a9c1b4d214983af6b246bcc720be02768de7ae2e9f2d4a68f7a6c88f98365e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fca8b4bcb7b627855c6fca16396b626d

SHA1
bea5fff69fa190e7a419d52aae768f7ce6a88a54

SHA256
070e823802598eaa01e5da887f9840002528df027a7d103527a375396621b316

SHA512
ceaa07d65d474780f82e6ca0ece3cdfa19addae4b9a66fbd70b7df94f1277bef1252d92e28c32b4cf047e9b4501f07ded388f839b361e1e5b1a5e4d813e1a0cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2434992610b16f533318bfa22afc89e

SHA1
e6dbf46b2724657086a84c083ce658aa803dbcfe

SHA256
1d2261c39ec3290f09d902eb15bdffb4b43f8e13828530f4a4f3f1398cb3ae49

SHA512
979af8ceef648852a5a162d20cf064c2e4b87d78518537330f3c209575f039156b7830f8dc8dbc51769b57203db6c11c52794ac3fba044709bb54399c1ca4ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd18646b5f64cb495f956d14938889eb

SHA1
70dc4212108b7e220e1678b893b8af9bb691a26b

SHA256
8c06ff9c3f9cd7fc05ec7b74e1e4e00c63f3aefbfd797ebf6a62689a3e816409

SHA512
7f76d88a9b52f76c1d2494438f7a8dbdb3499da05b29a355b182f991058bba1687807c33f1eff8db3f3877e0c6f14067d5bdb42b67bc93679d90032358ef3b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db277b8a22abb5df0934a52576955919

SHA1
5675e21f949cc9b84575fbc52e7407b4e4ad1354

SHA256
752cd2ade1df9f60e0dc4d573fe9d2b50ac92075543d6fe03f28bf91800e1c2f

SHA512
ccf70da73c9f0b7e6cf68982db1cb29327213b912057c42beb276e05b462523d053271940b8ad9420fd8cadc36387ec478495064637a26dabc0ec4f18f013d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3531e22b270e6f3434143f2f5c838e42

SHA1
51f21fb4649f2469ad03970d8a9676da953c2fb5

SHA256
7efbfc50ba6d003a1343765be9d80215ec690d232ce0c70182f219123b56a7ab

SHA512
e28e13fc9642b462dea6634f4bfbb2763802ccdf2312326ab76553f7bab637854ef43983c4986703b328c03752a4399ba7fbf0539c9b7c8683644e1ab8d27a4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dd40bf57ffae13ef590ce3e43941fa8

SHA1
017f5df2ce0c6ccd7a343d1174108ae8f17dae94

SHA256
f72e14641d831f3fa22e5930e1904ac08174790f2d0534e8d1bc95aa4e622d7a

SHA512
7805edf0b8f2aafe56118b9748acad93def3e7cd2d814742822f50528b3eaf5485938e6dd85554402582f4a5b02729fea04a115e46a52f46f1ee11a324ed4c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d631b818f7345d8242c762ac5d28d54

SHA1
881f803087a9831ff011a37f82f998c6bddeaef1

SHA256
1473395b6d525398e7191995e9b009b26ca891c0515c770055ba71b260f28402

SHA512
56f78d51af17bc4d062e317ba625c1e074fc7d007bff4bb21a658076ccc442147eadd0dbe64dc1ba4f1583902ee01565ef5c074aad0aa3c83b4dd73bc2b78928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b68bacaaf98c0f522462c90bb2464ebe

SHA1
a618d494375fe47b04f2a6d2b36bd64ed8f11d56

SHA256
be7a897aa1b4f6b43b2595815d275a44b59e58696578fe2e55116fdb5fd2d04d

SHA512
93191fd78c6c597bc4c6f7f166d0913ac169d2376c05e52263a7b6a54099038595e5329a0b8c98fd5fa64b9cda5db04f3917b335ad006e58c90fabc7d8871985

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9400a19d827ed9b2821dccc1daa6e486

SHA1
786ba24dd3200395d078fc110cc29557356f3525

SHA256
32ba881ef40da3d014fae1d8a4ab03abefcf98b110df186cec390120cd01f7d7

SHA512
fba59f8019721debf0c53aa047f799c7d99645aec891382deded63acfda7719a12fd632bc108d25631e9627119c6b334d4e01670f69b5950914b7668264aba70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7504d195cad9d24d9b77870d3aa3ad1d

SHA1
a7504e778d32166a68c3373eec6f9ac45833dc9c

SHA256
26e08fe7128f0652211f7647a4df77fc7af540b0b8fbaf5ba7df93ea17ee2a0c

SHA512
50f5d5477586930321719ce1bc94c4340b00736be09406abdbe6aee743e6b55569afc5bc851a54c38ba177591301a702a206ec562010b62dfbefa467756a23ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef01f2df4e2c388762770c3c64edf0b5

SHA1
6ff73fde912e441fd56168cb7ab5e4013d651e8b

SHA256
7a60b2414cbe84aa9d95e7991f527a2f6c9ffae3c7cdf52bb28812655050d5f3

SHA512
42983bcd3000a4b42e9e3aa88f9273fceff6a79f8087494b7c4dc5ab5e78dda1f290375f38b8755e85ab363c5b59725d520c792d1e9becda026c040fc107f98e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75bf2cf889aed4a14a961d2c9c011052

SHA1
0d8200a901023ea389f6eca38cc24baf93910174

SHA256
e5aece35f0bdbf640eb5f929b4e61278b20f464ad4f5a4abab2d892559d771bb

SHA512
efb6f8477d65f9de7898e9d8c0150e722e14a0b357fb2101508cff1836978caa8091ac172898fa70b03fb7ad98416c8b6ad4983c69e78a13ae33ee98b94687e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2590bef3a13eac25f1c5c1c58dd8a08f

SHA1
75c9baf7d3e260ab19f983bfbdbbc0ee27ab6a31

SHA256
7dee0fbf51c3b9a179107abb24d577e5bd94c5f23547ad0ed11897a4926c1f57

SHA512
926c6a51278641d2e007215ee74d40aa10ea5b62fbca7012e501659de96ba92ded7dc5150c45cce825d65fbcbe4e1270b75b3a5fd9cd690c45c58517eaced753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6617fd0a4ee45908a07832b858795f03

SHA1
d9989be60d317818204ade246c6f710cfeb621ce

SHA256
e556403f3ee20ea05d1b6dac517cd2fbe46ff44ed75c1c12c5fc3f2cc92e4324

SHA512
2c6e1a7c4edd1cfd85a286f68c333f99cfab5ba9a90ba0bca0dad69776d7096a30f59f33a710ca158198ab71a7b8a7bbce9b0c8a14342e3cc0c777598fd4d2ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ab986f9d82e7377935049e0f9d98fa1

SHA1
c8e9fc623250ac0d5937fce6ea12d391a163764d

SHA256
b67f892be9067efc503d6eb0bd930106fce11b8d2426a1529308564b7becf2dd

SHA512
d9575579ac59caacbbbac0c98e62bae0ba0ac99ef80256f62172f87b9f4453343b87f06d7128bcca053803ed1b9b1e17bb410c949bd17aaf99217ef3054043fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26fe7e71ad9874395046da8f2d638daf

SHA1
1203b90f043e55691ae452741f02be0b961e867c

SHA256
5d9c40c9403ee2292be5962e2c7dcf2786724f1f030ac0a45bc3177cdf2e8ca1

SHA512
fbd60639a38b30c933c68c64858cf9673e014704b3a9c0ba57907b26bd5542046caf67ebd442f1e712b348884cdb706743c0f1cc68fdf21f0ef786c17f204415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
362ef2207f19e9f76b4f1363195c13f7

SHA1
20a33cbabcd88e079495e9b4fdc6644d68b08bdb

SHA256
a7e0f2b9bcf0a2974c8d60610c009df64b0a8faf1f297f175034ef66bfa4cc0f

SHA512
73be9a803c59e46c57bfcdbd3d9b2f4179f1884b24b302eae761ac0466fc1834b85dc783b14c37b3f29901613f4834bd4f65b8bbdf57febb2d79e0e99b1faf9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF0E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFF1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit