2a8c38beb9c914fda43340db76b82f3bb06002198b5322bfe5c024898bc56024

Analysis

max time kernel
145s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 06:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e259cc80771468fc51db259ed44922f_JaffaCakes118.html
Size

60KB
MD5

3e259cc80771468fc51db259ed44922f
SHA1

00010402cc33577d9125660b2a0b26c09c08ec40
SHA256

2a8c38beb9c914fda43340db76b82f3bb06002198b5322bfe5c024898bc56024
SHA512

ef9433079d8df305ab3bdb197b04ff96539225e5e2c7fcbc0a21c361271e7f31e95ed9f4a929aa9377f69ed046344d5fc1021bde6d9a1dff3eaadacde3532c1c
SSDEEP

1536:Akcl0dO217HJEv/SFT6cpfFkpwQpyO0/4N:AkclUO21LmvYxpfFKwQpyO0/4N

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2CE40DC1-10F2-11EF-82B1-CE167E742B8D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421743647"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2728	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2728	iexplore.exe
2728	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 3056	2728	iexplore.exe	28
PID 2728 wrote to memory of 3056	2728	iexplore.exe	28
PID 2728 wrote to memory of 3056	2728	iexplore.exe	28
PID 2728 wrote to memory of 3056	2728	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3e259cc80771468fc51db259ed44922f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4585d09668a89410e011fa09f7543897

SHA1
a7af38440a7b1ee382c5b284b47d607969f19e31

SHA256
2ceb5e3cd46047a980ae241c26b1c8ad301fe978f2a0e7f01f7cb4d84eee5961

SHA512
07d3e6af47890e067957d91e77dcab1dedf922563624707659cb87ff0abb7843b782a79c2e6fa9ec47554957626ca7fc100b33569ea19496e67d4cf87e62d22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fabc37cf08f11cd2d4d9ea6dd3d6353

SHA1
e714b2597537d8ee6658e747a29e2ec39c4c627b

SHA256
61167dcb9991b93acf9016f9484ab5c61b7fd9ca7ca1bb47416bb12844aa2cb2

SHA512
75e0143b6f789c83d1d3143ef5b24d0df089d70f0af7a52fe382a69e8c718c9b4f2fe921db589fd8c4f7e4dd45176b8664130783a799e7a6b834a3938fa7c465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edc18ab230ffcfcc01852c654f0aa979

SHA1
8822766afe6a2dfbd9635ebccdf79f63cc0cd835

SHA256
b451002078e4e8ae39cabae60e0260860e97d95b5e19d48530d5098b1876db06

SHA512
5e666982c34017643086e27ccb35de15018388f57c9153e63d5b5407b1bb5d9e5c0f48600c2443cefbdc6f4103aacd84ec7224120ff9948f00c156d4536f3828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d74b9f135ec2add2db4a21684d1ab7f0

SHA1
71d5b4097404454ef478d19065728b985218afa5

SHA256
d9275f205392eec1508ea6f2ed1d14492b677026bcf17a6515eab1b07ff43042

SHA512
0f2ec73d42095f379f73a7765c0332b5d8e34eccf30624ce6fcf3c8cc0d761c7d6476157e41772b21668847420485f8fa39b48241fa954b5958dfff85e90215b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11c60a1063f21a281ebe1f4fde5633bc

SHA1
ad7bf5dd4907fe46e38fd1b3cae95f70d35c6b91

SHA256
ec3c8e09fa2428afa60daffac14f485af9829f89a8a0a37afbb0532c715d9466

SHA512
735a70bd163cc29e585e645a936753e3a97a98bdb8b437a34c59e55231f352d7d220621d17e5d304356d5fa504180baae078417df91bdd7066ff389e435afb8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ef0b59c2dfff0225413c67baeb5a6d0

SHA1
1c9155e73c77d6aed8fd10d5468be927a922af0d

SHA256
daafc79250786b6240c5c8d72496f91f5f98108431932a9e9f66312ede41f6ee

SHA512
3d40fe0fe6e1ba0da830c1ae95c4534b6c994957dc76aa8dca4dd8f208c5023a6b0847ac01f51c0cf389002748a2944a72cb9f90a0cfa88fa94da6683e5f4c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
701d2ebe523971595f99c228d1e99713

SHA1
e6474ce44d61152f05dbccc4841d215244abe478

SHA256
50ff0898c5accd59204acfff34e45defb874efc6d7816cfb40042e2f73023e31

SHA512
67afb94afaa0471fc104893955ec59df8013a090088841d6f261ed16ccecb15d8a675c2aff08ff833f8c8856cdde00850198c1b7e244c4fbfd57c9ffbb19d6b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa3facd12247fca3406303ba7e987109

SHA1
b96e98002ea1ff2a32aed0a8b939e8e7552ff4d0

SHA256
d10c110afab7af825c76ee3efeb9f85aa93a96cd67461c21e091336ec1bf1ef5

SHA512
1905896b5a11cc19d8b891192bbde1e0ef87db8d06a294397d6189a195bb32a08643f001faf06b408b7c2812c31ab637c5e6e3ef5c5585a2aad3d6b47f5824d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
678a08b25e81a330cc82fef80417dd1d

SHA1
d0e859eaed5f1172dbbd8af6231ed16c30f72eaa

SHA256
6ab307ecb2135fa533c5a8daadf4e9fb9dd5d15580654446b4cc422b51ef5ba4

SHA512
8b705ce2e7934f7675b4b6ff3fc3dc7f107db88a750c09f092b64d58d77dd2d4b5e743fd7cc52051fd0cdab44443265e72c86a93d5965fb8ec48da52aa334afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6addf0fa90cff2fd6660cb0e8f4e185a

SHA1
d00c1e284351a3e7d27946cede43881e55ef8751

SHA256
049c8360d6433a352ca376a988540ee7eec5e48811cc6497d4a9aafc46477509

SHA512
5fc3d0097c7488672bfa332153790c0ab1d080c8f99740cae9cbb4c0fd4128034d3fc4a64cfd03f4dc79c5120962236e3224aedc50c6ffcc6789e8bea87cbf9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1740fd63baf285ba2476f77a74f2c975

SHA1
b5b7218023de775f9f2c421f8cc6b023082ca293

SHA256
aa3b47d9240dbdbe875810721259f0df66bc3d7a5af1c74e6c22af417d30dfa9

SHA512
8a59da222a56eab219a037b7d5714901afed00099918f966a84cf86d44a0f2bd75fa0cb55403fcdcc6026835e6433e3a3919b121fceecced688776064188774f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f03a054429fcbe15cec6eb17f39e44a

SHA1
72af9fad8536e280ce6421115ba2774a4d2da70b

SHA256
f9b6b18de25ca46857fa203014156ccecc3eb14ae8aba4b557ffbaabe006ef14

SHA512
df4c835b182aa95e7eb1c2bdd279e467bf5b7113051fd5eb06214d4589c0e4d9f5cff5f90f9f25d333f5530e61f259ce4fc35f353737c78ce95b4a5965e5d4a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c66783eac76b6cc7cf4991bced8e6144

SHA1
4069655913c0554956458d3445ad85c35ed15989

SHA256
c373d338ac5206c27b275592e0dc1c785fed13e09a72ef7b2241e3127f8fa5c6

SHA512
aa35e6ccc1d56a41bcc468ff1523083edc08fbbde13b0849a0b98d8e5860cf3ae9c6bf8ec6d430796b74172c4e1629c6617f66595e62727c86e1ffd614819f7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c66b4fa891629e70f7a8383c70ed3646

SHA1
361f397dea23920e98bf27eeec2a19e18ad94434

SHA256
0a7ad7284e7f751ffa0164170ce34049b650c4df5b7fc33ef37cb43d729662e2

SHA512
8aa9718b820d32e04ae63ee54f74691058ecad08d5e8f9ad2dc007fc213806cc491ee62e49953b6809e13c2c01c330fe7ab15d6642c59d308143f014af47dad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1622.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1751.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit