34d8035e0e2458fc6e2258d0b1d60b8c82859c287e6bdf81446e16a9188e7d8c

Analysis

max time kernel
139s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c45005279fdfab8c28011740034bdda_JaffaCakes118.html
Size

48KB
MD5

3c45005279fdfab8c28011740034bdda
SHA1

af439e0f97295edfd7dd830cc8b0674cbd7972df
SHA256

34d8035e0e2458fc6e2258d0b1d60b8c82859c287e6bdf81446e16a9188e7d8c
SHA512

b950afc73b706a0083c85a1b75ee20c14af0643a1e819ab976fee7c0236187c65eb3c20eda7e62b102dfb3b0d95bd2d6d0020fb6b6d720448194b5d696bba6ac
SSDEEP

768:OVza/PMS3xfuxBsRR1OuqKQcYqcZ4iIepLNBu5Gj/fYz6:Oc/PMSBfux2RR1dIcYqg4i9pNoz6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B15BF71-1159-11EF-9A09-E25BC60B6402} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421788074"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3008	iexplore.exe
3008	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2556	3008	iexplore.exe	28
PID 3008 wrote to memory of 2556	3008	iexplore.exe	28
PID 3008 wrote to memory of 2556	3008	iexplore.exe	28
PID 3008 wrote to memory of 2556	3008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c45005279fdfab8c28011740034bdda_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c92d8226e64436c3179ea7f20b25c516

SHA1
ccd709d3e546c40e4d504d3f900f11b25cf8ac42

SHA256
f4d719e1deb0816c60276efff5f869a941bd6f8ea3a56ce92cefd99f515b18d6

SHA512
4e8368adf4e312c040f1e619ee741a2c2e050f61c60b78e3b34ba964ee0cef9e11d4e1d68d486d4a4982ddc55469298aae9952a334a7a7da54fbea424eca06bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d164f35365197d2f7309f421ecba6c84

SHA1
71ed95e8e0789524d7422a445f26def9eb867996

SHA256
e83d26b3e55b03aaa6c494188ccd5344be011a5bb87f74e2b4f4ca06fc171c98

SHA512
3d2d1a488a3ed0d0d0a6617d3eae566c1d8d7863d0264139474b6b1082e4518a609c438e83329b0b2d55e4c8378649ae438cb37af9b2b60b1dbcd13caf8230fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb0a96377df5989a821df48881953f33

SHA1
1b36eec2349dd204e286190331767ebb3ad8232c

SHA256
98a5a1e9a92242f1f3b752f1d8d892213186ef1014065f85c05465ec0a38d247

SHA512
5235869366f1b8931571967d509688fb5d276de7021c7c8f04d8e3b181818dbf08a98a48669993051edc3ea5ad0ef4e2233df2ffff9bc1ae1c34001129145d93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08f8903b1ebd82d97687eaa4b696ffae

SHA1
c5dda5016f88e0f2ed03cd69414e141bb94ce21a

SHA256
7e084aefe813e155f7385afbe54c3eb7465013efe1483ca067ead87b878928d1

SHA512
1d9ec726a4f8c5aa826b758773ae7104e30788c56fe50971bb1156a92e45fef0aecdf4dba101de79d66e3e55a94928a2e1791f75556415d9b273e84483cfba4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e782d5b7d2e1b7e5c02f228130470f3a

SHA1
ae57c89165b3d1e16f17ced2b1dfa2ce02c71464

SHA256
1c6e7e4a9b22cd3a9927a9c5a011156509f65fb4150f07e4a183d3e9925b328d

SHA512
561099937c941efc65a859c76a36976ce5d4cdb3c0be9503975c378845e6a7c8262430e0eccccef8e26b64df4fd039d4407e2c6cc2906fe0735c5ac27eea8f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffaf3fd4f8149568d371a9dbca6267d5

SHA1
1f8649a1aa2e6d6226cd36626314948b23e4f3c2

SHA256
2ab0ed83e270f9649605eb689df85583db4f2481480627d15fea05cbf1f08e48

SHA512
7e385e454265ef1849e750ad2b9e70d8615d583224f7c7678938febeb04b09a5c5c84ce52e732356c9cafa2adda66cb5ca27bd1fd541002a8ba163a752d9804f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab091a5f0de71fa80dbca6c3314fc118

SHA1
1520c197e821d22980b36a210724e09c079e099c

SHA256
9df6bd47778c543eed40bbc16e0007ae5cf32d91b2123924cc568c433823b40d

SHA512
3bfa38f8fd5eca4adfda601a07942df7c5408d1d6b55a596f54e70a13f720245670eca588447ec4b55c2ca25ce448e0a5002669381ed77ea69ceafdea2f0a107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcbec7f6a0261c359d00a10dfd1d3373

SHA1
0e4fd80645d22bdd4cee5f46a754859fb514a08f

SHA256
0142b10c426e519e0874d35677e8deb90cac62966dda3086126bf5ca0e814a07

SHA512
08820e348e84f8f2c31dde96ebbebeb07ef55512d4eec8f7aff2217f322d9d759a6e4b61f0c8246311e3db15040269bb4180aaccedd0fbe879f25ca8d9e34c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b8f3dbe6c14a5d887a00d77979a8dda

SHA1
6bca3b3b18b2b430d619ae711d6fdc3d74954ff1

SHA256
1f2eed06b42d5fe2ccf619eeffa78606323c8d679bbae50ed736282dd9c64fed

SHA512
8ab8956b99a654a9ef1a68dfa40c043b8b61ed10dd0cb3f43122a2da6a046624ee75e36bb24ed55957665895d5b11100830ae64e474f1ccc77cace7d3f9be323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4ea27a703d67da3656907b7acb977a0

SHA1
87c2b9273d1a02fd278ddd8125b465c98720d31d

SHA256
d5969be28a9c8f840fd132a9daf3c4c42328b38e2c0f3a780ee52cdd60946a43

SHA512
db9ec552869b1e058ade40dca46aec8f2ae84e67ea30544277518ac7058633178c71cdae0895973ca7ef4f0a8949c567fccf4eea4ca8d5ba36b3957928ab07b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce0540e2fcba68c71667d26549ff8ae9

SHA1
55b2c12c3cd5811af856b1b2b31318d828b6d275

SHA256
9a561cec705150911bca548eb00d7eda24f05daf2855e8c59a97954dfd57db79

SHA512
4650abf7a96fbccccc44875e9fe0fe9ac8a2d70da4d1bea4975125ad65716a98373071a5180a9bb827851ac05113044df68d18e3780157f978b758a63cb73fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2b8f1f826bc062841575d6e8d9d3f74

SHA1
4fffa4285ab884b49849a63b6e43fecae49b0596

SHA256
c6fc2ec7d0701355076c0ecbd3eec578c23db616c4b4d08c2915f8fbd479b973

SHA512
436c3dbdb5483a23665c7674bb71dcee528e4269ed0aa110a5f179e2bdce67ff102a19c25db67fe261d7a8c03e2d3577d1d6d2a5bf88b88a6b89d297127669c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
d20097dc2c8cf7ed1a21b101095a41c4

SHA1
24d88706e616ca57fce3ea0438cdf0ac696e4b7e

SHA256
6b12df8e30cf020345a8542dfe53ec03b4136e68f5bd1c33a48f9d37b63568de

SHA512
ab9dfc5a9a4adeb89e68dc1de52d27bf1935bc6646fa35f4c81f8b905800e00a74bf4317a28a0b31c155921360164350096296ccd9eeec3a6452b6b28c913c50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7550e26e12b3910c7097f5ebf1ea386b

SHA1
635819101f5e07830e9c35cf069333ebef886fc2

SHA256
a55e9598ed770bc12711360c5934ceab2db506378fffa36d3b1ca8913c35f27d

SHA512
7c0550adcb724354a3d857da52561f7d894d530f81de7c2ca02c4501f3b870a0f31f9326143f8a3dfcebf9083f390f45f1137ef986602251c1c4bd8f40f8269b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7E63.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8760.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit