08793baf838827bf622d36a97c4fb35e6fefbececabf4c4a3ba3593ab1361287

Analysis

max time kernel
136s
max time network
141s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

438b8c81d4030779302144b1496e8ffb_JaffaCakes118.html
Size

49KB
MD5

438b8c81d4030779302144b1496e8ffb
SHA1

3a1f37be33b1fa97b7c05c04b987385d667aac9b
SHA256

08793baf838827bf622d36a97c4fb35e6fefbececabf4c4a3ba3593ab1361287
SHA512

2db754cd6926608ec0a3907b8050cd9c74fb11cac4a2ae80659ab95a37a5815b6ffb7def3aa6965d8233fadd79a1034664e2c5570697ef0bd9eaa288886120eb
SSDEEP

1536:SdsJaYT//xsnzNm9F18HRdsHsnzNm9F18HVAvMUIe7J+JUZKU0qAO9v471tuCP69:SdsJaYT//xsn4cdsHsn4/7JkUZKU0qAE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421890969"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FD9A501-1249-11EF-8B6F-CA05972DBE1D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1844	iexplore.exe
1844	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2132	1844	iexplore.exe	28
PID 1844 wrote to memory of 2132	1844	iexplore.exe	28
PID 1844 wrote to memory of 2132	1844	iexplore.exe	28
PID 1844 wrote to memory of 2132	1844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\438b8c81d4030779302144b1496e8ffb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4115822955b59e95f5a16a625596720e

SHA1
12e83de7bb42f958d38b481fda69f4b835c613b8

SHA256
972ab747dc1bb3bb8315085a85c6b0dced95f164900716ef44bec6511e5b94d7

SHA512
7f03cbc4406dc198fd88cd9e3551c8d140a754a71e394afb9c152dae8be3cf6ba8211fb311725112826725f5499d18910ee9e58ed986cf0b7da9faf8afa75bbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1981bff1eb73c72c67f2a858fdf87c72

SHA1
b1c081208f0685e7a8c9f48d9feea4a9753407f2

SHA256
9eb070af971886e509f84baaf347ed3bf76d6a60a50ceb3c01e46c0c3182a61e

SHA512
fa90b37ee2f22e066bb954ce4223c3d660e44ad8000399213322ec9471394381b6521426525b700ada980e74cc1781d7eed17153485919864f6c3fec07eb17b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12fce62b2f738249e29ff1c418c64556

SHA1
32c9b8566fd00e8b0b725467b630a09559ac0d5c

SHA256
d651d068f684f50cb003f634c3ae013d55a5336b304c0a4bade5666269d06958

SHA512
e70a57223d01ae7136663671e6d8617e45d2bf6e327e2dcb011494bf47db72227b9a82a0bb4e703480b751b7864f73615ac2c1921e2cd0994d111c0869d7f556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a6c915d18b8619647fcd95a5dcdf930

SHA1
e3a8e990ccbd60e4f368d22ccca38b75eca45825

SHA256
0287cfef6e01f3ef1efdd67dea439156eda0938f20266e0217e25cb4c5535241

SHA512
388ec95f7c6f3b2ab2b389c32a4c95712463e0c104230d34aa0991bd7d559da3da8328d837915bd9b7fe950b40fd6e03af7c83132c6fc286dea093652ee8dc21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cf190fd4d7cd24642467671ab445317

SHA1
3c8d54c2c6730286ff73610652eedda48c6b9006

SHA256
c02afdb9071bab88a7ed73ad1461ea4cc3b99b63be10b8d987cdaa914aafe0f3

SHA512
ab02207a6b07729635c11724a189807d7a6ebc7d0b4e43784aaf167d1d5e48e3f01c386e1f7cbbf583f7454d1b7f8006cfe258071877f217b2b16e5d55de049a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1794740caffac3e970f6bc458c83595c

SHA1
e6ef8383a02cde60c58dbfe63399f5fd80e1718f

SHA256
0d0132bbbb4fd3f7852e029b75fffdc8af24feb46cb607d6e7ce119ea8c5e074

SHA512
566fa5098a2156d1d363c796bdac861710d68aef75967ca1982e3eb5d5434e50377674ed5e819f02afe5743d28874bbca9d9ed38af446e946a3dd39f556d7569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c30499010006d1cb86d72a8d17a83e3

SHA1
dfca30d0888a106379d433e55d42b71e649880b6

SHA256
75caed58770e1232d5f7ab8d8898be4d57d88672bd1dda5a5ff8f7659a676037

SHA512
a7a72d60ba8de225f50ba13cb51f15ba3f33d238b83e630340d81cf7edb4edb676244a3935239e86f5499426a87e57ab4b816c1a0b26c7028500ec772d01c64c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e75546d9890123ee667d38f1c60b52a6

SHA1
aeb123e9bad7a2052aff7a106ed24367b1361927

SHA256
2c08ab8f11d9ae89ee5fcef92d9fb81484b0e427f396d56e5b5ab7c4c981cae7

SHA512
037e8fcba531d0a976b70e969f5184604f3cbee90f0c1a3c40c8843d67976785f05e6d3d46829ca4dcf7d948124459ff782c271b10c17d340e10bf0b4ac9546b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcc5cef495ba9edc2b48679ec9ad250e

SHA1
70058563494591ea6a67c492a2adf3d868d9eb24

SHA256
121d8429901967b1f347fcc1c64c853c7f78926cb48ab6cf3171194f423c8a14

SHA512
9eb3f4e656481caf3297163b6f99bd24882febd73539fff6bab141503a21e50d23dddd398b77909055feac51d5d3f900d129f33f83b0c6d9ebad1f294a85c5ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15a64166195fe938bfa6afac8932eb29

SHA1
b759b17fd2784298c9a449393749797abb28bc50

SHA256
d80f26f86963b2eea844b5780944e0920305b6bfbc596916aaa3b415899c1c8d

SHA512
a36a68eec204f4f06f7ce0ca73552f978039b7b5830d0cd428f1ed3b41fccadb473ef207bd9792ffd87784b7a2c7aa88f0d1dc176f42bd57e6737bb9a6f44448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bf589f10de7fa75306c43379b671334

SHA1
b977b9caa66ceae21c5e7a8cdc4b53ea6b4ffb35

SHA256
5bc825c1361900a10cb2e05bddaac8159b22d00a539b2292e0d0bd182cfef19a

SHA512
79f44db954b807f07e18407b5222736175d4644f3f22a09a9071b998014bdbd9d73dc25b4c9685337fa2358e7b9b75ce575cdc6b5e34f5b7169f96dd11258bba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bddd85745669e691b402d3d07d438bfc

SHA1
7d0a4824be95a971b20721870cc9a0097fb14e80

SHA256
57857a4a87d0ba926197f347797e4c0ae5e55042967a84e1fe3dd2daa082ccd1

SHA512
e34e1aa227e30abf4f9a76f0e50329cbee8bacd19095b176c22243ab383942f653e981e17395d0829c9b973943c3c826cf72857984a8d8233fcd0f2559b5b17e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\WeiboShow[3].htm

Filesize
20B

MD5
7029066c27ac6f5ef18d660d5741979a

SHA1
46c6643f07aa7f6bfe7118de926b86defc5087c4

SHA256
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

SHA512
7e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\WeiboShow[3].htm

Filesize
241B

MD5
f5ba896d004fc2ad25e2efb56b129b57

SHA1
f4f586a75c24d595aebac0d105fbf989b7f723fe

SHA256
5551cf9ff3d42d87dcd453c15951f650effe152236573faf7e3fa6813343bb7e

SHA512
7431e23775359b0a0d7cad2990b3890d14ff203a8113e404b0439ca9f5019021ed395b5f2c9e4b5ba59a398659578205bcb5c92ebd3f8629b70ab8d97f5713fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1048.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar111A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit