ee3e1fd7cc5b437fcdfc3c9aca43619311daa057365deffb6f77b3b82bd77011

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4846e5df65898fec674b08d8ff4994c9_JaffaCakes118.html
Size

503KB
MD5

4846e5df65898fec674b08d8ff4994c9
SHA1

6248978f3e9fee48f8fa4545a0d86a77b08ec684
SHA256

ee3e1fd7cc5b437fcdfc3c9aca43619311daa057365deffb6f77b3b82bd77011
SHA512

aa8f634b9e1f2ffdeb5364b070be01afa41107a17c6a6ff4e5e642408d6a5892481833afe782041408117fdde447a0d59457a0c242cca3b892473e7da156c86d
SSDEEP

3072:w1+IpBxYUVm9zfs49PwVeL5AmPTmBKM2mq/1R:w1+IpBxD4tLTB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A3E4C81-1308-11EF-BB1E-6A387CD8C53E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421973127"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

348 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

348 iexplore.exe
348 iexplore.exe
2992 IEXPLORE.EXE
2992 IEXPLORE.EXE
2992 IEXPLORE.EXE
2992 IEXPLORE.EXE

pid	process
348	iexplore.exe

pid	process
348	iexplore.exe
348	iexplore.exe
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 348 wrote to memory of 2992	348	iexplore.exe	IEXPLORE.EXE
PID 348 wrote to memory of 2992	348	iexplore.exe	IEXPLORE.EXE
PID 348 wrote to memory of 2992	348	iexplore.exe	IEXPLORE.EXE
PID 348 wrote to memory of 2992	348	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4846e5df65898fec674b08d8ff4994c9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:348

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:348 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d770a55c5799f4882d93d1d563a4e6d7

SHA1
9ff82d77e475e1a87777a3afb6a4f576f651e372

SHA256
a142557aa08ba03d8e571a3eb9cbd3bc88cab1d419444c693cd6dc4eea893430

SHA512
34b2a3b1a988f163bda86b2b8ab4cc704ec152c98b217152e1747271f03386286a20b9a31e799fcd9a7ca253f75aac8252a8eefe7802de712f78392e5d2962e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

Filesize
472B

MD5
bd5c8e332f97ac0ab9af520076d9c96d

SHA1
c4edada74021495cee9011998ac3c7b2f4fb54e1

SHA256
2947283c10244706c2ee62c23b39965b63e3e9cebbe3a513f55111e4a0b1167a

SHA512
a6c861f88e4056fa428671c23cce4dd8d910af292324facff20394a554568b2158f5a4a3cb0513d49f8d80b6eb273d96e06be12e0cc09c75cfd4acd2753313eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ef3b85e61fa531c44c82bbcccc10f103

SHA1
a9b2a16226f757ca08fd065b0548183b81ae5d7c

SHA256
dc23a39b657aa671c347444877296679229383a605d25a45a8328451249b11a9

SHA512
68430a929fba482ece573c90f97850630a7950e73328274786a7aad706cc79c04ec6668cad73417ed08c876209b9c30257893f8dbd1553b1a24d776426f28c98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ba10cf6be788b365df9ce70aa992c0b

SHA1
f000ed34629ba9c7a55d14ecd325ac35708a6cf8

SHA256
81fef632ca63fd010035d30d280232371adb4b60f470f006011a0d1bd92b931b

SHA512
e56279c363e0b714547d0af51e7b189b50f2df801c45f21a60bb105eda63d5528dbba5a58c121ec426b651ec83fdf56277cfd88e15568e9dead449ce194e9bc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd65e5ee311ec02c30cfac54fac17818

SHA1
935ae2cfcea0fa06424cb4293ebff24847222375

SHA256
7d64ee167f640a8ba1f7c3050aa8ac4cd2f00321de2cc9208aa15cba063a0ef7

SHA512
fae065151e710d467a1174605cfbf19ea5e69cec8592722a172b01d744ee3599df4e6641ef75fe3f092720157223899107bbec0e1ae9c7ea4e4be41cea666c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
880bb765443c96a850c020684bc2cf63

SHA1
a78b3fc70cc77421a942d374f3c1a49747987f6a

SHA256
103328bf680eff82430954e01e4a0dd7c362807121f01f50cc553ab7c30833ad

SHA512
86a9d43c04e70d8aadf19387e415dab1b766d331a83136d9f87d9376e4133a7ae647c743b34c54eecc4602574b52a17be574a44d537977cb2922df8e719bdbac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4972c5eb811d79f22cf5dff55dcf07a0

SHA1
57307a48d70bf916991f6694c57f59314246224f

SHA256
100353498e2a4651530eddcccd3b7d7b2afaacad4b53fb85050a27af55ba7c6c

SHA512
0feedd4bb1e99afc013d4bf4932fa897d89a1d638f36ccec9d75ebd5fb2cc132753dee1c3326662db2c5c736faf3dc708d53c93deec21070747411723db8e204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8cffbe17029fdc14928a24c61d549b4

SHA1
cb492302b081ff3ed07c3632cb2653646d303f6b

SHA256
229882b5e262b4d874c22735ddaa8984964beb9ad2df4b9ae528383c32f1e90d

SHA512
4263b773613bccd64e7eb178d8bff2ae897bb2c3abb10b38d50a81d89aba33f595ac7b60a4ace3d4c3a5ef3e49c66c3474029cd00af00c03251876b5562b0f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b77091d7c3835007a79133bd6b5dfa72

SHA1
c8a403255fcddbeb668246fc486cfe17410fd3a3

SHA256
8750f07469c24dea404ee3b3a5cc4c580286680905b6ecaa180d8a214d5ee036

SHA512
d2535ee020784bf5a408ed275dfcf2603e2937b0fd7202f238cd8d33e8004029ead61d27c01a44cfd64ae3354f3e2caed689a3846ef0f3649caf7f00b12050d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2c417023a57f225d4b582a171f8548c

SHA1
5261ff55d2baa7ceb4c02ef1062292bb3d44b97f

SHA256
3019dc0bc1da4dfdd05053e410eda2620c35fdfde516a0099bfaa932ddae9d07

SHA512
793c65d2d2fc0001de388f91c42314387b543bef738be4bedadae98bcaffff3ca9ed82b5d7835ad3e46c28700819a79de9e72c0c83d59a5a30d2410ebf7f7888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22360fd36473da5a3f4be6c9edb9ae1a

SHA1
81c14c563345458c89342a09d04295f60046c1bc

SHA256
e73d7e456a5952f3915a35e745f4500a190c489d472a06b8a473874745b0b2f2

SHA512
b9beb1c577fd40eebcb8583ba9160683a0bcb67d033812bf4d06bec43baab5bbc3c41c341e8442cd30b840c9cdf26bed93324b5e00808fecc6ce4b6836ddfaad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7474194e8169def9bda898019e52e597

SHA1
71bb6f692fcc6aeaec3a9a19ec6b9c841775c7fd

SHA256
04ee46def65688164c7add7cd8b900b946b56f8bde8adbecdcb472c806123323

SHA512
5517e2dbff5ccc260f0d71eb11139de1a82de5ab424283d0ed55df893d542a2475fd5300d30a8c992339bae2541b0cf95ab0af939a667a4134b45887cc690383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bcbf8a1b8d051604cf6674c5972c46c

SHA1
f6c42bd257bc9547d6a5feff46b738f22cc6ae50

SHA256
fdd3226bce698a082869a57c66402ad29f8ef85bb1d3cb5e4dffd4aecc4fa693

SHA512
1fe403d80a83aea6c83b375f7ce1e1707299f5c582711cf75bfde7dee96bf47df2bdefbac36525209d681763571549714796d292352e5bfd6edbc47694c84d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba69f80d87ab10eca01259be08c64a57

SHA1
98f08c647619e4d9113184cf2817db565d057f48

SHA256
42662c38e56ebc0a0a328bf9ebf14903383d10892c05972c32af9f69c7319cdd

SHA512
ed5a7f48112b7a65c6f059e1ea2ff1f3411aacdef9a35bbed0e6ef41a30e88dd72d0399e7806102bc5135f4dfd9f6ceb257b23d2e29816240f2aa4dd9ce80e94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
9b487f0b149db87138e50f73436b822c

SHA1
a8b1f4a40f635a846cc929c2d4ff9867fc4db922

SHA256
8d103fde2aaff6791a5769b3fffc8a34b9ed41b93f322d0eb0ec69ad4363cac1

SHA512
6f350adb8a42ee970258638afe0aa2040d8a2f9deab6936fa7029b79da4a888d57394200b362e16d2060c8a4acd7a74d8bcdce1c18f30f7d302ec3089d054561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\cb=gapi[3].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab145D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1470.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit