6f62ae2a29267986f354f35472c3cf5104f18f250958a4c09871a5fccbbec359

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

483b25d1a28c729c59955fc185db1c7c_JaffaCakes118.html
Size

213KB
MD5

483b25d1a28c729c59955fc185db1c7c
SHA1

fcde054d54b968490df74bcbf830eba13ecdbf39
SHA256

6f62ae2a29267986f354f35472c3cf5104f18f250958a4c09871a5fccbbec359
SHA512

2fb7dbbddafa6a7d1e7c0ec7a165e27e5d5c29dcc236c3616eac4a42455bf2a48605a26052ca2031424ef2eb24c34858d124aece25908f465237f6b2aec422f6
SSDEEP

3072:Se/dzlctFcEQtyfkMY+BES09JXAnyrZalI+YQ:SeUY4sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73B332B1-1306-11EF-8962-7678A7DAE141} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421972258"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2580	2756	iexplore.exe	28
PID 2756 wrote to memory of 2580	2756	iexplore.exe	28
PID 2756 wrote to memory of 2580	2756	iexplore.exe	28
PID 2756 wrote to memory of 2580	2756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\483b25d1a28c729c59955fc185db1c7c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ffc37251b5546045614ff495bf6dc1e

SHA1
c90c012e26233c51f2884e5e9628badc5a897493

SHA256
b19163670686e3507eff7317fdec2256539e1be73ea8a957cca69107727cfdbd

SHA512
9abd9ae800e2a4e03807f8be9d9b343a18492b003a86733ab78154e612a98cd706fc36a93aab01a66f0bc5461bd2d8c9c2176d10b770319c486774925db5002b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e42b734d830100a44993593cec083cb

SHA1
9a97ef2f8439114241e16fbadae4ed6a4484b2ac

SHA256
a2ae317fa29a135181111088f5e3e40d1460602044a8838998b33e392c21360a

SHA512
bc2ddcc46737117e2fd6a201d0c5916f575775fcb61a9c5be472faf46f3ca65452b26d6750167f998ac04196d9ec5d11498aef9ed081bf1fc06c33d3d24af01b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5fe13174cdd26110cf78f8d3cafc5e9

SHA1
5c8ca2f4b9eb49374f2e6f1989a758f72e083151

SHA256
e5339a2ecc5b7c1920355616e49cd095321f815262973a4a8172fc16c04d3620

SHA512
5b9f7d837fa9207ced3ab598a7bdf2643ac4ba48fd6238054ad2d3b2d1dd718db7e316aa9480b5e293c8c222e91ab82615ccae88b32f0701446963b4608a4595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9487877459c1410a3ab13639d5408946

SHA1
7cbd3fd6ed5c41f491dbdce324cfc117f5030a60

SHA256
4a861522547714584f39924e56142112a5dd0ddfb54517bc44aac2aefff45b93

SHA512
f94e266f6c8a4d82ccfa0290eb9424a78a4f2b800380a6ab8e64410e7d917f50c82e4dac04fc0a92539ba6fad9f4895945fa24d0c48a37f0381b7bb363793ef3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f28f8b8fe32c47eb221ec01d1d3d093

SHA1
dda517b06455b5ee7c84f8adfe6a5ce3bb93d164

SHA256
55fdd1859e12c73c33001902e826716a79ff3d7716d1a50f20521d36058607aa

SHA512
2c84353ad6c8c9bc711155f18e85974b43006bd4e25b8d47b3ba39dcefa29d6f1967e0c8449bf9a67cb07c976567a88450b4249af368ddcb9efc69007aabe0d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e38599b720f09623fe7455e135bca8f

SHA1
75ff72ef244cc42b096043c6106a22298026774e

SHA256
56c97b89f40bbc179bf6585641525f732ef83e5e22c8c27e3bf1cc2bbc14ff77

SHA512
41e129192aff172236a98d18a058c7ad6a9352d6f4930d732af4e60304534d0afc99ccd0f0f5ee8cf3b922dd07e0ba8de685e51f50e3e261bf10828eb7bd433f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09f6c68a4ed73e0be648f89df5a2d1d1

SHA1
c3e5230a891835d3f28d79f6d9e53ea43dcbf135

SHA256
c958c3e683c3d08b0ab7b0d255dea01f5e02e935414ebdf6ab3c3532ab2520a0

SHA512
3bdf08502831726cf0261f7003d8aa6cdddf08d333633f077e2da9e8c9e502f3e4833352dfc63204e35dfb47a1cd75ff5dd3c5567c4c4f4d0e2ae5e9b7ac2a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6038e0e95d205a4dfbd58c189530a027

SHA1
42a835c9ec391ef14775290ffca4fd0c55e8628c

SHA256
584baf991d0174e4a136d8f3c6298d76ec05438b234f3c5ec486b73f4a0d3c29

SHA512
fd7b1f8d8766a4c380082dc92f88f3214c20da0cf4ca31e848da87de6c50c75e3da93673b4f2277903a8dbd61ee648e857f7d2b14458d60bb17297d60534648f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
603f0666262074ccf47d83d89b76d42d

SHA1
d261bdee9093f4cc8ab845ec1accdcf7de4fbd79

SHA256
35fb4313673875e8b12f66d9bc9b238a2fa7c9ff1541d5122ba5e7c8b6642f55

SHA512
77d5c4de71184710d0283d7e603b19afe3aeceb951dbbe0fd513ffcb46edaaf370d104a582d9fcd23daf03c00e3faa8c6aa0bacfe4242c84c66661bbf8512c69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edb1c3b987f9c15e775b41b3395b4971

SHA1
0e142db918d13bcd021a967f38dd29230a3b4116

SHA256
4bc87bb9da860ac46ef2560d57d302676a2d2864c42cb181af5e01a3fed0d6d6

SHA512
c98ce81cdc4a415e5966c89fde1003163e48aa3594763d78922fc97220c6a5c955b1029f24d79c51273c83647703bb4359df4a6db75783bda028100adcdb897a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94a30ac7141c87852559986d0c1cea00

SHA1
5caa01df124a0535e02ecdef7bb321c24de268de

SHA256
78a132608b514b2e6ff434e6e0028ca5a644bad64d0821c92711d73e5e29f8a5

SHA512
4687f2763abc142522932d8c8a10da4d4d706e9798cda74c4420c56f64bf619c8728314c53d93226108935c3eceb4187e393e4da9a5001df3382924eef6cd705

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a371357329f6de4bcc2c138da9e5b32c

SHA1
f3b60b522d2a47afaaf451906d1e8b2fdb8d4887

SHA256
6075b089c8a90f094626855263f89d45bc91200bfc9a98175407d287c5270b9b

SHA512
dd51fa777bd2b28b3c4848e5759dfd7124b12f454d31b0f66915ce3c402a3a51785cbcce1dd3e3274d08a7092b68c448644646a04ec21dd9b51e412235283f63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6939bdd6ac83978014a1cd4f341b31a4

SHA1
3fe7288e2e39716a73d95b7221cc7f1a51eb15f4

SHA256
32621f3c60871ca4a229746c109d889302eaa41f29af594edb8fb49736573a5e

SHA512
84e05f63e0178186e2edef89a7966c89eccbefbc0a6b35b5a105a4bd0f9516515a0b62cf76a6c796ea93524cd23b9d7d72e6dc8fc1725b7c44825d8ee46ca49f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e114a532230e33176e6ae4e565c97fa

SHA1
0d7f215181540829378fde4288273a6fe71a9b0d

SHA256
7143667b8c7adeb0da1d7bb132520622e5f8fade8a12b8206edd9013d6392fce

SHA512
a715408cc2d5214be071dcd1a4e366dad7594f4da21268df7d3905c4eec5c5d1e857b853b1f4a934e7dd7399464a8b719760795785fa7db58fe854761e64d757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
306dce29b0a058aa8b5d31e42ca65307

SHA1
aeda59101fdc5acd7de74fa8ca09ef600e347195

SHA256
9d0ebd3e7ac64a305b36094fb201d323b689a540dc49342b9d6ec4fe750aaf5d

SHA512
6e472e224b3acaeb57f88ebd4a2f7f9949c9d41cae6dbaab940c44cf6a3d139aacf1db47d36efa0675ffcb4afbe0aa3f096c82d79700fad0e8b0186adae70663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b144b7b0214e5aefddf316ae39716efc

SHA1
ac63d99a992cb4e75f1f45b8e69dcc40923dd0c2

SHA256
70f3b86e12d8fabbf47e0b4c529b59db775221dd610c6640b0ebd261d347c9cf

SHA512
c552b570b7a8ac013012e377fef844cd56411f73814079cec4e91be899bee4fb555c50b3f5b6acc24297bb5fc710df728f9cebe9fc5471277c413b653703f8e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea07413d1aa9c0b80a6d076eae75aff8

SHA1
576ba335fda4ff57548a78818c16ded8cbcfd79a

SHA256
a3105f9ed4e5a677fd7ca1ba4c331f3db36f4b9fdf5ceb5d4b6b0b2cf08dada0

SHA512
54aff4a5dd4ba60babadaa5990a23ac0e8a868118f5856ac42e82888c0bfdc3446ad3e4376827ed4c92a998bc6920dbbb88e19e324cdca915e1eccbb747dc679

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f40fba382734890a578df7f161db5e4c

SHA1
33355b3a8b2639786b6ed52ac11dcdbced325f60

SHA256
ff3bc7f92ede0d0db2baea56fc24ec90feb41ca2e1f9a525083c31b6d5c6124f

SHA512
3ff04f0d015b13977dd6bb3448c3805af2505408c6e67d52f7b58bca219a6d2d9bde5942b28d76d77099d180c920b0335abc496d9baa5b27436dbcae2d9f90a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2760.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27E0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit