c0fab7ed29746eb179b01fdb8041d3a10da56f72157253c9781caa9628f6eb30

Analysis

max time kernel
149s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44667f133f964e18cf01d4b04537e108_JaffaCakes118.html
Size

17KB
MD5

44667f133f964e18cf01d4b04537e108
SHA1

34f4b2ecb8c772ae38ae53436be279802fb6ce82
SHA256

c0fab7ed29746eb179b01fdb8041d3a10da56f72157253c9781caa9628f6eb30
SHA512

7fd88012b51c10249b24d28b0a94c146fe56b312278dd21db31ba083de953ee479e632e9a57701014a0488f4ac87e7c17921567aaace0606526228d561a67db1
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIW4wzUnjBhc282qDB8:SIMd0I5nvHPsvc1xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421906283"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6CC83F1-126C-11EF-9960-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1500	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1500	iexplore.exe
1500	iexplore.exe
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2828	1500	iexplore.exe	28
PID 1500 wrote to memory of 2828	1500	iexplore.exe	28
PID 1500 wrote to memory of 2828	1500	iexplore.exe	28
PID 1500 wrote to memory of 2828	1500	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44667f133f964e18cf01d4b04537e108_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b665ac72e6d030f7c26ba4a3cf473394

SHA1
75fdf9e0a6b6ab8b5477e2b514b1cea3fca3ddb4

SHA256
86f33ef9b715f558fb64161a21b580e08d3b00b4da3a469329b1868512be1798

SHA512
b2d09b416f0a26d8dd18b64415e93907cfc1d63f02f2fe72b0afd554888ea89a4fe675f9fb0f46ecd8a8480417b6b98ce155dff2cd7eb9a03a553f155674c379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c78ec424a04caaa88ecf8c2a86ee0524

SHA1
3cc66136379b14c7bb8f29a77eda62330dd216a7

SHA256
8e4bfdfdd8b1535b2fa05552831ee63d6ff8f2a67b70a5224821a769d57d1097

SHA512
b51b499d34c22591b2e95bd329e9f4b6b3736bc2f9058974b3919a84a2eed1066ca81328c4e2233c61f393f77d7eddaff996372c11c6ac75ea2cd5ead2785c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a8876220f80105e552c692db5e364ea

SHA1
cbcc010f7dee0115560d5e8ff81f71bc436c5e56

SHA256
4584096edec486fa6960052fc526c82d667f177024951afbd249b7aa9ee2668c

SHA512
b667962f16c3f752650ec748240745adeb95533f44b162f4b52ad12ca84074ecd582efad85382f4daa2f01448dd29ae328b976b48987d35f48ecde35933d11a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ed1ee03f0a6ee9601fc11b208d054dc

SHA1
a4468ad8c85b528180097401d7490858ee9a49dc

SHA256
014878bd4d081da20d68761348904734bb046eba191ef1d5faf1424d6ced9bfd

SHA512
5d80a7fbbf791d041cc240e2c769d5b049ff87cce7675bff26c1e54e2b199530ef3ef5e1d6d177511fe4ec28a9a8e881b3cfc1639b39919635499a9057e469a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6860a91527290a4e68d743c68681f9f4

SHA1
222f075591a2a9dcdf47dd427773f7e8ef5aa01e

SHA256
b6255a185af0f18e5aa4ba920a19847e13d439d7864b19d2d861575962cd6436

SHA512
2a76b750e47887e43e98f2959936d9e1175801c64a2bd54403ad20dd987c210d3a686498b86ed1a6a9ca39fda6af77e4d991a6bfe946e3fe91f02ba70e11bf5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0c9b4caaee22d355bb597000674e76a

SHA1
62a1cb1393f373439c53f2fb2a390586968b56e7

SHA256
2969d0ddf0b5f502848e6fdafde55c69e3ccc9c38671a5f410789e2026b75401

SHA512
7fe9c587577838871eaa6a7c8260c837d9dcc47680ba478b774fc996a2284029b2143bebce8521da73c41df46861b9363baf61033776e00bf7c4b039d1c57a50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1db8b2f585ade76fff46f41ec59fec79

SHA1
3d5c9598f7a02af2ada1f1276f023bc1cc6424ee

SHA256
05c6f61b5b7f308c1b26aa0c2327cd85bd28d169eb1fc6b1647d0296c19b6fc0

SHA512
23918ded5b5cefed40a3257cc1e900f221cedef4df3af464e4d95a26e9136cc7fd30237c8603df3ff847a5b17002dbaa3b0cb57bc09e56fe896fa8a8d8d44632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a32f69a92ce5cffa36975c3b09e54fdc

SHA1
b1c9fbea521c650e8283f63d9114a401cd160b89

SHA256
5544a73f7b8a8c81e9bc72eb3ba0f07c1655f457a14f2aa7fd4ba210a1df864a

SHA512
d0d4d3b9e0c2141b8786c1985dd680456a542f561a93035c18ffd457c688c800f38b3613bf20895911385db52d49836de89b01653829414c3435c4c27784a012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b68ab02d282490bc760d800f04d5603a

SHA1
d93f01bcd0b0398f11cea363b06f4a278ccc3144

SHA256
8f259e77da26d4106adfedeb61cef82526acf08df4b448fb8303fd4f33038339

SHA512
7da6589c6c9f20864f1eb418d0a3988b88f3ec8fa6baaceab4078d74e7b093b6e0e7e5f37c3a849aff7c03b7baea6f485a9194cfc869ef6ce2c6bd7a033fdab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a99fec849dd312f6571608194642753

SHA1
4adb1ce3fbe0fce2983be00882d2e1e2196f4ccb

SHA256
4623880fa1f616a303c1f15dcc0872463bb8bdbdad8e28df20cb59a1c5f9bc6e

SHA512
d3b8ad344696c5271d3978ef3d38a1831cdc8778663680ceaa65cd756bff6b4129713264c7f4994f069c97b2f45ebe8416f032a2b2b7fb9c9008bf3a3935faeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b977673c0052d0a6968c38f82940c5c4

SHA1
cfe3953fdff59c8a8d2a988fe7001abda0abc959

SHA256
a517deeb583b0393e6f076ccf2919d1a14303797003f4eed6b9102549fa76273

SHA512
022320aaf2df7126f2226893f0a528134cdbd4bd2792f6012c50c01ddb2aa289f4b78fd83d4c894509dba3e59632342169123c7caa95cede7c6dcb6c688f7452

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8683f3cd96a0e2361d02299d310cf26e

SHA1
54d74ca5d39274e5abd1d0396b8a66d462e16f82

SHA256
5dccf2405022b56666e2266f01558f52aa62ea96630daf9725393944a24ed1cd

SHA512
bbb97f6c1b938217ecf5e085634562a42a740620e2d5b9ef5fdcecdd914edeaf12624156cbc02cfca7d969a899277a3549e886a3a8e01255d9c2c91d46d9fd77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a6c2315760bd3287e0069928af07d30

SHA1
45ee87e65d383d279da6280c3a4095f57a04eccf

SHA256
22bb73f6ae51a14bdd672386517b80de247b939650e2af3ef11bea1c129300db

SHA512
5b93cb7d2817a6c049fdfd1a9e36ec94fe2bdd71971e20d7bcf6503169c7f635eba5c55521ab89dd2c751960d18994ce495187ad944689642c32f3198059d4fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
813731f7dbd5263067ae1a89295a89d1

SHA1
c8b7ba631327c9126112acac55a82f8c7ca20364

SHA256
86651a936820710403e7c52578fc9a48320c524d4b62d21940a57c0bb815ed3f

SHA512
151964dc24fc0d418b74417b3a6cd859532e6cfb67ce7a17402ccbe68dbc214da063a296c49d201625fda3e9091a85b4cb8792a786a95ffd8dc032dfd416fdde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0096a1ced7d93fe57eac11aa83ad1cc9

SHA1
911dbad10e8a34dd7ef945126f641fbaca10f68a

SHA256
9e3685105d242528608b6a86f5c2599fd1812e91c021f081127270f9fa1e6693

SHA512
354e488e45dd36cd2174fc471158e9666c08e46b7af264bd3a116e73551eb067966545a8452478b6732f9dd361881df52265701081c9b4c956ff98813598201c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22c18a4f3053e281194dafe318596f49

SHA1
8c6963907715297af55d9e355aeee0f6ae4a3d6a

SHA256
7de75ea6f1927a121facb9895ba7a5a0e8fb0c7ab9d97e80cce7bbe8a72cc1d4

SHA512
07180a7383b2c5fbfc0fcf57c4457ec289f4cbbf46f54bf0a7b1f2f722f1cd43a7d463a9f395b801c088c9731a64e43ef4bff4ea5ca2739b192031e7b7a4f060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d5fa02b6999bbde1f48d9977a01c3d4

SHA1
4219b207633c325e918ab5a90b5ca89c5b09054f

SHA256
f81de1e79e5ee2fb456d6e7984f4135e53d533bda3016644256933929314b165

SHA512
459eb25a30fd25f4be9fed7b44137391837067adadf853294cdf1818bdc1c397957e611f14c549eb410aca23b3d8aaf95ad864314ac36979e6964340467d5869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73365831e5f0fe3981b6842eb1b115a1

SHA1
307195868b851b9e202269d12e088113ebe3e163

SHA256
7915564e7cdc7eb28d660f6487e1b3b13a0fdbed48fc9aa97551412365ef7829

SHA512
4c5539a0d97b88b19eb92e05b8fee6380acd2e36f4cf630686a54afc511da6bf46b25225f12d2bd61f931e81d331250600b3ae7ce403256f880a187dd43f60d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18c25d130845cc1900c6fc7db6703e06

SHA1
11c4c9ef95a2738f09bf9ef4e70b7dafe47b9e5d

SHA256
0fa10117992efe9843b534af5e172f50a1b26a352ba6c75d691fc8f9fc78a55f

SHA512
9e35cfbfb15af00732a6dced4baa2a194a84a117394d76aca5581973087f84c8406f5fa92e0e30383343c00cc75c6fa66abbe70e15ea24854178f3704c3ea8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab85A5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar86E5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit