39b04e28edabaa28f49706c37c968d02049d53a8341e69d43953be9790d5fac4

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 07:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

45305b545b98b83f30a14b7adc474ce4_JaffaCakes118.html
Size

85KB
MD5

45305b545b98b83f30a14b7adc474ce4
SHA1

ef0cc77fe614128565abe1a4f3c30a5469955b56
SHA256

39b04e28edabaa28f49706c37c968d02049d53a8341e69d43953be9790d5fac4
SHA512

f7eaa66fe3168438477b3c2ab83ae5dcba725c4b254e32032108ee867722effc8132d563effff4729603ccab0240f37704796128003bad5870dfd185f4cb28cd
SSDEEP

1536:IlRlVPOy/OyiecBNNll77VVYYooZZYYCCllMMttxxddiimmEEFEPX/VoqVG0NA44:Il9OWmOPq21A4n3ZqL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D9A99681-128F-11EF-A40F-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421921319"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2992	iexplore.exe
2992	iexplore.exe
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 3028	2992	iexplore.exe	28
PID 2992 wrote to memory of 3028	2992	iexplore.exe	28
PID 2992 wrote to memory of 3028	2992	iexplore.exe	28
PID 2992 wrote to memory of 3028	2992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45305b545b98b83f30a14b7adc474ce4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8ad6976eb06ed8c681d077d0492b8d6

SHA1
176f9a9fc8b4a983310f6463f672b21f09e6ff90

SHA256
027cfa0f257b4cc10d31f52c5e8c2af008e6c2b2723389ee97ec64a7123970b6

SHA512
929508a131603c1d463395de501679e54e5eba557ab5588dd0b0297493ec12469c02d4190359691705d26997406c0a181e8ec7cede617722c7a6097bab3803a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9b5c551c9162266795512e61cd556ce

SHA1
bda8e247581b39ede83ddfc7b6ee5e4c8b36dada

SHA256
29839e1c8309b2b95d54b16fb77cac5969a430403c45d0719cc2fee37c6074c7

SHA512
cc08b62a794f7ff555f5dcdb9250acf6cd1d70e6ae40f4f38aa1333219201c0f5bb6b707aa74033540c25084d14dc7437c295296183157b8352ab2a909365b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf177b344b1e5c0f3a1be2c3bf2412bd

SHA1
f8e97a9e307b3b76859f85ff908a785d4e39ad01

SHA256
13c834011459c2111d145f76dd58cb3bff5d7e61e9f6b9635ca3123cad4acdb4

SHA512
b07d31af46c3ff726dc1095e94ce83a47b2b0c8b29e33d6afb96c050875d83cc005b4984c3e01b3d9b0b549f33b0738810cd53c5b2b4b0076600af95820f8df2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6776a2aee24c55c05f3565281e8a82bc

SHA1
8d247e4f0fd8864b2e81158b37b9e288088752e3

SHA256
47ea529bd3d82984e6283587c3bb2cf6cc212b579299512f99116611452bd531

SHA512
94d228111cb1d4b310ecd9605817a29282ba66c128e3e6cb3b7fb939cc8631bb30e886a86e4cd19838c1030d86ef97f2c0b36bd33af8ecfbeff5b10f345c1aee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc4accd7a3722549b951863893bfb5ce

SHA1
6e5b24b03ae77a0cb3345bf011af2e202b9415f0

SHA256
86fd746967cdf3d1fc0a0826054add4b1900f87c15fb7fccdb79bf4ba372daad

SHA512
d99fa91f522ee524229d5798f608f0e03f2abe505aa8763278ca52fab7d88d71067a0256801ac1497ec1877d307cfed96663e575f748181a1a67bdd2f186a2d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffb392d81d8eb4042601bd8a1f3aa2f6

SHA1
77117ae95447f16bcdb0880b1ffe9a43de911931

SHA256
0fa23eca791c658317141bc346667c06bbd3b3d30e9d48dd8462890b1ee26e0d

SHA512
ed55e87d233f8710b8306c1176d4de20b9300d816293ac16e1fbd665bba55d4af1fd11ca972a6cf36b57cd9afbb5f8ae68b0d7d7aebf47a7f3e7aa5f4d3f0bea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1192b06570beb2eea5923d5f7b343bdf

SHA1
e63e5565300b371ba8de5bc37a7563e3bc76c16d

SHA256
e5e31d96d7afd59ab7be72e4cc52d68009ed98a6d48d6cf98ef701891fb37c5c

SHA512
fd39f7bafa891440675d3a7eff46cb00a6591b18f747dfab621e58a03061e099934ee5d1c657451dbc00eaf52af91410d19f948360c3e9d3f61a7c602e69acb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
831b30613be0eca65243640e14333ea1

SHA1
067576a2c88d8ac9a4496a617ccfff5575cabb74

SHA256
10d306fb6aebe5d8ea52a6d957bc135107c13803cff23580546e7f4d43106692

SHA512
59fc597798f0f27312a757d99279728606e435a452d5f893d1771781f5c438c97cc94f73890b2eb7ee69e296f199e325d436ca8fc1ab81ef0a3752088504a238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c15b1c108873bf04ada385db7ea37a8d

SHA1
571afe637c0546f7e642b50300095aba1e46fb9f

SHA256
e8f5282494541be377c1c9ddf727f938d667be45aabe95c86bb7fdc564d53239

SHA512
5a4e23c95c7887381bd5e546d79f0c0653204fe1f6cd93f9ecd010a8f55790ec8c1231363fe36b6550a015b9fa848c3fb3d513d8423ff93f392bda551a01a37b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98842998dcb86bab8a3989b328c395e2

SHA1
ceb938944de3f5c4c1444f7a9bfa51a83a843de2

SHA256
27f90d31978a6f995755d96a8239095aa30d5d4a203fe88ae44af79944966d42

SHA512
48dd8a13560e8fff072f84a1c1659bd9a790581a08150d192f39ecb29c4616cadef7a1cc1fb04b60e3a35787377d085395138f272259873d612ba95ae148d7cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f8b4bdde796e1a1142181ee8498b2eb

SHA1
6242699f626fa6cbe1c850eafe86987b0fe7a00f

SHA256
f99aeb9ab4f6fe0c47f04a6274445c5585fbba0e75782cfadfc38b125a8a43ec

SHA512
fa518f29a58b62a9b9c25362d18e3cc9a0f858be4972346d72d7aca48fd357e66887cbc6422e82b2652a3a74a6d25002396280a31d9b1ee68e2838cfe57d13f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
717e048c9865cff740555a2c8c5fef16

SHA1
4f08da8008cb5e850ba9d281cec1ac2bb4d7db1b

SHA256
7378b92b2a56bd55320d79f1e2ae86d0e1f59b091e7e3a391bae148f1989a03f

SHA512
ba9b1cd600e8e4d849485709229961af0515f75edc6cfae3cacdb7bb7b073e511995d34a88e05bcbca6f643d2471ff55b557b8d81906d85fb5e51fcdf5d8354e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2fe273ddec55887afcaca06f948627a

SHA1
940f2bf45d489cdcac46d6de8f5697526393ffbf

SHA256
75472ac87661505e0aef8835762c55278dcba51dd57376877cad7d90eb49c846

SHA512
ecce8cf15b1acf368f5a8b0d7c27b18497c99bd3fa264b81ab8eb307d90092f8b653661bfaa4fe0dd689975fb78c4e568fb14a0e0a630118fd82555985d7e0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f9fda9fed03dfe6e4257d88322c6a81

SHA1
eac3143b3698ff9f6bbb04675c5834c6fb37cc53

SHA256
d2da55d6b098f08fff94d74e8a291dd9fa7b679ff42c28b78057d18531483fdf

SHA512
09ee05b91efe037b7f55523910edaf9f654bcda3cda567f503f5a809d3b525a51cd586ec209de210131deb4473bdc205da1eb44f5d48edd2014faeb645d3681e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e6e30088fbc25f673def7742040fccf

SHA1
8df9039306873fccaa2cf1b4ef7ee5f78bb408dc

SHA256
0cf37a8ec3ad621651388f6f5b8c6c3ce4749a1b98b06142cb1c7d67fe1af9d9

SHA512
114114db9685b6221aeb77e1fee6df2677b962b30ea69d0d9a18afaaacd703acd9dabf9d40c69f7f04c66e8c28db2f61414e68835fe3386245141c0156e9a825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7561a0ba9c3a38232af433bf7a5a5119

SHA1
38bec4684117cee9d3d71ba949508fe975f7bfba

SHA256
67e18f5a51452116ffa457bb7e1ae1ce7c62e59f8c2ffc9e3cc4c0bf8a2e65fa

SHA512
2b6876badb9b03b2942aadcf4f4dabcceca35f1b42bcdae84df35d26550df8dc7b8e4c39c73d932295c376721b5fbb8df2c4df521dc3cff0f3dd48b7cdcfa866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acc9f2eac9bfdb354ffb6253955a7a1e

SHA1
3da4f94c3add6c1d3a88b28f60a6fa45d4fb350c

SHA256
0716ee3fcd3b809a4e4e09dd9d4d5cf7415bb25b503429d6b37f6d2a243cc1ae

SHA512
cecdfb4807b915ecf29d9d95ee1fcc4391b6d31ab66328fcb340f95ba569e13a013a9e453f666feedaced7348c81dcc1978e1aa2e5d497f95850f860799adba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a80f3e9c28178a5918fbf8f1a9a3e51

SHA1
85b2cee306761efb14ce95c090c18ef799dd2e4d

SHA256
b3fc799243cd14c1dc197e65357a5efc028e577fb7d536100f21c8bb30626dc1

SHA512
0bc52917c99bcc11da39e1f237aefe473d3bd37323fa1b4f050a37cb5a9d770c7128c90bff5ae57bf9f4f7d397b2441623e3c08cb3973a9dd7854afa038ef05b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbe5b8eb3b4ece24e4d89dec35a63d4f

SHA1
f14d0dab3c81264d75e5075756e71ef9954aa563

SHA256
8a95e2b0719467a80834df0260835178266aec4b4637de54aa89b669e5c2966d

SHA512
1f772425c3b88b4c55ee9b2b446fc9073cf4d38ad8ab42cdffc712752f824ac674bb0fc2d84b7e5a682eddbf44f9a105913aa60c0eca541fd250d3e2871245b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2464.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2521.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2545.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit