4738fcc15b1c79f149842a589b31eb88b8793ec4f65b400f6f71eedf28e8d1e7

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

476b010e7334a60e522ca4878388340d_JaffaCakes118.html
Size

213KB
MD5

476b010e7334a60e522ca4878388340d
SHA1

1895740e43ac9c358118c252d2394952f5008c98
SHA256

4738fcc15b1c79f149842a589b31eb88b8793ec4f65b400f6f71eedf28e8d1e7
SHA512

9e1b87d4d94ac6ebdf1f98ab68145ff816ea517a72b24133dadf2b32d35a85658217ebeb0d33f8e2798d0858df25cc4d40fcfc16d3eaca751614d7b6d557a744
SSDEEP

3072:SA2KUVXuELsdjWtyfkMY+BES09JXAnyrZalI+YQ:SjNecx4sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{532BBF41-12E7-11EF-A304-E60682B688C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421958889"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
820	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
820	iexplore.exe
820	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 2552	820	iexplore.exe	28
PID 820 wrote to memory of 2552	820	iexplore.exe	28
PID 820 wrote to memory of 2552	820	iexplore.exe	28
PID 820 wrote to memory of 2552	820	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\476b010e7334a60e522ca4878388340d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:820
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60cc9fa9d602797e49864891ed970b74

SHA1
8348ec753d9dd63e5f90897876bbfad1b2e0a929

SHA256
860aff32aaa0626e430319c99458129baaa415979065620a09e1a984110ca513

SHA512
3069c9fbb1c90c7ba12dc4f9bf7732624f7cd101936f5cbefa8b19cb8fb3c29840a96ced39f202fca2d288c862d1b59bdf545a2baa3d9e12b380e8ca24a6e1ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52046aac227c27d50f3cf8f8f6f07515

SHA1
15bfab6cc3cc7e0bdb472c01462f4186e20a9d3f

SHA256
23c31953a0d47cc9bb29a51c118cfcfeb5d6e1f56b31e2381440125018117ba6

SHA512
46bce8ad86c7e1715b75ddd468eff67e0b6a9aae5788bb965a05a27f7144d54579533a2317fc21a5a55bbd78745495e81d1adb6a605c225bbabc0303548250d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1503d4a5af14f2560d2a5b074f5b35cb

SHA1
5e1c64160e5454f6f545cfcc30e6f6bfea7e13b7

SHA256
9883a5f1bd0f55330306c0ab4dad0fa985f8aa7d4a8fd25663b3a46428c0ce74

SHA512
b82b77c5b73f13a46470a8fc0763d9c5b3929ccb33c65a02d1c0a36674f277e0f0cca150c98c4e5bd3ed853ea20e4ce443a603b24aed3a4a453eca5b16809db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f2579dce3ecb5c44b72501c1ee9fb31

SHA1
b5aa2a3c459f53df63f0060136172ca2c1f01f82

SHA256
2a8f3e79dab5b07bd7b91364b2ea9ccaf2bd8d693bf9e8efb0b49d09860e6088

SHA512
23e84bafe9185d0dcef73b9651173f3a6c68f4bd401595f3a4fcc14d7b90159efec1c1a5b397cb573f22aa3a89805122af303f11acdcad4783cb55b7c568e6c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03bdf48e08acd18a835f26e40fa5d4a8

SHA1
b805298449fe4d8759e86d43e972cc29138cac75

SHA256
2cf01226f9a50e6c2662f8708fe1315ec20eca524af8eb07a6f32f91709a5cfc

SHA512
f81379f10304982f591cb9ef8bf0ea4490f129de08804de60dc2e8ff01fe7384bf1cb7aaa2cf77331069369955179862e9d5359602e2cbcfe1f8958dad29de0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25bcec34530a0ddc5fdec67a5f349dce

SHA1
1faa0383a1f6bc39c1a84baaf78588bd56d6f6b2

SHA256
7236faedf38976f6597e05586a519c02832672945d4f9caf15fabe9d257f046a

SHA512
28cf947cd41320200ea326b679267a0db3d52502d212d069d146d9e7b0094f62c8a071ce0835d04dfec321b99eb2b5893691ae77e5be310a2eb6ca022ac158fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54ebe2c7017d57795739fb2b73a9efce

SHA1
fe3c55792e2598cb48707d4b505add8fbd147f97

SHA256
d833c618f74309d6825e822786d0c8ebd8cf8b570bf1be5f7a0e479a2126299e

SHA512
0f4407dc20d326a2660804299e2b9b36099df640d95e74060904996d5ae6ea75cd93bdebe1d7cc8be83f270cde81acdb6ee00c01fda04a06e2a887cf3f1925af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8965a4109a53575d9241346560d5ba0d

SHA1
e1b7110c19f225840ebbd7d8917da1153d99ada8

SHA256
e5f4b722e1d422e53b2265bbc78f5f60a0ac591c8a8b2849ad19c949c6b4bd1e

SHA512
28e1e86cb5464ad1f473bbf74a3a8979f4993b800eb6027d4e373c8abfd6262fd3ed9a3b8b367d6e27a50971677dc1e604ecb4ef80c2ff1ece893343ab4e849e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bbe42a169a761e4a3400450202696e0

SHA1
c0a13cc07799c2bde030de03171eba82e51abe75

SHA256
6348158a9a56f28826fd7a9de3b806d78f4b73e8427458afddf8ed39ce56fb08

SHA512
efa59c35cc676bbf9eb18dacfab4e4f86e6f74e252b4de25f0703f2c9ae0166b60e92c260d3d811bd0752083315bf7058e9f634d441a5824ca269aad46ecc39a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d48dd4947eec8df416fae33cbd9d0c8

SHA1
422e88388c37830a92e0afc765ef216d8ef4c211

SHA256
ac73ee01bff52253968b872a53275a927c8f8da9de9db635615d9f6bf6fabdf7

SHA512
b471d9dc0e0f51735d7602f52ea1646f80a41d7e0b0ebaed7147947953f11853f8103a3c2530eca3f1ab9926e75c6978f01dbdc9084e5804dd4f82e4c90ce07d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b9497875c959cbc653e2747fe43bd32

SHA1
abf0139b9262926b4e7b621824bdc6deba8cf7fa

SHA256
8ccf790be5995795028150de447cc3b3e963229d5fe7358bd8aa4ba402b6c9d7

SHA512
1b9311736b8005ec76309fd652d9dce839b3f23473337feebfe90338b1c575b1c2ec906a2e3e9353f872777d8e75bf57f9c2621c5abc9281a4ee522f82c51b2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c20101f67c5fd16d8fa4e4785030f4b

SHA1
f6881b54a037c946bceb4a97f52a7e21797df052

SHA256
20f3db126d53bb16352c206a9d64bbe9f9a511fe453654df2080384291733713

SHA512
e7bcfb9745cd35bac5437efa4ad0e083a59fc43b4741e64627a1a29cbb140206e38cebec4671b149a9058126fcc3a3119c56cf4e646ea1bb8847cfb8f20e8f38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e832f599d2a456e803a67f7ed2df7c7

SHA1
6f355f92756fdfe73673b5d68efc4e66f5fd2ce6

SHA256
98957db36710770de92d490a6a6a1fccc2d56816a4d9e8919e7ff011f7aadef1

SHA512
e9d9082986abe3d2f94dc16ee87b06466639d428b268e8fa093529b80501455f1c206eb55162b3ff9d32817e5cd97d08193b4aaec783e04843077f209730d4f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac9bbde9bdf422524bea8723aebc07d6

SHA1
38a41c5338a9cf8ff8cbd731eed9497948c0917c

SHA256
a23b6fe6c36b57b59f591efed09ec07edb9dd8321d5675ceb189330a827ceeeb

SHA512
31280802310902b49d9490847faa953e5ca7c746d82acd5beedfd3526ffc00a876320d3e08ca65cce3c0ee8934d3d216880a5bab440724bf1d7993ae0de20ff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80def4bbb017d6e62de6996228c2197a

SHA1
51289307f0f03658fd4238e7b08055ba48880bc1

SHA256
77f4b58036bafea1d89554d75c0edb6754fc43aae3b9ccd3835403312a798b87

SHA512
b4fecc953d8404cfeb44eaf07147bfb99f8cd862825229bc1b94085024f77d2ff6bef348d2f739282bf393bd4d843d81b393cd3b40eea38cdfb425a465ccd64e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
725667acece8dbd3ebba237a5d43e4f5

SHA1
dd9ff5f3e204302da34180e3bc04851bd6813f33

SHA256
22a7ee4e32fdf5e767857faddf3546d9cc7bb446962c7b3450899c8d15ef9eed

SHA512
2f45e14c4ecbf182b3a97b0e7b0b518cce0362485644a87b039630f1faab40c17d51e73643ca94de5ddd3e2f7182e555069341ca6b1e9badef8d97fe47d5c174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e533f94a06dc7e6edd64b82486aab1ef

SHA1
cd8935482fe8a229db06f5195c4dd85754444455

SHA256
d0ad90e29bad69b08c4d68cae661e87a29e7bc2fc66dcfffac92ca60490ffb04

SHA512
0ccf464fea27923a2b1bf2ec4267b47a895aa3b1627db690875c012ab1fa308d21598a5be0cbca41d5a2f5098cbaeb4a19f3c3f28b334057453fea9c1d02d939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7f3bf596d79eddd24894df2ef69a227

SHA1
9eeef3e1e8f3a24755bf302d5fcca6475c2e416f

SHA256
dbb4fff0425e3d39bf5a8c3e97320de2eaed71f2d444fb2189d2670b28bf9121

SHA512
bfef0eb826116f0a99c80657413aaa24d28a832f059cfca8c7969143d3c52e9837a22d5c73a68f29df9f5cbf667767bdc57414ce34c0e01d4eda61f690a35718

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bcdbb40bdf89c97808ad6509af6a754

SHA1
4a641b53b05d8ccb86a687126ad9e82b77022545

SHA256
a26a0b9dfa7ac1090872226dee616810e0b84bace3325942a4373fdff0bf1304

SHA512
3433c1d53db3301e90b0f711690a853f39e64568900770cfd59929dfbd935e9ea11f3588b038d88d757c4dba828bf0d2f18466ad0be9d436346a5e249c8f9567

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1509.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab15D6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15EA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit