e24947a913a4050c7361d28fe412ab28f433bb3a28f6fc4007b2104450955a6c

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48028e99e670d33ddc0e93edc674395d_JaffaCakes118.html
Size

40KB
MD5

48028e99e670d33ddc0e93edc674395d
SHA1

30dd354f1c6e36a40cbba08b841bff13baa787d2
SHA256

e24947a913a4050c7361d28fe412ab28f433bb3a28f6fc4007b2104450955a6c
SHA512

178635d9a9580a11c3b96033c80fc24d0c284733fbfff82b52dffd7533a4ba8d3edb69466d23174de9e741c9012b57d1c327855abe8f4773041d69d3e8562fcd
SSDEEP

768:z/QLJ7G86uiHHKR8iwzOu/Hbpq1wkLKpyBvX:z/QLJ7G86uiHSwG2NpyBvX

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA7A8881-12FD-11EF-B944-E2C1BAF7F8C9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421968564"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1960	iexplore.exe
1960	iexplore.exe
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2164	1960	iexplore.exe	28
PID 1960 wrote to memory of 2164	1960	iexplore.exe	28
PID 1960 wrote to memory of 2164	1960	iexplore.exe	28
PID 1960 wrote to memory of 2164	1960	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\48028e99e670d33ddc0e93edc674395d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d770a55c5799f4882d93d1d563a4e6d7

SHA1
9ff82d77e475e1a87777a3afb6a4f576f651e372

SHA256
a142557aa08ba03d8e571a3eb9cbd3bc88cab1d419444c693cd6dc4eea893430

SHA512
34b2a3b1a988f163bda86b2b8ab4cc704ec152c98b217152e1747271f03386286a20b9a31e799fcd9a7ca253f75aac8252a8eefe7802de712f78392e5d2962e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ad14cf630416b21ce456d2557d21ed0

SHA1
250bc2a2a292ecf463bb862217d445b28fd4a660

SHA256
bfcf35879d1062c2396704b173729222dbad1f8ca0683f0e0d62fd24734a8cd3

SHA512
61a7bdb61a88151bc155a1f3da63540b7a7eb9cbeae9147e6396a7b0a0c692f0d0a9b93ca8602e3cd41ff8388e9a00eca86a270f01d534bd6680175ce9121350

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cf3ffb97cd6bdaac36ed3d7126d6b15

SHA1
a11737c8db9a36b948d9174254098d9611bbac7b

SHA256
ed9a17fd536fffa0951dfb240839dccae2cfa58bc8b237bc5986cef75732e604

SHA512
8189cc3cfb4cd7920d34bd37cd09897f4e0a3be2fc09d97d5cc3d9ce770ab691aeaecc9c47188fc6e184ff2e4451bd2e7b891c283454dc56fe7f7e4bb15c8566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65c31f2aa31ef25b4eec9c25f01d5046

SHA1
7ef51e2d74f06825bf22902ab299b48a8ef52237

SHA256
5687dc74bae6aee92eb5098bcaf242beb08128fb93161038614c21c040ab8e7c

SHA512
6e62b0a8f5bd62fd340da2ea2999000be250376fcd44f497eb440ffbe9d345f44d7e3afe9b192111fde58002ddc7bb3994a8e92550d34bb0d78a7a9f6441fe7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9352c491f8ee62c88499a5ad5f62d36a

SHA1
31d750b6ea70002df0fb0e8693cf23eaddb0e5b9

SHA256
006eaf9ebd5241f23d86f995f00df16b3a80071bff4fba9a48de3bb9f91291aa

SHA512
ed9ba2761d7d145f6618c610cf6fe531d4453ae9a294cba1bfb8b0e4d419f5bc742dac2e328f0ea9373c6536b198e067b50900361a01d13628615b1dc4354c9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae348ae5bf5410e57cf2900d0bdaee10

SHA1
466570a5b82fdc9b2d8a6f66efd84f5c7270088d

SHA256
c26f706d1e596c835b6ca150071a6ef933eec508f81d7be1487e49d5a11ccce4

SHA512
3099e03477a03f6cddbf0c617279eb4bf58bc3bb7b94ff6b6092702d1d2e9b062eb5a722a4564b8f14e3dc7330f7a2ef6b4336800851baefa7963751ef62d545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d35d95e126a2ea54763e97806c43d31

SHA1
2c621f2721852b6a089a6427a65ffee13b0b6ab0

SHA256
928f6597bc2e31bf857762c1e2a6500a77f2e838c5af3d26dff9483db509588c

SHA512
1623bf31cd5ca668c4b14c1f52442d9af8780994190a4b0fa1a9726b76078e3e72d0bf6f8ab6a94c26fbef1e9919f7087989242ef066251fc884daac85b95fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7aeba9df79e13cf5d9fa9c841a0fb4b

SHA1
054ffd367e36e9fe958fb855477fa87e243e346e

SHA256
55b64bdb482087fd0aeb86bb8ca831befd9015cbd9b924ceb4618d536b89a90b

SHA512
310524e1ea0a11acad430f552f558a7dd7918058dc5130755d4d5493c8f48471710bb6df669d484ec4f947e4fd6f032b1a8370c05ab2918bdc69fa5b5708bc6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46e7d05fc45754027aca31d8918001f7

SHA1
e87a7a41489f5418c89475071dcc22b6efa2d22d

SHA256
c9d8a4eff76fd4bb5c6747bb331d6f1c4b895f134ff044fd64475f88a668db15

SHA512
b651708d3bfeec5341e7bc0a65d7cd04c3a97412b3625d777fa1b408a7fa9ce9fe196191901df7b176a654ab5efae50a850aaebb87e37f6f5bf606275e3ba414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c9c4997eb0a75aae9a3c44d6296b901

SHA1
7537d7e742fd333222293be08953d8ed98aec24d

SHA256
5a07941009caed06c3f67347bccff3bf17f57ef9143642298e4843917b1f79e1

SHA512
5f683289d90cd81f35b8798e746a8c5795552b3dc6e475ef3096aa5f5cd2745337a175bcd6a0bad8eea869f0f7cceb8d8a9b3683517b3ef5cf2290dabea5bbe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0142f29f3b1ddf9b320aa9979497e65

SHA1
54cf7761b6361b35be2faf2f0db3b8213d5a0de5

SHA256
bea2f222d8ce76d96dd9158e9ce3d698e37e9717ab3bffcbda60a9de778e8c21

SHA512
016becf44cbcc91191540089942cd849b1c219f65044195335b5e14886939fa21c7b0c5bb338c087cc9cf4dc72183068043043ab899ea480de9c5dd9b99404e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
ec9be375433b0ccc8ca24621a9977da2

SHA1
062a896231e0b4ba516731b7f98ffcb179f0cbcc

SHA256
5923dd4865ffa5d15c2525e8065ac6416ad90e63c41d49135ba6e766bfde9555

SHA512
31750fd501ad720ba9a75be3a47270dcb5aaad9df132d69f11d8050756bfe501c342c226dee47b302395f759927db544eddbd51d0a18e2e565d78d29bd42f418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1DDF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DE2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit