6cb5d752f3a6aca5baf299dbb8059d257dfbe1a6d62c6e17de3c9fa22e61a3f0

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b3103864e9fc4262f93fddcf9caac66_JaffaCakes118.html
Size

213KB
MD5

4b3103864e9fc4262f93fddcf9caac66
SHA1

2a026afd84cf892b9d6546ffa0240d70125e95fd
SHA256

6cb5d752f3a6aca5baf299dbb8059d257dfbe1a6d62c6e17de3c9fa22e61a3f0
SHA512

000748e24d6cb142ea3a8260011f4ca0ed5bbdeeec2a35f48c7ec9058ebf0bd42f296e7827517c97536eb9d02f897dfaa6ec6b72c21085580ccb92693adad0bd
SSDEEP

3072:SXGrDfGjNqwIyfkMY+BES09JXAnyrZalI+YQ:SXAGjFsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2ECB2211-1384-11EF-AB95-422D877631E1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422026269"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4b3103864e9fc4262f93fddcf9caac66_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6d71b19e8e80a5d00ea3d76c13c7133

SHA1
9c96bb4b13e97750f650a39033779c4e78b5fbae

SHA256
94e76e9a26b9c3a09800e361dff6c7fdd09a3907fc3492a0882163de12e2880b

SHA512
49677bb7f274fbe05daced74bd5b4e21fe0fe010474bc5c70b4fafae700542e05723b5fb46eef1363a78fe9792ed4d133a9be067f0ee433a85aaae6025e6f809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e51145fde0b7694da90125e31f14674

SHA1
239ed3e060d6cdd75bbba5cf62c52c1e70aafbf4

SHA256
516febbc510e8de3dd21f6f0c5c413e7c908b3c708fca6329d408e9c53715454

SHA512
d6a4c576566a49eef267b8b6d05ff2136de9f223f38b06a911139abc67e83b3c44ffbd8bd0be5eea364d0a8d44b7d6e3a30b2cdfc93ad3d15e30dfbb45633d62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
991c4413b5aa48c160991cb61332c93f

SHA1
df86d03171d35c078018ff403098f3da4ac8f4c1

SHA256
573844fa80a51d18eab358d23c3a3e0e2ddc116fbc3d32d4a5796b25345b0bf5

SHA512
d61e30f0c467fb22aec9614518e6bca7bc7e11642bfcab63ecbd3d5257c0756cfebe4c270e2d0139ef9371057645aaa7907cb8dab46564c27da56cf4c7cb743e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
475fd5008b4d9a1d7f9332112656ada9

SHA1
d8ea713a10a3f7fd11c863c61acbe13c04e745c0

SHA256
95f7c2daa802482a2da9dbd50d5bef7821a42e6dac0ec75f12ca52ed730489f5

SHA512
1f185d0a305260c7cb3501c63756fe5a260158fd651b5b04741f576e0d4acc2ce5ddaa0d3923db80b9b0680b2c6e169389fc2f80e87bb8aa157bc6eb4828553a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbbcb21c2e3c8747ba73e05894f06e7a

SHA1
d76ff9ed617cb5c25ff2fb31450ff62d0c442084

SHA256
bef22e9ea4312758d4bb012940e12f7b067a1bc4f760e3fbd552d8c624ab180b

SHA512
ed4a5c073a3874aabce8f358844ad07ef1560e5aad930d03db57fe41efd7372d6c39cd79b46d94dff330e784946cb8f25c9144a990a0bb66a41d1f11009abbbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20702e7e085c2dffcb3b80288e35275c

SHA1
0c4ebad5a524ddfe559eb76ada5eb64752214529

SHA256
0407a9a11d3d80570b547efd1e82917663eeb7fdc2c53a1ef7a70e937c98bbdf

SHA512
0e436e00d9a9262c99d335027b53769ee01f1b7564dd86cba9b0baeee0fc79df934f16b9ce71f68d6231653d06576b804794e8a4bf974d27cfdd142ecbf3ec24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2753ef93c0de4a08adac606aaf9fcd4

SHA1
9637a8714fa04cca132ca7bd7248ca87604dbe28

SHA256
378fb80e601fdee07db88cf5446ea9800f15a0fca5af958e910f0ee7c8dea390

SHA512
e30fdfa23909f3993312f62008f88ae64306c8f0e6a7d5afd0fc8db521a2f4e510915ba90fdbb7603aa4b3ee4d8167a5e6335bf31700929f2032c5b70727e84a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1d936bd7c087d7e9d71ca5446de5908

SHA1
282a84a98d3a142f874a62bf0911716d64783199

SHA256
f803fa8437b3ef1243d5f664c14323944e1676d109703bdaf04c20fb8ae91dba

SHA512
240d2702b439f997669a617bb3981085c56d45ecf5775c0df360161d86d7315f7c7e3b87eac111d00fa220879a7ef1525553f50da8f03cd31392a88a4f6570d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52553f8b157a50ecb63f92547b4b77eb

SHA1
831d47cd741c5d4f72eb4d38e6db4c3f5c15cd97

SHA256
786040693cdf81f7aa60ef854b2fb453d08d92bb597df9722895c14b52b6c25d

SHA512
7e6be087ebc6956a205d4c58e15d4c97567fcb0c40465f22ba3774f457cecf2bca5f9d32faf9fab2c4ff060025a26fea4fe7c336b707ffacb12de358b0872557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52d3c58a359c37f9a605745a2e5af138

SHA1
2efe4367bc84d4f3aac476fa63bef71087193fd7

SHA256
ab2c3774d31a380dad4b483f1f5a912e16115bfd9e83228f7a5c4417aecf3464

SHA512
6fdf1e155e8bd45477c7d9356f6513b52bd63e28b01ddb27c87701f0713fd014f078b2741de3f8ebe3a0a140d6c32620c12003defc167350761398519fdf3672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5acf2479e11e15ad41d97d18b357b4db

SHA1
a420045a3dca5a1a7f2b647628a41b46ad9a6b5f

SHA256
9e3714ea60b49bd3dd2aa0d63c0d1a4181b8187f885cdc8ea29c49fc36c674a2

SHA512
ff63e3c95a637d2d3138d196db6d3f929137b4dc521691d67d7a4bdfeaab033ba8ee1cdc32111332a5d2b395eaab10d5a7785abdfe009d495bb1e7aae7dea488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdd7c50f51e4c435968809a9e397f8d0

SHA1
daa3f194b6b3708a95d30937d4ba6d7d6be16fa2

SHA256
539c097a0dbfe9497ed2d41a832c0f652871db9a742f1439b37839a4530ebe80

SHA512
734e92240c06ddf61851356a833771c3256f146f135a08cf7f7873db7d7329d74e1055ca681f49a10dc40a30f7a78300b7802373a255b62a8242fa41178b89d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5479df5e49b4f1aa04629728a3288772

SHA1
3494bf0883b0bab989f27f7db0b9c7e1371dac2e

SHA256
92213dd4207649f9b616f759d45df9782693b9b4e6c2919a3f6da29ed3683019

SHA512
dd107458b9aa97c0c9d5c65417d70d1e6c49dee45e6fa6e3a0d3b75ec1157e5f77b5a5f56a887d1aab548d6dc0ae38d205a938d73c1a836421e9fed0c51fd7f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4d0e0309cf8a1ae22a341559d8e0c5e

SHA1
e00f07804bba1ced873ecf1efc1ba02ef36ac53b

SHA256
e430e7026d192269a2d23454f9c984ddbd63aca3618b6dda36e8807a1a9ce9cf

SHA512
db7173a6f8b0e03b851114c8164f76e01902081b40a3c1850f748faa874d5c8e1278c685542d83a499a7734c30631783b39bde7ff4327f2e6b912a37b44d4250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a45c98c6ed556608da5d68f58b2a0eb3

SHA1
ed77cd32f88eefbe0e53a72c1fd1992f4910a71a

SHA256
3cee516e7abbb639c4b4cce1fbaa6ea8ed434769cdbae0df926d068a7fe5aaab

SHA512
37aa034e869dd06f1c434fb39fdec3519a4fe38449676eee2aa9cb7f77dbbe1a1789b068c647cc3305aee3f81652234148ad125c522f11e54977c15122528103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebb5c9b02a2b224e8284df8d7dc91695

SHA1
aca8a55fcc3afae382725e9c060c6ae9b2c9044c

SHA256
832e43de42fde56890b3e05720e43265ff1a22f16a130bf4dd965317b2b91bdc

SHA512
fdb8b54c093a10cfbda554e828a8c99c1ebd76043a0200a42a397c11868623e125aa5a4c8380153b255b97c974f88a0310f74c02f406431badba639bb5ac5f57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a86da9213cfe895bfac189fdda66b437

SHA1
7452807ec119e3c98569dc832829ba761f5ae76d

SHA256
34652d7e096530dd8dacd647fa3ca42948105984583f48ccc6835cca0c161718

SHA512
44d5efa580c57cae4e20e76f3b1b1023020f7e6e4ba6056ac4924e221ba3d3aa3d3d32590f19494ce950e1dc61842f0c0c64fd37a9021d57ffde0960a1d6d161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DC4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E29.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit