ad55994dddc43de8241f1b8584c2d7a73eda7e82036d099ec26e1662ac7cec47

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cbc71b35b0eadac19d6b7aeb74f80b5_JaffaCakes118.html
Size

504KB
MD5

4cbc71b35b0eadac19d6b7aeb74f80b5
SHA1

b3e84b7e5b477775f9be140a72f2dfe5c1c4a54d
SHA256

ad55994dddc43de8241f1b8584c2d7a73eda7e82036d099ec26e1662ac7cec47
SHA512

e9119e66c2cfc949160e27add5433df8f14a2a6348acf03818619287c16b3a7fa6b71bc0ab41a5eb90b2eca2f136ada1d47a554f0ec0e2e1fdc0bd359983f0eb
SSDEEP

3072:w2+IpBxYUVh9zfs49nwVeL5AmPTmBcM2mqp14:w2+IpBx+4BLTS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422050206"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F044DE41-13BB-11EF-910D-CE7E212FECBD} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2044	iexplore.exe
2044	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2372	2044	iexplore.exe	28
PID 2044 wrote to memory of 2372	2044	iexplore.exe	28
PID 2044 wrote to memory of 2372	2044	iexplore.exe	28
PID 2044 wrote to memory of 2372	2044	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4cbc71b35b0eadac19d6b7aeb74f80b5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
456a71e91efd1a722cb5a584d5619914

SHA1
70e395f774880dcc0fdd44771db586215771b5d9

SHA256
201bda80a5ccc919b800d3f9645953b2caef81bc8773f25eb20bafe2e484352b

SHA512
8726bec37c5833011b8aaa24ad455bc7357e2d97383ac0b13427ca8230a85a2192a0dde554289491aa7e6071a6677e43bb42eae78062a6ede3e7e2fe8c70b4ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1fd7da229a56e077f0e96816ab924d6e

SHA1
46493d4754e8b20e7156a7422fc8b8eb96b63677

SHA256
579e393336a408d7628aa8afd576272738706eca191c58b52fd51149e77b8ccb

SHA512
35c9b8c3630cd3dd27c78ce3c7caf0184ebe442b55d1436f0353cbdfa8d747fa0701969d5f66e0bfd36eff3b786c5c7342b11adfeceef4e943046ce05fb09dac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
403ffa568ad004c7692c2f12b26cd51a

SHA1
7ec8c30fcae2e06d0abb65023081b8a680274bb6

SHA256
9dd780b23a1e85cb589bfa0df1281bc771705b21911ae496ffc2e653d2e58284

SHA512
32504e0177685e988c12bead3eb1dcbdaa950d4586f4f810740ce4501cf6fd9f38d1a24cdc8720316b5c445220eb2665f3408f91feeb8b856b05cf9264cc1582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce20be8d18a3fb10a10f5f3546795f52

SHA1
4130bdc5f5450d872a5b7c747b71a6185adcd930

SHA256
36be01783f0d53409531d55c0e6f1d1f7deb6d0485b2f160a46105d3653703c2

SHA512
72ee15179c9ca590c5e2d6ce53faa1d5291c6257089a0e1e6ace8f042fe72a4ad0411abd2dbb62806efb7887fb458573253a7950db39d9b0b73eb90403b7d4ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20250786d9d5627876ed9d597bd8c725

SHA1
216cb86d810b8d33eb14c0c593772950249b2e7c

SHA256
6a2596f5262de876123bfc8771d7908aa3fd964da87f8fd0106322e6b863bdd2

SHA512
cfdf3575d5e3510b00d6c6db1cc1ba7b65dd833c27f6d46f846bb9c8cf406c74e3e77d8000303f065714cad774ad71f287f6cb3440c682f6ffb3bd4862ba0d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45873d60fba32d21766e9f58a05321bb

SHA1
22080ae8e2561523c8891f40a84441b0c6b06498

SHA256
01448e66e6be0753383f964c5774d61cf6f9e7f7d7811d2789c3c478d5ec9fc9

SHA512
5fe24ad58ff1881f1a11805802f302391c2c5cfaece2d1a1584fd5c56c1021b6656a6761700a7d984c80378ff5adc18a77dcfe885ca543a316ddf98c7332d010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78a82a447f81a6c0a09de12d8d57325d

SHA1
909dd1cbdbf730712d65e718d7c5be2a869d34d7

SHA256
ab24aa1f24dbd8cf64f5060cbbb8f21bd14f3efd07741ab09fcdcd1ba3ed837d

SHA512
80af136144cae80fda847a80d7dc2228aa5b55079410ed98ebfedb0fb73e72d26d5bc9c34d61f9714915964f16912faa2a8a59c375b20ac4099aba5625e69d1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b9255225ea47a1644512c65f25d134b

SHA1
bdc0917ca64137e168e4f6ffa0533101e1d30e2e

SHA256
b0f2650686c664c1a23b5da9c846a4ba65c6bf7adc530d52f5532e2f220b22b4

SHA512
b0662e1b84225a60a44128abfe801b3128fceda3bc1eadb0fbf913499772085bc55e2ccce589ce558ef6ccca1cba0be1061e5a0760f77fe07704a7d014a9b41f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0af6d202c6717b4afa1f76ea5fcbcff7

SHA1
8a643c22ab29a8c45f9c8ee49b4f2efa67476b02

SHA256
bd83a22d970077fafd71e0767729525c5815a03f0de194126a5df219d92cf097

SHA512
09cb163aa49be2288a42814e93f6b71f84500801e637cd392d3f0f1d1cbd543900b0e22b6542f57cf18f713bafbd6a7cbcc575a5755a50cab3f21b080a85be14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75f11a327b77c0eb643c52ced6591214

SHA1
bb62b02e715ca8c6e16d0eddd72cd529c5f6494a

SHA256
8e6d23720c866b0b6963c6df540c157ce4c7d2886fbc556f9bfcccdf61caf33c

SHA512
c43bd95517a9d2dcfac3575ac17c8ab589f1f0838b7601b0e9fe615090176c2a9009b8138d3d3dd677795af93d60c3206239f3abd462403125754f591953e9ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a521f5a809147a6fd3ef8c951d54f142

SHA1
9d6f7ba3f5e62a0c041da62fa00ae6977a48dee1

SHA256
012e7e4cb12642fe1a7c596962535a3267aa8622d0dea057b8573acd7c7be3df

SHA512
c406a12ee4f92a6b58a68e0bd098d6dafe1ec9715664b8878550ccbc0f4d5ffb6f27f5331a48f791064acc07045b7e15794f3aa8dc99af2993a8e343814b9973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd8faea4b200af41680bdb4cb08bb866

SHA1
ddf2ef16c5b2e660677969d9cf21fbc3535fddff

SHA256
8db6a3da877fa295b1ac37673fdc74cdfbd11650c02a5fc1e1ee87192aba0f50

SHA512
82f0e809e2d596fde0b824848e1285d73b5fecd131f7edc7abace561cbc0518d37e4402d6b384cd3daba67c890aabbb753688884001b80c81c197a479d56be40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e91c8989cbc0758d4f443879f7130485

SHA1
9ae5624b2b0669f5d929e0d788cb230aa9eef46d

SHA256
07576d1352fd98271a05c674d59d41f100740393b52264b61baffe1f328a436e

SHA512
ec0000c8326ec60adf5991ac68be2b015b37e33680d3877616ff5e2ebaa315daa1605937efb44573e99ea2fa180b5c00ef22b9f36eeaf28c9d17f24bf9e3d3e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fffbffa2b095e2353fa29fe5fa8bd2bd

SHA1
87a9c6a6fafce7fa28c825d400730ed18a5bcc7f

SHA256
59244d9556647c3652e81aa5e9944753426b3840fdf6d6a44e24a17c1973dfe2

SHA512
f515bdf48512547a6e04cc79b661bb359221a73e10246f1c1ce6509d694b17f25c65eb378618b57bc45d4621bae7d696e8d49817e62479fde70ab194ffbd804f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
160c1894c74bfb2d62bc19857b4663cc

SHA1
758585c0ec7ad1cfc53176291eb152891f2f9f2f

SHA256
9f108a272b125a4f4b08667a7c22434b0805e3ddb56cc65cac6d0b0e42663d21

SHA512
72f26d12e48e2058d339a66559e1b9c67a919a9c75f3799af01c62fdf5a4682bd5f6938c5731e91f657c9e7c11f3c1b9df75c29d28827214f8477d94fc9acc5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c263ba9af7020fe406f135c755133c12

SHA1
b611c200f2a5b06796f085297ffa064356b0a7fb

SHA256
7a94bb8b51f234f9073f3d3cffd6dc3b285c8a5f987876e395600d0cf5c80719

SHA512
49949857ab8aa58e055d05ec5d3503e8becb0bdd89330ca4928cb265416839839f7b422ace3a6c017576e0f3190f9c7d64906b84011a36dbf09daba6f1b41020

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bf2b020f760c0a428eaa0eb242e02ba8

SHA1
62a4b65a23f289e3bfd1c97105abd08d029dbcd1

SHA256
ebfb9befaf88b5e35191ccf65ca545d1eb60204f8f4e57d9b3fd9650532ff330

SHA512
fc25200c9b6f0607feee88e89f9efa116cae702a197b3e6a9e064f4a36d99097cff834ddd93f8c63cb15105fbc4b8894833eb21d206e2b451e9a9bb9ca1a61f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWNYIX6Q\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH6TZZB8\cb=gapi[1].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1065.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar107A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit