bf42f1581d9ee13a0d4d676fcd14feb3df5eba3f84c615a0317e47bbf630857f

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cc628fd5e53cb869a1808be79f2d52f_JaffaCakes118.html
Size

26KB
MD5

4cc628fd5e53cb869a1808be79f2d52f
SHA1

48ea690db028f3df5f128f37fbf81a239a5def1a
SHA256

bf42f1581d9ee13a0d4d676fcd14feb3df5eba3f84c615a0317e47bbf630857f
SHA512

c44998d90298926cc355e9636b8925deab02f5e367b9d900bfce3c5e25c187256fe0e99cc09f6befe8da31e172383b47a22192b29610407433884b87be209802
SSDEEP

384:ATP3q01AuaG5m3Js32ab2Mnl4gk5GuSUDZ25IRyJZBr5PRxzbk:ATPaZFJ42aSMnq5GunDZ25IQ1nBo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422050946"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9587CB1-13BD-11EF-9680-DA96D1126947} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4cc628fd5e53cb869a1808be79f2d52f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ae8750fd070478fbca5e627cb60ffabe

SHA1
4ac203d87b38c5b3c5cb9fdea2609463d2314834

SHA256
254a9de3efd6922a9f6c21e7fefe432f4249c6dd5e02e2c391efd3b013de0207

SHA512
00976208f395c35af1e2a9c038f942a4a2c7c1fedfe86740410ee2f0d44f668242c767b2a2d0f57eda49da1fbfa089befbb590dac19fb696f11707df0c6db9ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24291f18b502c191b8648fbbfc8ed6e4

SHA1
2e9f2804e3fe78fc5abcba08e937115e150d6d24

SHA256
b7bc6a5a27a503741778b26a2571dce39e2ba5a757fd4ceb927004a78d09a5dc

SHA512
edfdc8f407bddd6aa8c21e4391c03c9aa5e306915d6bc17a3593ca9bb1bb50959e34afcc2c9609677f470bba457e8f55abf952104ab02c9a9f80d3019f671969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbe2718eb67064a526ff44768a53a684

SHA1
295c5fbfaf5189e3cabc8f28139a29e0dcc39dcf

SHA256
c214b44a753fcd9d50d1facfd13187c050f932fc1947c3142dc2f0fb07b94c97

SHA512
4544dd890c0643921288c0ada489bc731863d76f7bfc7b4230d252e36678363ebc4a7d045fdd9744f234ac4ebbbc6abc6f80d7a13517eed31882b152f858d207

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a19167674b52519c2e80565e7debbc7

SHA1
0432eaca395aa738e1c79660aa32efd88d3c64ce

SHA256
41021bb93faeff2e270e13613e558fa1551b23ea13a06df3cab4b04f4f0023aa

SHA512
3466fe6a3c19aae105c1121dde9a5d55beefd7d486c1bde0f10cf6112351d7352ed6be410cec58f22a17bbca9dfe85183dd36290fac108d0ee90d6cd77fcc0f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5666fd8e1c738dc1ec5da30267e789cc

SHA1
4a02c0d3b050d1704b72d8822b54f19b2f63cf47

SHA256
d03949838cec55519f6a3808200efd78c7682ce7015e1e086e321dc75f3c55e4

SHA512
75f4669d42eaa1f3dcae3e353cc53f398ef1ca14f18480fd9484226ad6133c0bd8402319cae1d7b07b05b72f4433e67e94a6688afb3a0952cff2872085eb4261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
793e903774a37d947992b3cc3244abbc

SHA1
ae83c5686b0f7333b09f554ba5f178b1fc2d66bc

SHA256
870c6886d5a22a36a9117d1311e563de5a4a2a225a175a2b5f8d3f60200b31da

SHA512
0ce87c4ffe876433f23e56ec592bd05727e90d9577380f9f2dd4a00b69fcc1f8f3c68c586a8c04774457a9623aaada0425aacd8a5d72ed64cbf9c9fe950a0601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f111aca5a289215cd2aac6d7ee7fdeb

SHA1
80c04060e1d37706ccd10b2b97bd86cd7a160174

SHA256
5c159feff5b35d4294b1d230897b1893e093be7fd2f1d92d669e15bc907b71d8

SHA512
3b1a6230aa39e5875e1418a3bf2a91ae773d2c792e77bed73b47b7843802d08268b0f9c8ec2af24a534f00263eb7cc5163f8ce7921ada9405fe0f147d2b75a17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9fd066fcdbd9b0143d32aaa071828fd

SHA1
8f79cd06ca0119675eb2f8f82d6b07cc1e629505

SHA256
502a3c29170528ce711e47cac6d5973ce555d449942e776c767eca14d47039de

SHA512
8aa2a41d570bc822a8b157b182061f507d3431767b0558304fa83dd377bdde89fdd5e9aab13fabe3df483081d8bb37d7103f6e984096fa63673844fd90e8a251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de7de012ff05f3f41bb5bb87220f145d

SHA1
9470413fdff3f082d414b65158dd1999e52f9a25

SHA256
21183c8da06311ccdeb83d958285f5cefb472cf2544147765b9984e7c61012c8

SHA512
38d262ed0c658ace8ea747dad175b885b7e181e1df1da7f2093f6cd332c7abc71a24f98c128e5dffc5de28f4d6f9f22bc3084b43a762068af4493a9508a04d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2339eb66bf3e4d0fcf9facfa56b4c573

SHA1
13fbf40ef860005e87f92e94e73438f0662b0309

SHA256
ef1f83fb7de06d94e3591186c08dc937470a66c51c890e963d186f4d970692e1

SHA512
4a5e77b8f71e9dd1d48af4a88aeb05b30478aa141ec396bd9c8e96c449acbcdd4aeade8eab9abd04575bf34a9a833830241aae07065d4a622e4273d1de28406e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
eb27e5d7a101e1246d6e990f23dd397a

SHA1
b24b0714426a8b869bb3a0a82f2eb14cc826e4ea

SHA256
6405f7260ea27e719d00363d6c81e10cdc0f5c0473ecf726b64d8b81d6ee1492

SHA512
bcf03a336bb666aa6891b5a4587475e22b837735ddb870b993ffde064937dbf83c57ac7403b16eb38863a9e340870abdabf397079aca066318a60500eda0ad7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab27EB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar27EE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A16.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit