2dd9befd365761a73b3114062fdab4c946579f8005a9522859de6845f82e5383

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4eaa7019c642d6bad931e9baa8c958a0_JaffaCakes118.html
Size

213KB
MD5

4eaa7019c642d6bad931e9baa8c958a0
SHA1

a78cd0ebb455d331652363bc68edf7a9a7294a24
SHA256

2dd9befd365761a73b3114062fdab4c946579f8005a9522859de6845f82e5383
SHA512

b0bc131a9c914d0cdc938463f743babff851ff8502b67ef3127ad0bbeb43bced548d7705e383617ce1335668551dbc8a79d710dd0c5bcf828f1170d7be817c52
SSDEEP

3072:ShT9WrOqVsayfkMY+BES09JXAnyrZalI+YQ:SheO/sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422086701"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9087AB1-1410-11EF-81DB-4E87F544447C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 3060	2188	iexplore.exe	28
PID 2188 wrote to memory of 3060	2188	iexplore.exe	28
PID 2188 wrote to memory of 3060	2188	iexplore.exe	28
PID 2188 wrote to memory of 3060	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4eaa7019c642d6bad931e9baa8c958a0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1942ce203b77fa92d709a70c273656a8

SHA1
29cf1566e6ee38bfb2bc80f80b2afdeb5656f439

SHA256
dee120bf724a9f1e1726fce292074639ec699af4f60c994bfbff0e9792443df7

SHA512
dfbe69fbfaa9be3f57dc832d9685fa3ec2c96606adf994a2f247676f51a2b902a591be9daad1b6af87f5a32ac801745aceb850ff2ae8a5cc81ac1cdb77a9b960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82b1497865c543f9da2ddb05da3037fb

SHA1
e993aca21d062c696b8b8926aef8849207829597

SHA256
762af043584f084525f2589efe89fd47574ff2499ea309257be5ddb5775e571d

SHA512
72cd81a0c5b1733f2d73bb427d34f7dd6fe483f506b9c709da725334aa8b2eee830838befbd3ed97993737d159d9392cd7f97dd5941a7f91ded85dae3f791bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22e7978d7d3bbf2dfb96d7c1f8f9efb6

SHA1
74e8c4e3b1e0550c99f3070d08fb2f6cf0f3d404

SHA256
b98a10d49540fb205b3ce2cfd3c7ebe57a5c8086beb640a7b9ffdf2feb89b4dd

SHA512
28e15ce0db20cd2cbec67225cc69dbab8316756633f59e18f7a2f85ce8f5c75ccfd85e988c35063baec49c9f91f5ad592d0e3c7452cad395bbd463418a7870b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd0e7f8c31b8b92ae936b430f8a9fbd

SHA1
e1b154a71741596643d05544c81b52be8ee9521d

SHA256
59af1cf6ec5cbea3f023e73f51ab7d0e08aefc77607575e171b64ea74512ef20

SHA512
4887eb51db7d00a9ca3c33c313e49aa010f3d029aea68462298ffc44760f977517288d09058e1ac47d0d39d0a57a3c90158ad406d397a017493bbfa9ea08f416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89c057e4f5233cb5cf65bc60bcf1970d

SHA1
37eddf5fcadaa2a4663ef303b0fe970eea1162b7

SHA256
f534c2d375a8e03d01fb72d7c9ac0e4ba38b3bbede27fcd9ca3a755f2d084a95

SHA512
76f125709fed0a668ce42ad72d17cf1b8e7a58a1640904b6462ce84cc43d5a5aa0c7fab1076d9df11c3c7e463337365f436a726ab8cc6b0eba7d2e8eb23fc745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b302d34c9a8082e23e505d762cbabe68

SHA1
edca71debd0365c29f5406c1cc937dd025976db1

SHA256
b4a6d3842110ec2dfd5dadc197c9797b3eb74eacbb15660718e9bb8a2ff8c0fc

SHA512
775c996fd66a814e370f461a204094cec78c23753d375f6b6ef339908816eab9631e99626aa6160295a14ec3ba0109382d04941ec60d949affd1e3b904542659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da53ef2dd429fbcad56deb551c9b5de1

SHA1
422c857c24661868a8b2827fc454ba1ac09b7cfc

SHA256
5bf5ee96cac56d50152d70c355958e13cdf80ece9cbf273b466b9900165f189b

SHA512
c0d0a03c26633ae7ca65398a3d4b86ef8dce61c469620682eda4b3c4a332660e2859221f28fb99c5ea7054823cdf0b719c89c13094b4a5f8bba5a2be0ff49fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f6e9d6530dc9fc4a97bcdddf0d133e7

SHA1
3107251326ded1f528d11ec2cbe6ca87ccc97946

SHA256
4b51a71452f63f242eafbc915b36b29ec4ced79bc58248bc5cab1ab5aa5db9de

SHA512
f9eb841992f4b70b1411d1d3ec6a1f04dd3a8fe3073a328a5929a71f5d9d20d7dc28eee00bba82bd74eb8e7aadb753512825211c1b5d4c2e56635ef5c225c3db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1284a31777d144f577c022a0b5ffe29d

SHA1
71891e94f8276d051ddd76d21b75138c755d18b3

SHA256
e1aabe003b3dfb3fe605dac3d1a1e0ecf7fd053e8b15f47bebc3f8284528261e

SHA512
e677bc21ca9430015eeb12bf689e5bf8162b4e844f99f9e2e817ca18871a0e2a76aeedf61f5974c139d189bad9f0f0f7a1fbd6aca89a9c3243508fbe4255a8b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ecbd9603a50d4eda99903e7f47665ed

SHA1
34a8e9303217c3aeb1621a2f194bbd6c6ffc4325

SHA256
20f700f7ab560f0f8d1986fd903309ce53034b55fa2cdf659290542e174830e0

SHA512
15f8b91642911a9d6304db5d3d46014e3a040fe879fb3fa7d3cb2dcc2b7141e51a5bee8c9e2d463659318aee6c04e80cdc1cc5c55c089f96c2b339d742d6fa48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2468282660c9e969b30689a8075a38bb

SHA1
0c9b25630b0948bdb5b73491569049f76eab36e2

SHA256
144367f3cad5c29fef62d371d25ab2ee3392e2fe15ed848e742bb3fca4e33db3

SHA512
e58c87c26164ffd0178def3b52d2310a52884181cacefd0997b8d8d95c0d94fffa09328fcf25f13311aead750151808a94eb3b21c872839f2a790ee296665983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d6c31f4ea132fb708f44fd5ddbb143c

SHA1
1d64a907651866ff1fa1dd88bf25309b02868615

SHA256
be7f3236645a2c4e09318129504736147f4cec8c043c26168472486e27c8fd08

SHA512
53182c800ff105ee6239566f7756b2cecbc43c0de175d49f0ee5ee65b497fb64b647ec207361abde27105ad1f25336337d2c22484d8e99c3a05be69727bea304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ace5bdea1a84477df706e18419d3b166

SHA1
1fbb540f803014ef132b81313c27d44ec6b7523d

SHA256
832448358f6dbcdec7bc8b7e1ea7c27244aacd8b035813d723462fb3c9715e29

SHA512
288388f81252cb20d3bff21ec23502e2cd10b4294f1e19d87ad2fffdcfa7c93a3e6146d84179c9badfc29cf9daa63cdb9a08bf1c962680035ac649df134f91a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4213ff046b51a3036b17bb7dd4f2591a

SHA1
f6b6d3f2a7de6821b0be1222fcd954222f651166

SHA256
729893c168f2214573208bbd722795ed58643e3f5f10e8dbb2a1484f80db70e3

SHA512
837c13daeb65962042203bf84ea8920ea87f34843dffe73c931f96c84c3d5e5a555a6aa55995c60af1609bf14b0b89147cfd62512a9ad26a423a1ddf7e148a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4265713e3df8ebf2305fc7ca52c5760

SHA1
cf51f811e621c6841638580650226fad8e07c335

SHA256
ab18bc9dfdf4d9f221f89010b50b6b8d51e080daf278dd1c8b209bc613c811c8

SHA512
e14815388261f681e41391275fdc9f9bca8b715b870733823e259e2b0f4f608597616df14890c574431e04c1d98ee2b2b03c954197df0487afaeaa76fcd1760b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca085bee10cb09a229cec912aeac6a10

SHA1
b3952d0be47cf958bd86b65ac088fc13db81eb7f

SHA256
06eebaa871b655812487d026c70b97a2057f47350783f1f3dc71f9c41d266476

SHA512
2a8866fb10a20c81eca48e186d590af5c4a1c5c483793e5c023271eb77820d0a053eeec573bff1a2d85bfbe612212d53918d0c33552bb73f5558ca648175f975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7bd4470966951cfba1cfc4af4e5f7a8

SHA1
f65f1fda02b3d39431ac3efc29047c53523001ce

SHA256
ce0a8cad3fa9eabbbc48a4e2c2a558d48738f5590a16c34c9ad9c94120afcd72

SHA512
14aa40e615b898046fa89ca6e5e69a3a7a85a7ec4ba4e08b9147f7bff7c946be0d326c86650782c85c65d8cc546773a490063b2e2577172af0097cf39406c9f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c5e0d8fff25b84de8b5630fcb61814c

SHA1
aa940735c1685f6965bcea3b35129aa9c06ee954

SHA256
940737988b87e41215edda50eabd0cfc4392eec6b8f6835d7b180bdc404ccd38

SHA512
73b639ff045f8216841d9fb9f716fd56b477b512fa942950eb38708d68f76a00fcd2a56202ce0acb60fb2e09ffa1eb2026bfd160b00084b5d30b126314dc25fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87e651f5e31df845bab1475debb81aea

SHA1
d004e44ff5ec8f4e64f1ee75fd36afeb3fe9c496

SHA256
d3add099d7ca01162dd465c6229322c01a55fb94ed33526a2a5e4e1e5ac7c0bf

SHA512
b504209ff6aabc3fe72ed4cf4c8b39963c00ee6be93351560cb7ad7df668933f79ca0cf1ddeb88eef372c9620c88a6f17ece65d9988db73795810f15076b6c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1824.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1875.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit