1cc5c4c20278a7f9605849319d198d9eeba4b5f5a79da7b0f98fe404b5291e03

Analysis

max time kernel
135s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fa4e956ae6bb490716b8d4cc99cbba5_JaffaCakes118.html
Size

40KB
MD5

4fa4e956ae6bb490716b8d4cc99cbba5
SHA1

d1e285728082506c0374b0351f65b01af1918b59
SHA256

1cc5c4c20278a7f9605849319d198d9eeba4b5f5a79da7b0f98fe404b5291e03
SHA512

75e351716a97be3f9d9f981dfaedc5fc0551542b46ad7b8adaa6fa8f81f9535f6858d7dea275d44467595c342987396f6e9ddde728b6955d267db57f4fd26c57
SSDEEP

384:qWXT6FYtEL7qmAq06IRpadp8H0Q8mL3+VzErFMERB5HWV:KmtWmmAqoup8HF3s1ERB5HWV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{130EEFD1-143C-11EF-8706-CEEE273A2359} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422105241"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1612	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1612	iexplore.exe
1612	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2088	1612	iexplore.exe	28
PID 1612 wrote to memory of 2088	1612	iexplore.exe	28
PID 1612 wrote to memory of 2088	1612	iexplore.exe	28
PID 1612 wrote to memory of 2088	1612	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4fa4e956ae6bb490716b8d4cc99cbba5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d099eb1b96d2ef4aea21006e6ec75ffe

SHA1
845db0929afd94f9846546dce2b857578acb3fad

SHA256
8683121a003a3121d55102b95c5c2214395a59a949d0929deb4ef3bf96f82f3a

SHA512
d93edf497e406d22a0e0f5d99088ec2656e8e3615543b0fa7a7a744571f3b5af9f8dc858454801f149c23edb05d31f43ab769f292f52a58aa2b8737001f4999e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a17b1452d81622130581f0fe22db91e

SHA1
b3e60b4672e3bc13b6eb7a853fd897859a7b5b00

SHA256
e10f4f90e8768dcf0cfc147ef0e51e85e041dedbb8feea9538d0a352155f0503

SHA512
5b75b366e5d2f9f2b3446346e12cfd57d5c9ac90d4201aecea8c2233af3afb7d9138df275a3a185b34547eedd00afbaa24aa54afe99e3e19b27361f408180c36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaa7fb903f0f8b4f4e7cb5d0e816e37f

SHA1
7fa5bd2b15fe0bfed3ad48bf5b4438f10e764cf8

SHA256
7a878252ee1a84df272f9c92e58ee4b9cd3794ba4959b4d8ffa9110aacc213db

SHA512
45d7657790717d3a296184e68a4ccd4138e4c1f24273a7f227fccb0ff06f92b15f1895e969b104f44dc6389740638c983df5aeb992d54e0a4292f737b367a4e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34503fc3a904257947eeec5b17412b78

SHA1
af596da730b0d0650cae8ca3d2c3a4eb1a485b55

SHA256
39c5c6686c375f6676e0eebb85e52b570d96dd27ff09a7659b1af049b33183cc

SHA512
9cfb55cbe8fe8cf11a87b2607410a28e3acf341c67880bd5a122b9c6716d8a367be796ecf6dfdbd4e7bd5f64c16d3816b22b7b7c4b2b0a96c15fd8392fe95d6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
571895fc605903b01fd4a619a8e2b43d

SHA1
2ebb72fe906619244efd99606c3fb48a1503c827

SHA256
7e26bba69d140888c314661130c640d0b02afa706efb57ee2b22ae2679bc5163

SHA512
358577e7af12137a1816c10eaf3f203573345eeb6e61845ef83b4c98a5eb7b448ad227da9c539a4bffba814311e188a31afe1ca4c8ffc8374137768b0eb064d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db4e9bea03751536e45a976085e60b96

SHA1
69d2670eed43a2ee516df9686f835f2f2c02fa15

SHA256
7670eb4c09fbcd21b6e4967aa3610437329a346ab8c44ceaeefde61861b4ea94

SHA512
deeb83787b68c4e3ae027b8a51afabb664a27a175c2dbae708ecf3dd785405dc58c2a7773488826943048d14474a570bdf224af8efcb9b86dd20ee3a5cc4a52c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b64a008e37c7eda3177d9f11aa48f2a

SHA1
9df943f7cb50795680005d6667a1c06cf7d851b3

SHA256
6b2f07a455a9ae9689b9801df79071a8eb763cb964f86a7f18969257c56af486

SHA512
d5daa8afe97206669e599437de272a78a45934a8b0181fe47494b88d015e38ec122694f36b50e4575415de8192eb484c714e471c9d2fc6354658a6cd9b93ad82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e85bcda6ee8e70b7540e3471bdd351f

SHA1
6b0afbd85a396036276a98d019ef3155a1a461fe

SHA256
f8c8531c5fb6bfcb559db0c5f8642232f93e547f9de9dd561813839fc5f888fb

SHA512
b98393ae49aed34a592493738b60b6031f897550b0e782aa9e7f11808b752ae327fa196bfb4d02ce8db135b8d96b33c92abc486911c27f958003da93c8d9b60f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
499d59280db4af09573ce4092ec1fbf5

SHA1
05b3e921c6afd580433b41081b3fd187f0941aa8

SHA256
25e8e2eb1f6e3bfa1ddd46f47a3d5ac9a916069b7bff02a1ef389dfb834bf738

SHA512
6f197f9bff6bedac22474325411e482e72f0684d2bc070c6d15ae7a10cf2b5530cc7a312cc3992f39a1a5af9474192291d6d28a8fc06ffe7780220399d58339e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3f1df0f64fab8a39eff3ac4f34b971

SHA1
1d4563de26fd56c7bddfdcbf26e00bcc61c798c2

SHA256
a1beaf8aad54521c12cdb1d45d7df8634ebadfa60e01caf052c0757d7fca2bea

SHA512
9878cb74a1b61371d58fd0bddaa974f53d727141c153ec4156c4ad40405fbe7f508cbb076e5f73c8317644c0b79d1c55d7454457b5feca1d3ff78880377a64bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B7DEC8A0230AAE7646A2B20763EF1C38

Filesize
548B

MD5
4bedc8bff51b97d689e1f20aeaf67ae6

SHA1
2a482d061db00108831e9d15bb611f253d3dd4aa

SHA256
8819b826d470a908e3325846e2839ea8a6075d46b2d67f25585731ad1f050d54

SHA512
e1822e86f59392aa9014b8325e6198d35165d992dcce512d6547a9ced4d21cb6c2b4651dc48e2da4e1c93a3d2fedb61c063fa66525024f2d59dbb4cedcb22e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fcbb3eafb7bb4fd511788e23070d7362

SHA1
597ea794d17474efc6a776ec6560f918be93c19e

SHA256
9425025682ddc5653236993cad18b689a5df492079e656acaad94160e74e942e

SHA512
a44ec588532e20f572745113448524cce47a4ff686aea22ca9916c082772954ee387b23ba4d131e78708d81002e4fb6dfa5bbbc3ca877b961f8242ba03afc4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\page-list[1].htm

Filesize
1KB

MD5
455a146b4589bd270fe3299995e76829

SHA1
de4c7ed6239e16160d2540ddb3938581b452d25f

SHA256
1746025a4731834fe5ea9ee8c44ca630bed61466ffc86312d2c18d613dff7716

SHA512
b89d8be5858a4c37305f6014b8e5aac7e495d1142e2972cd723d618503cf1071039025c52ba0b714b4e54ef78bd3f078bfa195ae9996541720459bffcbf0081b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7B3C.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9243.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7BBE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9265.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit