ef6f84e5a1510d476cffa90dadea9cee59065f21ce685f2350a8ed1e8a664fd9

Analysis

max time kernel
148s
max time network
137s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f838f386b4466b969c1d8ce493115db_JaffaCakes118.html
Size

18KB
MD5

4f838f386b4466b969c1d8ce493115db
SHA1

fdbb3e4b996d1b706dbd0821c38137812ab1dc01
SHA256

ef6f84e5a1510d476cffa90dadea9cee59065f21ce685f2350a8ed1e8a664fd9
SHA512

5443dcbae74ee819b960ed9eb1cf10115bbe5f257693ae6ba99969d312c2eb9c3fbb61bf2fae3f4b3e7daef9fddc63ce953c3f1a189bb7a7320441c14a449124
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI04izUnjBheA82qDB8:SIMd0I5nvHbsveDxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422102968"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8E50B11-1436-11EF-910D-CE7E212FECBD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2376	2232	iexplore.exe	28
PID 2232 wrote to memory of 2376	2232	iexplore.exe	28
PID 2232 wrote to memory of 2376	2232	iexplore.exe	28
PID 2232 wrote to memory of 2376	2232	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4f838f386b4466b969c1d8ce493115db_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d4d2f975dff8f330d21e4df7569640d7

SHA1
b126dbae3e583e96f6858a4f6624cf836ea58192

SHA256
7acfad01584c2adb50a327e61555c33e23df42438e66a1a1a8c40a475dadd9c4

SHA512
ab0258f49de806f53e36a717927a3caa5f4a2dab7112b6380edc47feb406a293f65ac8f94d563ab98def6071c39d75b4cdd8a8a93d2da5f45fdaf6d8ab6297dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1623a098072badf62b32413ee57b48f0

SHA1
aa304e68028112fa32486eb93240a628e820d186

SHA256
c05cd85ebb2deff1f856935e09ef256418ce3002be32f925c6caa5a18ffa065a

SHA512
6445a11cf1ce5f85f4d8919ddef8e82a6baf91076a839edb3b8a7feeb4b1afaeee69327681cec456aca09fe0cc36bd6606dbd39b0a37db6491be79319f89c4d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4ff40b3aeaa72512d616053abdeccc45

SHA1
42a9b2277fa295e67929fdef0b2acdf77dfdd182

SHA256
4e7f9b3e63bbaebb147bb683de69a6eedb2b300bc68469f1e3989189fcd8e40c

SHA512
0823a38e8c00bce6a083e817e4c4cce942aaa380b1dfb62a55892b670b00c97de6ef80d6eef7d1e6963390a3d2cfd2238598d43d6b5ed6378178060f309fcad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3c7dcde31ef78be36ca721c60c393f1a

SHA1
df77fac182c03ff63e1d925bd89743dedaf86b4c

SHA256
3efb82ed4bbaf022b4fef35c747723f1079c3951a4eb22d4885c4e2d187db215

SHA512
c239e6860f1a306ed803cde0dcd0ccf7a80dbdb831a9ba0359682233a7330b49655eabeaa2c021805f8681fb2b2ff1282770e04255c84e470537c8956e17fbcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c06ace16da66e4ed5b7c72df1b21058c

SHA1
d7b9d607bc4d0d4015e7dee582d190905e9c3fa9

SHA256
ee49967e6b0fc3c1a78293f6a6ca5f9824f76a3a6b4cbf8b57b11a74529352d2

SHA512
f85b2baa370290c16323bdeac34e966ae5f3824a8753b8f0cfa7dbbaea7490762c2fffc459a4a353102270091a40de501ce0a88511632374a5d8ccffcf47ceec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4ca77fc1eb403343d1e365295c8aca05

SHA1
6efef2175833c6278bd94f20bef4183fb5c3c149

SHA256
f1477204187e3aaa28df8ffdd2ae6c8caa9bf993c4e4cbeca8f9937b0810791a

SHA512
ee0303899aae413a1b3f434eee0d414250423c76791743b278237738a81e660b1c2ddf200255f4b0a28bbfcd341b0f8099e9192a89d0c9f6b781c7667276fefe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
398fe14162e92ee47b602e2d9db03ccb

SHA1
426f320ab4c6e4f2f98ff3781a4bae78e29a10e6

SHA256
5b22fa9d22b1e3c692059c2a2ecb5cd76f88639e2e95e874d25ff689675ea9da

SHA512
fad8aeb27adb980589a61322b441b8080c91b9af4f924e09398560c73552f9b669c9d27d88c111defda28dbda22f78409c115fe17a3cad41d96c2ed3cf78ad61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9ff0e689abea6b25b64cb0273a287a6a

SHA1
97294afde14c44de5c9ca48a27b2d217d2fba941

SHA256
19b6f03dc5e4145f51c5a91edc37dde30f77312d0490f77ccb99698d7f5697af

SHA512
acd841cf5e41c627ba422535bce5977d8f0542d340a4da33845fc56aee7dca7d33eb88130ec474bdab6c90747e38c0f7c67f84feeb02116f1650c9dc2a4f4895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
18ee99c6a322822cf4bc927e54c5a7ac

SHA1
fe426eb5bbd359597f79377dddd4854e839678cd

SHA256
a7b019638afd3e029547ed6445f8d3b981ca051a1f492c357f75fd5b75af4d25

SHA512
4beebef7b8054348a4f58411aba780340dfe446200e43cf0b9fb41fa85358bc4c1e49a40a7837e2e1766c9d66db49444409ed5fa44c25599914d1c618501a6f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e7db925498c3f9bd930bac038da21a4e

SHA1
07a2370cb4510ea40aa550484e64190bffdd78a3

SHA256
29e14a999ea18d5852e33f61e83dbb335f3dbb0cece42485d29b9f603861d3f2

SHA512
06fb5fc471a3e73d5eccdfd2baa3242487a14b88859abce91d34eea661ec11f8517f28933c3848a37526424d62e68826b26cc6e213d34b59e00ba61cbaaacec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ab51ec7d98c6372600f74b2cfc25044e

SHA1
0f26be43cf56e19b0540fc09101c861b3c0dac40

SHA256
f8a2d978b250fbc8712aa8ffc7dd8afb88dbc60545dc43196c130b29769e1592

SHA512
340759cc2af6dad19bfe6af6f13a8702d287522571e9667d1cf86eaa12dece683bd8459a69ede8fc141bfc012e3e44e078f50a1cc9302bb3f0633b53f1986de2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d93da59e15397806d73446b1c44cb10b

SHA1
45da8606eea9beee4e6e0a212d665f279a2fb6ca

SHA256
404af03777ae049eed4966d0d6acedb892a961e9d00188d52dadedfad5a2a8dd

SHA512
a4683e8d778d33eed8f3af35921a27f60d238d3648db62ac18f7d15782113c5ce92442ac145600fa90656b8754065fcf86d68f6d7e3107ef320e9f575aafb7f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5215eb403da19974fdab483c286b25ad

SHA1
c1543a6380f1be1443271dcad69c4ec8a0d806db

SHA256
718dac101e43a39cfb1be5665eb25a566ea8460e98b0ab5b882be1aff0a9096d

SHA512
de08f3da4a1f9077a88bb1bb98701cf56d84ddc26063b5d11185267294d0a5f96ff4b22ec0b0a48505c39db7f47f0af10a258ee739970bd3370bc5eae6c73ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE53.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFCE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit