5cada00c458a5994f682853e36bed5b382c63682935487cee448cbe7f514ad36

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50061dd9ad7a6bfe477f77f35038216d_JaffaCakes118.html
Size

220KB
MD5

50061dd9ad7a6bfe477f77f35038216d
SHA1

9d7d8a397a1f01fe89a3a2019ddc154a2e31961c
SHA256

5cada00c458a5994f682853e36bed5b382c63682935487cee448cbe7f514ad36
SHA512

b2c0200da9cf5a2f1ea4a62d82b5341cc30310aff82da728372e85ff1d6d42accdf1a0e0b99ca521bee9bf4a89085871a1f6954c2708d37ebdb4194a6b2e1c2f
SSDEEP

3072:S4QlE/mPH9Hb/uVyfkMY+BES09JXAnyrZalI+YQ:S4Bm/1r9sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422118517"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCDA5D21-145A-11EF-A34E-5E73522EB9B5} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2236	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2236	iexplore.exe
2236	iexplore.exe
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2612	2236	iexplore.exe	28
PID 2236 wrote to memory of 2612	2236	iexplore.exe	28
PID 2236 wrote to memory of 2612	2236	iexplore.exe	28
PID 2236 wrote to memory of 2612	2236	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\50061dd9ad7a6bfe477f77f35038216d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e25473c8e7083ab87d77c29fe242ea47

SHA1
89b41e98a2c6b4e864e103f46af8efae6a404522

SHA256
dd4b070e515964a03a79d176109fe56d14fa2ca684f0538b1f232578a97c5ada

SHA512
6386c8f6b0c6b7a057f90220a6264afd2b6f747b0f7ce85421cf3660a34201931768914ed48d179c42a57be832da43f32f22c8860c9b713b29dc27668734a0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60673ad7a7e13dd146dfdd9f4592836a

SHA1
4c682ac4222673a667301e91f7f0f8ce0a8a285a

SHA256
5657d2581467d56db1a761e045c8fe4eb2ae0eeb048a8fbd8489e44a1cf22359

SHA512
8d5fc8bb1347d49eb4d1cd30f3db8bca35d355ce2f51a3b6439622daa721920f42be1f473c0a72558448e0f2e61fdc984280196ee993fdeddac0444a3ec9fb78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
830914eccfe103de759faa9435ebbb7f

SHA1
e4fa833cda868bef7a8a22695fc1f53c3cf8c7b4

SHA256
098e2ee698803ddca7e31517fa64db56a44e0161f74f83fd9c30cb83a3259800

SHA512
474f78b62c6ed43653a4d31a42ee4b631cab9ccc6c67071dc1709ef95f0b7da98c178899cbf445042c18162c463b741d9ea5f3ab43af1d268ee12eadcf5459b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f521ae0b33c9ac62feb11e3c43eec287

SHA1
8a3cb9fcc7edbe4d9550887a86b7b64e12eed0e2

SHA256
0f570eac208cf56c771b593a42ed3ed63da352a137614b4a8912599ae30f5e2b

SHA512
8b5f0e03e5ccd7ced4178805e64aac9ba5e14dca5498246691d91b54c851094f21b69f4f39fbb738daaddf390ceb458bb325de400d099a1854c98969ba628525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dce1d2cc6e1724bdeac180dd52ac791

SHA1
fc8546d5f0ad49df81a30e0ba762c41fffcff128

SHA256
3a49bc397358993ce6fa6f9ea0c1f652e7f16e8df39e3020641b527c860801e3

SHA512
9c3929063d3c51c750037caefd9859af2dfb333ab4e110df3e128034c4be0d42e26e809b947f889a32d820060db397ad29b614970d2a524216ce2166825252ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1afb9b4c6219b724a105bd335c07e26a

SHA1
d7cf06eb27213889b69e1883528bc9511dcfb4d2

SHA256
4ed5c9b79e1c5dbb33314024380a917d96837669247753b9cdf82ddcde60fa6e

SHA512
2f5b9a1a9a6a9a71299feb07780e78200fd38f6ba67b690264354ed497e26f724010dd02549a754f5e286b377e8fbdafe7809d2d38ad99f538c5073e7d88ccec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7278f92c9f6f76f5d2bd2ec4b68917f

SHA1
43b1c77e3473a6366be7af07417067b17baf7b64

SHA256
97b01b5d5e45f3aef3d4679e9df79315e291efcb3ae574e966382f7c45a0ab1a

SHA512
4fc67cabf4ac275df19434675bf76d67cc9ea418af3d54e3504af25f01bad3a1befddd01186812ad4338c9e367093ebdd601ece86a3b0ba69b79e493342dca22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d7e534b7870a8adb9f21db63123cf00

SHA1
2452aec886c2894a7d00ccf99ed7a12b20f50467

SHA256
63ce76b889dbad1dd3a00d6d6b1c0f74861567e2f528d56cc0e221bb6da2d06d

SHA512
15289f4a9cc4d621d5757ba81b2dfeff3f1ffa6d80e434fc4125cca2b128784dcbb9e1f562b8f1f8d52803676448269ba64e3ca15a51a0a7308e17aee03a4cc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2cf6771cfad24619a17cad3b2434246

SHA1
efc396e0aac3165b2cc729fdc1a50a66b3a65031

SHA256
4fb4dc348427bda3b0049e39e4e4f7c9a3823c30a9a2a9fb5b29ba763bf2838d

SHA512
46bf2b41621682121194ca85120df31b0570f03c583746efd9c31556c71d58266bb0ec46d3f8edbab646f7db76471ea0c21b9ef184d5f5c86e1ea67bd56f72ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4210c41c189048886cc55bfd76948f81

SHA1
b2c122445d61318b59b342d096d2046fe69a1cb2

SHA256
9b847c4ebd386677ec5bbba0cf996ba01f371ae06ac1c92dffe548628f8391f4

SHA512
c9d58b36e1fdc98e24a0e163c2a6293f69a512a36f1a8eb4cdf9a23c3f9c0856722a93b813c4fd19ac244985d54dbadb339b9d5c2b421f8caca3a4a5dd1eb0be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dd870cea11896d02ab9257d0600ebd3

SHA1
b83115b8cfe665b4deb9c0edf6c9b7866c2b144f

SHA256
a599ee3b0900ae1c20644585f236621246fbf22fe3629c0dc56f4c7d8a3e2fb3

SHA512
bff7986b38b4920b1de8c2d115f38491e1e238891be42a2c7394d98c0afd5b72971e81c840036ef23b644f4868b0c5ae9ac945d6d03dfebe69195b7a486abff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d82b8f66982588c0cf6fdcb2bd14e80

SHA1
6ee3a6a8763846200a4a12433cd3a15c13f68265

SHA256
370cc1710429f5f3454b87a5317bb529b0393be2fb8ce76acb171c62618fb0fa

SHA512
f7b6c5f9da06d5ec7a5e3626747aea165bbf33c83cb87ba6e49290a3810f088f7827e1eb1e7f31b809452ad3c8c6d84ffe4a213e92767f8d58dc942d74a77e6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63f60ad85224eb5c4f36031912aeacdf

SHA1
dfaf7423e1b3b85871f5598fcc2fbe2007955ab7

SHA256
36b119537a923a9ac0481786ca4457b7a7799d676bb77a5def29b1fc603b92f7

SHA512
7d18210f7ab6f8b33c8f0fa82bd3d2d9212076b5c60acf8ba05e60f5fab6ecadacf84352d68e3bf63583da4c942e338faaabc11150768f5a6dcd78fb27f146d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25a45693ad9974e2ef05b458c6241f5b

SHA1
cf5de25133fe02adfc06632c78f693f641cc7a0e

SHA256
17300b2a0df1c1630722b282c713bae5b13ec6fad340adf623dff8cc14e192d5

SHA512
4e2459dd1c4e3d62cb77dbc7f63f35e460c914e9e23048f2ececc7aa5d21bad5a9389e4e6ffaab04ad596fd7b3c5e0726ade46ab39639d1092d871d2bd82c121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b7505f96be6d045cf30d09ffbaa7e8b

SHA1
04c755544b825977caf80f8561f055684d34b855

SHA256
46dd14d09d135a632465b5da6957811311e963f2f5eb64c540eb7743c2e5b91b

SHA512
7959137e744c2f80af4d3652e0a4011fb58cb286c2c444370245d5bc2e92876e652be4bb6634fcad2fbe81f177ed216c17c0b04351e099e432bd236019fbf120

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C50.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D70.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit