02f881d40670ee41d93dd8617ccc47a1615180b2568c348b4b33a365af1d5af9

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

513fde71b5d66b8f80314f3119ba1b77_JaffaCakes118.html
Size

37KB
MD5

513fde71b5d66b8f80314f3119ba1b77
SHA1

4c7ea71662b2dbee97326b66eb4b679f2240cece
SHA256

02f881d40670ee41d93dd8617ccc47a1615180b2568c348b4b33a365af1d5af9
SHA512

cdfab29e278b401d854464295630e2accbc930b19821fb961235653963ce2ef779cd3193505b6e17b01a1783ff72b82465db588c5adbe718d4357434dc0905a9
SSDEEP

768:s+Xmr1gbJNShyebT4FoM8e5QNJJDVGP6zFzXOHWlOdNe:sSmr1gbJNShy68FoM8e16zFzXOHWlOdA

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A12D0261-1488-11EF-BF51-4E559C6B32B6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422138119"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2992	iexplore.exe
2992	iexplore.exe
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2916	2992	iexplore.exe	28
PID 2992 wrote to memory of 2916	2992	iexplore.exe	28
PID 2992 wrote to memory of 2916	2992	iexplore.exe	28
PID 2992 wrote to memory of 2916	2992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\513fde71b5d66b8f80314f3119ba1b77_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
f4cf43768f928b60fb50245aa2ba197d

SHA1
3e0b011b6299fdf46abb2234197465a8c1eec0b3

SHA256
7fb836a3bc5b532f165b3aebfbe605b22acdd379db34939f47456864efebec13

SHA512
003ee0a6f517bbb47398fa6371979797d6810714adb234da3db3dd06c7509f39331adeb1947a2282a3692536f36f622764356cadd4fd0d952b18dd332338b666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
0e57294ed75d5737182607e95e369e00

SHA1
ce97c7ede67ff772d0fec9e86b60e8fc3c9af708

SHA256
316de0e1b5f70f35db62a1eae0574273a7a6ca8e556ea306dc2c117d87670aa1

SHA512
6d2f2907a96507b343fcdea6e305c413dca3edea0971f14301f60b85083cbb7016d7ec3c2ce8226f453cc03c02d77d149260c3eb8cb503c94a277af5c9b438f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4019eaa3139929333270fd8a777fb44c

SHA1
ed6c4bdebea4cd5fe96a59665be3f35b0ad6bb39

SHA256
bcd2b1667d795f4fada6573c97c47ba0651c8cf849d8b1a41df95f10fbee11cd

SHA512
91ed140e1aad68e9eedff0ba81d6fe0461dba0f40a92f6787b347c55ddba4eb5cefb0ff29a566e9788c5f4f2df565601f012f536617879dc854bdafa5241672c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d719091dcfb634dca94f83a52170ddff

SHA1
b8ee79fb3b532208acc0fd4dc1b5d73871cb355d

SHA256
f8dc41a35df976064498039bd78248ffdf7d7d15bdf1931d3ac00d0d4d02174e

SHA512
03f6265e39323ad09f92712d706c7a95313207043a659c6618436b698e0f691802bc8480f13cdf86b320ea96b574420a84acc50a263c0374deda1e3ee65755fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e61b410c381599783b2961b59a8a4b19

SHA1
f75c86534c3d23dae98c1409615baf87121b0a87

SHA256
2e208a256f3c237add5366cd0678dab5c70a51fdfa074a78a7071439bf34a999

SHA512
8158fc9ccf31cf3407986bbad6f6daacd1c5eefca31bf1c643ed73bb62cf858e2c8bfa7981a39acc7d27138bcb2b66c664a82ef0cc5734fc07e4ac8c08f49e80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe61eec8f6f2f882049752d64b008c0e

SHA1
9acc873d22cc5a712b4948d1f1e1d7bff0d90d45

SHA256
3f6f21c8df191473caa78b03aef6466fce2dad09ae66b7524c567323f9af9e7b

SHA512
a578522a396821f4c9172206f77721d0e0fda8e16d7227327918ba1aba6971d3acf0d8c13ec986b83a120e319cb6b346d4faddfe0e78188aa350baed2ae5a8e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea64438e9e1cdde45d9ebbb491052226

SHA1
9b2d905da96f68cb3d16e9a967e1727437eee76e

SHA256
223118e6b30be848f60e415521aa16c108a4dc4c06e475eb2b051f962f5a4092

SHA512
ee84a639af0c8b92b386056991c195904ffa4d1a56609e34f622b03c5fabff16729875c4dba212b81edd81c8bb468f06995b1c91d000fcbc3e72d8abe71ac5b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb1567383bf34169a966fb19ff4f10bb

SHA1
4c085b9a99b152b0908fd0c37666f71a17583f73

SHA256
4a601fd38204bb636ea40e82baded3e4884dd2d5764f6c0466beaea4b0b9f1a2

SHA512
abcda8bcf664b43b3c6bee6e5688929a07cbfd0ea42e6c919eaacfec2d735fe930f5fa1ebbf6eb1247ad155775945d77aa3d7f6492ca73a2d252c65c1f2c0b97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12fd3b091fa097bc45cadbd7b7badcde

SHA1
2e445fdc317aad6bc9ce24b95698bc8fecffc13f

SHA256
faf35b59920f095f56e73ed4eb8f44148791b1e9388a2dfee7cdde9499dbad56

SHA512
ab30c9f173ac081e87f823632af10c3cd552a00c7edaed9ea7e99398ce7d92671006c89b82be5813d1386277fc589d563d6c17c457d97937f770c7bb2fe426e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
011ffd85a587339dad79181624f5c17e

SHA1
ba519853623648a80a4fa26a618f8b7c54b177b6

SHA256
0f2a4321a1d7663b2d0826bb33871bf4b5f1d40a475fb145bd4e4246ddcf7cd6

SHA512
b40cd911973d83bfd66e6ab25f2d6d3d6248c757d282a0fa0923434d171612621b8e358d95368abb15044056ee5772bf73e2efa288e2da8dce1ef13319125d5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
497f091da9af7941995dfc73fb0b1704

SHA1
1938843d86060e41eb9326162376464c80195e23

SHA256
bea1a7c37264a65d800ff16f17b1f1701611886cfab9342ef1cbbca0495be0e6

SHA512
56f2265574a52a8779f055aa52b11b6b4c62e60170d6ca36105b3357387a6933259e5703e02760e4526edf2996f9f1d83bfbe35a8a9c8171783fe283c2a6dcf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f664e9645753b6ab0bff8e47b4dc9a0

SHA1
97918521f7bc71acb7d8525457ae54384d4e85eb

SHA256
edb87ce4bf3da9fde9eb16ea2ad1a8b7e42fa7ecc6fbcc8a666c76f93132fc4d

SHA512
c943a9e9e22f29c56690178d992e087905329bb5abc93e2cca3c16f194bd501fb44430f590692a17507e9c4a8cc245faa75b2d777129f857c4b4eb0641e458f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96bc74cf85b3e8e0ed30deeeba4f85b3

SHA1
79c50d17402a10af8b38a33fe3d2eddefd8c3715

SHA256
bc6a33293684673d5dfce097ab3a65a64cec6a415ae6875d0ebfdae69d16d549

SHA512
0fbd5b566322603f6c3236e2578aff29e85fabca4d38a057d35063a5f4098b6e187a75213bf5cdb42f584f433565f88f5296f0f0523bd80f283c47d81fa23bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2840e8fe2f4f4f78b6c277bb373dc67

SHA1
ec2fd823e01cc7f2c7ef9e9aa1d86d30cc2c5338

SHA256
4d35ded7a0e8b8e7b8c55ad7cc3e1d92def8dcbcbe3dd5770fd090ec86ef0daa

SHA512
5a35b033ed7f9f1b2f82d8a46213832a548e13446241ac4d528ee886f1d4fd08d0ed062feeca87028eda14a600b8c498aa49d4f8099d91c13332b1f2aae02df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d92e0717ac90c87b6a66219453012f0

SHA1
dded25699e6cd965f87e8350ff4422e445a5b30b

SHA256
a6d9552c8c5d0e872d7697056c9854e6578cdb99ef01bf73ac9191bd8315e838

SHA512
24377b36b4f40085e082c21bb23b848a7a3cb09678953d5b085ce3c18fc133c880c1c27546fde5474f324dc995c414d689122ef523e2468b344ae2684811ee62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
28f256c5056c05287624e86e1c7ac251

SHA1
46350ce6058c786a83b96ab10edb6db3c0496847

SHA256
3c935950d4d34534183e3c89e86554c7401fe65c8dbcbcd70f9ca177da7747eb

SHA512
5493f37975b27df5e16999c9e5da8929d62f0a68d9c3c793b7a5f2cd2e178cf4c45485ac916339556f4d03df8d4b88b79339f4ca1f13998fa733c2af67da98c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
3e133b73c27595930a580c60072138aa

SHA1
0566932a4df5e73465b174cb2dc1edc1b6669032

SHA256
d2242b37cc11f4b785f3e3252e3525b117867f3228f22a234b0cf4199967c5bc

SHA512
82da98ba0807bb6cc3384e3248439d95aba49442e3a29c6be2c592a5a270018f6dc7bf8ece283d08eac15b0c4570c8a4d5d55af3525c66b6dbf4dcd583fec2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\0049435be059ca2b14182033307963a9[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab24F1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar24F3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit