7518d80f10adb80bfd0736dcb8549d789a8e39eeb2104cd7d8a737724bc8f87a

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
19/05/2024, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b267fa4a7d89d1528f24bad84e74c0b_JaffaCakes118.html
Size

9KB
MD5

5b267fa4a7d89d1528f24bad84e74c0b
SHA1

551b9fad3a29fcf19bae28e203c0b83d320c2449
SHA256

7518d80f10adb80bfd0736dcb8549d789a8e39eeb2104cd7d8a737724bc8f87a
SHA512

724e315a6a7426e6553c9f261158b8fb9cf87fbad4983f132fd07205cfb5e7d980e97378545818d7be9a2208182ed18298328b66be976d85fb2a5c78a9c3263b
SSDEEP

192:lwg12pR4/Euq7EKQ213mAsvOaEcscG54w3vkiUM5/CD:Cg18wEucQktRag9w

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB59C7F1-1618-11EF-B44D-5A451966104F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422310070"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
1388	IEXPLORE.EXE
1388	IEXPLORE.EXE
1388	IEXPLORE.EXE
1388	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1388	1712	iexplore.exe	28
PID 1712 wrote to memory of 1388	1712	iexplore.exe	28
PID 1712 wrote to memory of 1388	1712	iexplore.exe	28
PID 1712 wrote to memory of 1388	1712	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5b267fa4a7d89d1528f24bad84e74c0b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cbae4f7cda1293e3cd6590478a18789

SHA1
fdcefb0d8454bcf4e1194db75419fc5c2cd2dda7

SHA256
15f004e2fa6ecd6985ac78cfcf69a22f27358e20f22af14150cb0af175ee5d94

SHA512
d96002dbc026ef22a4e89fd164a304aa82cc555c7b271e432c054e77d5eaca54f69c5ba5e750b97eaf1db86d557085d7c42df5a8fbc235aede691c00f892490a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f6943084fa254b99da4b869e4234672

SHA1
7d41bd6b61185cbee5d2494f3cd55fef20012c46

SHA256
99b827ad81fa4d19864cb27efb53306966f9bfd3e3dfeefdbd971096de6a750c

SHA512
c2c2dcb8ebde7f1055c2c41e585e284053f27546a22c5bf480139e3ddee3355b8f81bc61de4ad2faa7bcad1ec98772dc0f9a86e21cb96276711fd463dee7a42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef24859e2b908091fd536e338ed8e6cd

SHA1
03f3b1cd4941c3c4bc98230d5539246765bbf304

SHA256
da38894ff6723feb472863ce5e806de7a882e7776fdb14191a5b2edd2a9d6463

SHA512
436615fc3bff004b988ee19ba00df642fdadfdf74d2d71d9d068f7692194f741c97f6f2d3ccf587372a62f3f63150886f7a8d9b73aa4111fa62cd5e1757191c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fec1216db3048878a27fe84e3daee015

SHA1
868ec4293cae04ac9bf8b8b4a378d14e98d8e866

SHA256
3dfdaf460d3f1dec3c7a0043d9b6edb0ef5f1c4f855d8b1c152364abdf2bac8c

SHA512
f75f5ca9798e1a8582c80f57d0ade8fec9b987cd6bfb21f35c0b6940935cbd5e23e6e843b0e98abc07dfe6f5fb9175c755e0504ce06238d509108429627eb562

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
997eb2820a4c9b720ce64d77f466c219

SHA1
f2409e584882d1782d71305e574e2810e077f87b

SHA256
26d4ac8ee69d9efc0d42246f1388ec31f3b3d5e51ffea707a608b6d9938fe051

SHA512
53eea787adf7976f99634ac014171efd301e68f4fbbb91e3c8529c83c7ba6fae58feb5ee114d08637141e2a0fa12477014258a075e2660609d7605d636bcc081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cd853d6574976058a12ae95bc6d1974

SHA1
8a30644729ef8db477a6baa3ca755ebb6bb0ccc3

SHA256
2671d556037a5fd64b3c22e23a35532ef2dfb9f823556b3e763e4b2f0ebed0a4

SHA512
d451ef3d8ed56d72c4661e38dac73cc658b8ee646347dee0e20a8be5d6dd04475faa4efae5c30d295f35b090fbee8a35a8645157127d0d4cf2518867d82bd408

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef2fb17586020becf4a7581895540013

SHA1
7f8abadf6be7535e1edc1cecd37a502ef1d620d8

SHA256
4a808cd0120717b010bb63c71ca663b5e180d02baddc27b3a560c8f963b02d25

SHA512
dda8b4b7c392027155a17a34626f20dbeac41231f23e231521825a9b02851587c98918592dac6de18760b86ec080cc9735d84963b4b3ee3e80737b082a6b57f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7954aa1f644284e4a832111b60df6626

SHA1
cadd45076a13915df00c9c04b0bf817d3a88fb76

SHA256
ab3dcb4c47f6c9223582c0a907aadd12aa3cd649f1705570b9eaee09831acb05

SHA512
cc8c6b5081e36fdd7512fdfea8b09a547a8389467f7104dff8d651853a9f5da1f10ba633deeb1c807b9993eb794ede4b55873e568b3f273d62976b3b9669783d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a49516521996eeba1b53909fd217b60

SHA1
a979d5fcccc3e362c726207aa34cac7c28e58871

SHA256
15d46774cd7d55d5286f3300c1bd61ba327efaed7dd1cc385cc6273611b2bf3f

SHA512
8629912b7c34d05c6b0ff85d7657253812ff209f733efecd3b1ca66895d14663b0131bb4abf6e95e2a50f1ba6c74b69437ef79c7dc79ed555db9ed416de035a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eeaed10a86911e313920251e46b66b2

SHA1
c4a1db5fd7e22d7251969befb6d68f3c7ebd5df9

SHA256
ebb3be9ca3120a48fa27d272e153bc9c212776985b8cdb237147e0423c1fa0d7

SHA512
f2f793d48f3015dc1af2de8d601ab16224ece8d09f97e1487da01ecc6fd36e2709ec7822f4863f7913178f41e7c076b746d0701b4330f8cadc9f6297416af745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbbd51b91bbc8be94d4e075d68cbb3ea

SHA1
ca38aed53bf27deb0a93f0a0bc374017bfb871df

SHA256
182c01d65781d1053b860bb387f510c9bd1fd8bb21b6ef4cb84f09d67a8096c0

SHA512
67aa662ea4cda9a8c0ae485011a1fb9021f3883d12363a50ebebe60340d7ad76b9f848582b0511b4f7ad5adb48d0dad18da7afdc37ca93d1547b9308cfaafd9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddeea263692ca78d64d089e7bec8c34d

SHA1
942ff01ed299c0b04056bada1ed910597f8f8bc4

SHA256
d905f5c4dad28a8fc722d513f9f4e54b284e73a0e3f44658abfd9081f68a5491

SHA512
4bca09d8d52d5c53a8961eb5c26bbd7932885da2e07da1adfe6469979d3f9b40562606bdcc19c37dd10b87587d449ed914388f5114d8d3d86e49c7991e899005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4df142e3963b8f9675585f9d01ee0c76

SHA1
1da738f3985ac88f3cf6cca675781fafb1a7e358

SHA256
71b9eb59e1360072c71b5f68deb05504c8ed22e0ec54002415d17963037859fe

SHA512
38ab66f91914a681cf1328898674fc7cda415d7bb2c84434719d8986e3fb758cc905cb405d8d4d458d7a3154faf9a8adadb11ab836b7989d018de55c090896f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
857eaa4f8970da0ef04a88cc81a9b86f

SHA1
38f096bd28699383375d0480b6f38a06c9dd6e04

SHA256
aaea0bf841a44674babed468e40cb4c7353224db438a03f3556e077537f782db

SHA512
3d7d1dd41b6e59cf771a0d4f56d2913a045d7dc946634a2c26af9a6983e0c0ee3d430e9c5e7606707da4470f97bb9a8d7a0d675e75fdcc8142b2bea4d6e5a94d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
775a556241f7f2082913e208f0e4b7d9

SHA1
a3b8096be22f32f3459b5bcd1fb2a8372c62ade2

SHA256
f7fefb29eed99c37b758bd3d13a00d11339cc19bd5535cff4ee82d107c3487b1

SHA512
28d1920a00a436fff8dd52bee6d2c5b3e744c3673bd112e4ba8b3fd83b70a6f2c4295651f8009a0120ed7922d778d1c42d1a2f9ef992af863dc97f9d7c03209f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41b40a1160609534ce695e503bd9045a

SHA1
262a0a961c033280ebb97184715df37ba3154f2f

SHA256
6862e2c1436b41eccc7471d774117ff81e7c8d122921a299326e977da2d990d2

SHA512
8991ea4fbf6388cd620893f1e5ce483a9fecab83ed66dab7a25a3379bbb0fa433aa1ba9a5f9fe875d8e17a97d851e3542ccb1c0552f061b8983ebdf649c2fd99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9e49604cd5d7d29006d85cb8a309c2f

SHA1
eec8f30483b7d3ef854253407737075060a27d8a

SHA256
c6b6d51b403110dcad6bb24061937ba50b2052d3f3cd18a080c1069ae5d4da90

SHA512
0b7b01aceeb40196605e992f2b2a89c4dfa411dd91e87f29930dc9e8b0799382317dbd4502c35090bec00f4825f4f82fac46b2efe226ebc84210931b33983ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21dec3f849b8f666b32ed81d8af30bc5

SHA1
e0f4bac57ef7dadd4d91f9ee59cfe8c0515252f1

SHA256
f044ad9dae85ec30a8eab3a10985e90d33493881bcb2206fe0eb89ccfbe176cb

SHA512
9510ceb7c3ff3be72422297c4402a49ea217835071068a0414d32e594bf2822363402259f6704c30d7289ee51e27e64755d6d5626468dae4e7ed8feca2758fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab40AA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar40BD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit