6b4c1877d4f9d614e849e976e017b51a3567638dbed447f0a0326d50abaa526b

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

614411259f7e5503046d7ff075947374_JaffaCakes118.html
Size

116KB
MD5

614411259f7e5503046d7ff075947374
SHA1

e944c4f44089f49f0af76d6cee7eb1a9565dcbd9
SHA256

6b4c1877d4f9d614e849e976e017b51a3567638dbed447f0a0326d50abaa526b
SHA512

a17ea898d258310b0fea370621e154deb40dd491316ba8a199fa61bf1cc6cfe3e194128822661e68f363cd8c9f44b683badf01258e983fa6db19be4aa78c0000
SSDEEP

1536:3w+DcJfIG5Q6dFJOcOHoR3hcHGS8tzs5N/ct:qJfIG5Q6dFnLcHiaS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2ED70611-16FF-11EF-9A09-E25BC60B6402} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422408942"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2656	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2656	iexplore.exe
2656	iexplore.exe
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2908	2656	iexplore.exe	28
PID 2656 wrote to memory of 2908	2656	iexplore.exe	28
PID 2656 wrote to memory of 2908	2656	iexplore.exe	28
PID 2656 wrote to memory of 2908	2656	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\614411259f7e5503046d7ff075947374_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ba4eb0759c53f12bc525c1f72617f5ef

SHA1
9f9431c012e8120e790d3885891aedc1d41f9fc1

SHA256
7b9e2faf150e354b9ec308b8effac2268b96bda1dab6967f13d4dcd8145f66a2

SHA512
cd52f29d11ac5ec8edc83455519bacbef0f8fd547b3d52091faead2743367618f9e8716569c4d1b22ad41755069751839404aa3c42c10695c67be4788e57322e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d12bf228a01bc120d72d57169acbf4e2

SHA1
c0670d64c6c5565fd342b21c6df11cfccab19b48

SHA256
71572572bbed203097c3cd0db8684bc521ba170de1599b7d0764b6e7d5966c86

SHA512
7462c9e2eb5d20b6a053b4a66b4aa8f7f8bc569862db2d662382948cba84123fa4c4bb92c0c5989b7a6cfdb423f3c7fc8246b95a0fe22f0bde49e45f0f0b4419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf555f708984f4bc521cb22ed5543bb

SHA1
55ce551603ed59531c80ba095f0b8abcd6b35926

SHA256
cf6d05779cfa8c71b5fc9510c324864b5875199c3a3b40d2c5363c3199d7945e

SHA512
bb8c6116640b36d9a2d63e9768e0c3fc2655e4c95f7b6b07cf55c76923608d4c9b0c2f0a99b85df674ec8c521f6a8d61f503c811c19303f95a1097f745b6f3fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee7195ee944b27506c875f302de9a71f

SHA1
0b56f332484b7a0cb41b95b99cc4bfae472458a4

SHA256
1243d4f224e46a504e55df35e52b6eb36cfacf2ca3e34ec7fa8e6d612814a43b

SHA512
f9130fbfd28550443c066bdf0e7072c15e8bce9c42a0f2c3f41694fb8d909c26e2ab51a9fcbfaa81cec767332333a3502b2fa67e09c697fb36b4c25ec9e8f37a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32754a69fe4c1451d372f571f7e43bb7

SHA1
04d7c5ee56bc75dabdeded2f437b57a05fede567

SHA256
be7154d5b793ae3fe114e0f75f74c15cc9950b645c3ee9dbc316d4275c54b295

SHA512
b6b53092d0a94f927eae6c8e9ad2826b615ca8c8639bdcbcb001977e063479d8c8cd6b16b789218e4f640752801f56d727c530848a9604ea61c713ccf91e0ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c6885b0a251531fef240dcc48bfc05a

SHA1
4302d0798f5b0de92bacffc77a3d8609afb77f72

SHA256
0dacd337739d537a9047bd15c964ad77b088b9e573046661af4dfbf3c26f31de

SHA512
022ec500153fe42595dcbe09b3ed7aaac689dd46454dd291478a23bd3f7e4740af0abedb1aecbc2233217f37efaf38bbcf941477197d6acb614adc49445c27e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eee001fec9f01027f782d847feb36c80

SHA1
417ae788fb7f9e8c3ad1b5d9e0fd338a957b3b97

SHA256
7c9612877845385c8b8bb20ba5bfc0fafde0cef06111db47a7d59888838514c5

SHA512
3d1156f562cba9794c599eb195b9386bd9be6790c42228b0d5d01c73ae975788d992388212766beac7294398d323ad0dbf5dbd2a8b9484aaaa204563d4ffb17a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04053b58c39f6207e7499d0dab27dbc2

SHA1
39bc856859a12061d6a3b58d4ddbbc01020455a2

SHA256
4f78fc55339ce80b30842195e116f0bf851d8d103ea5b0cbfc43e757afe253b4

SHA512
a100b6b025029d2e33756561d397f0638998d37c0cede31e584887d51e684b10e5fdfa3155b040305122881d84b30665724476d1e61ca25339726e0c9679263c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef3bd913288a926432b68df0bf806c35

SHA1
b384f6adfa9442a8c0e09e1ced8772cf06d2115e

SHA256
9e045a5be30b116dac11f6755bbe8c914f29e5184a12b29ccb2363ccb42f63e5

SHA512
0bda3a0c34c8e1bd4e6cb24043604212305721affd4066fa7a15b78eb00916d8aa3dd3fe21dbb5cfc1ad87d924d7ccc3567d315044ab1a292a1592c37e3e8f33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f1485c39c1f89d4cf950198eaadff16

SHA1
fdc31c6f62348f050b65178237fbdbfe909592de

SHA256
74ee61112a55b945379c230b65e960211505b8d5acbe2268bc01a52d3bd4609c

SHA512
268fd97983e1333d7ea03adf35c6b893d93878932565de25d2fd623b301ea80c037e70dda5f9d093391255c96a514926dc58858c602bc3bbd011a705c6f64337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e654ced31755ac4b85b79d5625bff84

SHA1
a435f6f5a978c72abd321e2c0d8997d4af756ab1

SHA256
0435ae60a07b38f8ac276951762a757755d76f83cbb212a41c14e24a06b9e94b

SHA512
54e71f4e6a098b777cbd751d36883f734877abf12e6cc6b3eb79cfaa5ac070f171a0d4dde95ced2e18e4bc03dfc698378d805a4df1a5dd532ea9c00844d7ddea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
36d1c468ca41dae24366cbd1ec7e3422

SHA1
c9e0272a6539817ec42944e5a846b068fb86059f

SHA256
96e8b8260ed0ed87e63a06d19130a679fbdf030fa35dd323e52cf1b58242d6f4

SHA512
6280092af7b6f0b98b82dc0538b14da0bdaad1ee62c2ff950ad2cc3e4dbda1b1ad6e194b200cc637a3501085d9aa7d69a0da9b79d599a63e2e14b8000f2d612f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab77F0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar77F1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar79BB.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit