bb395e2fb5d11c3b3e1b1df9e36e2681b84658f731d3730799623ce88bd3f974

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d1b6dde1ba1cd32e0763ec5a1dd4958_JaffaCakes118.html
Size

71KB
MD5

5d1b6dde1ba1cd32e0763ec5a1dd4958
SHA1

87160fdb8a776cfa0b521619998e2e0c341b43ad
SHA256

bb395e2fb5d11c3b3e1b1df9e36e2681b84658f731d3730799623ce88bd3f974
SHA512

aa1ed72cde56ffd6866363b4c236f7c858e243465e73e97969fa24b7c71b76bc6452ee88da5276e6565a770717f6ac7886ce245981cae30417076881cdec697e
SSDEEP

1536:JWkADkAZckABKQbZkAXhTcr0IPGNMxZPdJXxPTQakAm+S7vFSZpW2Ru+OmJ0W1e+:0kADkAikAIGZkARTcr0uGNMxZPdJXxPB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD594B71-165E-11EF-BA28-C2931B856BB4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422340005"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2880	2132	iexplore.exe	29
PID 2132 wrote to memory of 2880	2132	iexplore.exe	29
PID 2132 wrote to memory of 2880	2132	iexplore.exe	29
PID 2132 wrote to memory of 2880	2132	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5d1b6dde1ba1cd32e0763ec5a1dd4958_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cbc282c89eaf33dcc25496b655dd3335

SHA1
12d03e52947a33c0aa0cb46699d361ea92c319d2

SHA256
ed35539ae2e3de90b4d09f6dbed4fc19febf9c5ec3b9e54bbe6b972a89bd63c0

SHA512
eb2411b661feeccc44ea7b9bf096279a9c5a9fd504836ba827fcb9b6a815796a8fd4b03c8ec0e36ea7eebe82c0f059cbca3509e52a400921401a1b485bcc360b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4

Filesize
471B

MD5
d1312f5da8fd9fd2f6236013b4deadd9

SHA1
aad97e2348adce99a28a4e37a4544529ac0e0944

SHA256
a31abc366d857dc6d625b0d8c01715e9e5b0f914ecd2432dfc2fad5949031cfa

SHA512
e7193253a8ab493a6f1fe572bb3c18e52e9ebf7a7943af5b028dbf84c0268e67cc60ed9bce10de7958d5bd027c0159a4f02dc6b0cd66c889c5a9f325ba70c77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
dc9f204cb09991365b6efe21068a7283

SHA1
04010a25afbfd32816ec0980faa208976a3e0321

SHA256
a7e1f929efda9f3667676cfc26cb7ebb5a9cbb66324dc1009779ead15a0c0e1f

SHA512
fc9fcd9700d4924c1d511bd34804e9a88652f46dffaeb09ffb2f7b710066d8ba6198835cda2c4f87007715343a3697a063baa743c0d7c846e2aec72e93599869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ec2bc327f92ea346169212bb09e95c62

SHA1
05790fb62f8f232fc791d080b92ca1cdbbd859f0

SHA256
1053e6e0f1d253330babab9ea5a9cf9fdc94927578fff668052fa88eb44f2370

SHA512
179bec7de6fc2886efd8d9354937f05d01f015d00003fddd2c4365914ecee7bfc7f06fe0e632f650d64efd96506f0914f3ededa9d9ffe624c23993c1711e7218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4a91800b47127802b2f68e22976b40f

SHA1
4a0794f309e451ed2cf0c435c197140281a03ccb

SHA256
8209f3f887945eb452b583cd08e09f3951b688ed54432bb7b74f546302f387dd

SHA512
ee58d573f4d9bd192ce6eb026c9c1e6885867230252fc46e03a295ea3b5e9ff1d3dfcd626e327b91011f07fe93500a2ed48760bf8d6289894cc68d65d4f5657a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66ad7bc463cae05ef6fa3b8019202bd2

SHA1
28c5359e51ec030d359feff72a8803c874d5a4c2

SHA256
ba649df22f66c01990ef9d702fded0f629644a1cc3ab0cd9e10cd4993385825e

SHA512
8d365b8aefea54cd293affa278a88be794a421991a72d6f36941058dfc324a2ea603a5da205c39376a3bbd366b5e3f9d74cfc1e01cb424df5a379b08a2670bcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a168ba366e339b6023d610501e1f636b

SHA1
9b3fa287b7cca26e3e28f382a8bac84579f80e7a

SHA256
84be8ad2be7d8b03a1bdc18837633b2c417c9c61c1264d6015a85d85fe9189b4

SHA512
00f10df9735236c0664bf8e28483d280bd7994b6bcdacb0dc2b789a3566bf3f599d82e3d838e1d1eb6c81b1996b670d72d89931cf9fcbf643e786a0773fe9c95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fca30a874d05d4990f292dac8086f3c

SHA1
a20d6265e5e039128ab5ae252dcf166fc763d108

SHA256
16a6190b0d8083f4b556619dfa4ea360775cf8f941000dff23f89fb896ba460c

SHA512
bd38cf6910fb567accd733244c0f17a054e1c6d83f8fa6b6584bd21a865d13e46a51368681d11732032a09d86bf76b7cd3010fe484ff379a2e10de8222da040b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4cb4a2c8d6e6c01eb65c91a5866c22a

SHA1
f3230ab2ba1f819b69bd3919e94b7dba9cabac41

SHA256
cb4a9d495baf1063f5a6b3db174a2a41fea2953bb728d2491c3ee6f2ef018a38

SHA512
4f401a77af096291404403c472ab04e1d2a0416a11fc98a1a59fed262abf59e8c762a56d8249bf8b42ee804b112bdf09b86e9a9d902df7f7bd530cb5ed8f778a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c7be44434fb7b2bfbc8746c1ea86a8a

SHA1
909d28ac57b3081a7922cfdb1b04581ff199cd4d

SHA256
a8c0ac55d512eb37295640c6d2dc9bac2d3fa7f548f60b41c60594f18b91ad0b

SHA512
09c79d314ae71f92b87bf0d6bd5a5667773c1ce7c1cb69c23235217c7d7f4515de923fe1394c24b69e91cfc3866d8e442c7ceffd703dd7aa21d88e11eaf69b20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4ed3786e5ded5726da5c576aae2325a

SHA1
bffef1edc964d9812a35a02d1d4f6fb477e1eb52

SHA256
3f718eb0b35d38ae5c001b70c078af3f5d4c346cc673c4b1d92fa781074147e1

SHA512
996f008fe259df5fc43d1afd846407e4b37cf2661a42ef9eda365d4002478a0e1b949471d23ada026928f5d563b180704cf70fe9af3907814e77a6f300453763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdb9e8d6ddbb443f0a35ddce36eaae13

SHA1
aacd8434109c363c7710021fb3c6e126014d77e1

SHA256
0cd1c36eb8aee758f7cd7373d27ca02f948594e83b5e6c1b0ae4a444d538aa3e

SHA512
ea51fe16571f11a5abe8dfaa9a96553fa41255109f93728075883449c134888fec82f117da8f0418f63dab5171506010e1c3d922d9359156002921c784759f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d05e83fc40d103b4441b2ab732f6a91c

SHA1
8d61e1235b08dea5730e5102fbd1125362458a4a

SHA256
a8a0c48d308ad77ebe5afaaea1c5b12499466a87b6796ae30e30c66f94cd133e

SHA512
898ccec6e9b54931096d13e1fe57b9593b96b3f24ea2163a843c9a9637bc4c436b52dfdc3182bd693f64e6c64784cf8ef966cbd93a1b38b6a1ede8294fd0a3e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f22565e71debfbbca6f5117a98129b1

SHA1
f2275f6d9adf782b3169e8be5b2b4335b1375643

SHA256
9bf8209c1678f225e5a31d4c1ba01a735594be9ff0902ce7573785ff199564e5

SHA512
d47ed619d32318e16983419dda22df0d309e75f8ebfa059dce72e517aa3f3de2d98e5ee44eec2df73febc7c866a0db2620efb0c48983a5cac1b2f3428cb2bc90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c9719d4524b76edb5d7daf8dd46ee493

SHA1
f9101e4007a3c23a74910b3601306f709f6ba1af

SHA256
0bcc95e641d4deed04011464c2ae18b24fbe47c458ed28115ce4e2cebb4df42f

SHA512
757a4b132849c8fceaf7b1d7bf2e0227cf8ee02c050034cf649a828925d99506299040f7ac524e453dc0e7e90d6d72b3f143406c9ad80888e56a763b5f48200a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
f0638ffa0cdaf3f6d6643b853935dcba

SHA1
c5c94517384aa1d3091efd37d832b383a3fecbb2

SHA256
a61dad30c752d473137dba1de8eacbf27ffa81ca56321cef16bd92e57f06aab4

SHA512
f7817b427760ca2e1c06f80b5460331e8e671993b4709ab5f1007c34b14de48c804c8c8545df568b2ecea473f4af7fbc5640ce3b0aca423009496ee93b2dfa3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
6a4dc21cb8802bd8a0d24709a206ac16

SHA1
b820685d5120a6f848510aa7b12c1479902df158

SHA256
3afe8471f0730e06d391a5614a06347b0ad85ac9380926c12b03064e743633d0

SHA512
c6c98bae21ec07f7c9310abc03cfce28b6eb1e6f3dd534b35009dc483d3b93a721ee4d8e93a9943904178667aeb6877493b6a95e1dc7ebb0fd51d2b18eb2783b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_AE85AE32AE506782FD0635A537357A5A

Filesize
406B

MD5
5e4db70ca7877f8e2e8583bddfbc4860

SHA1
94b0fd1e9afd11608c374be42602b74e0b31a482

SHA256
1635c21e88b2463fefe514b936e4d3506d18ea28c2f1e88b36642ddaf80c6c8e

SHA512
5552d0c0c35a0568cbdcf0f1ffd1f9d7871bb1c5b86bc05c7432ba2db44d25cd65feb6a96f052578186f24b3cc80510d96d3c1f9900a5ff81ae3a3b6d760422b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4

Filesize
406B

MD5
0843b8c9647c78fe3032b18937d716b2

SHA1
e43df98a57bbf17e65312e96afebb457981a6b0f

SHA256
8aaddd35b643beebbc47cdbc155ccd98610dab18cb2f7f858da49eb07491c4ba

SHA512
5cbed2e3ec8585245e2f0d4d7f4bf2b5424eb2d3e04f6c5039602ce01676f6948dde56653c78adb67419608d2663459d888de88f17acd7703903a9cf4642b820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab166E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1671.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit