761c3de16a05b9d4b92d1397e5d766bd98b7cfb2ee9f3574ca24c05081d7390e

Analysis

max time kernel
135s
max time network
137s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f178556a1c55237ffa59f44c972a1a9_JaffaCakes118.html
Size

26KB
MD5

5f178556a1c55237ffa59f44c972a1a9
SHA1

74e6364baf4d375d6d8bc28b39019c47b12d3457
SHA256

761c3de16a05b9d4b92d1397e5d766bd98b7cfb2ee9f3574ca24c05081d7390e
SHA512

6e1b41548d73ef14665e696ee5f4a17527698f7cfc6dbf9474397e479a011c5b40c40a6506e3a275c773bf31d32552552ff37e75ce130be20021d59dab5acf25
SSDEEP

384:SavNSpiRLAfG9MEFswUs5EOkhu85eVpnrE27JOxoPvu1:Sc08D4HcrE2FHPva

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422370280"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B4805D1-16A5-11EF-9A4D-7A846B3196C4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2276	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2276	iexplore.exe
2276	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2492	2276	iexplore.exe	28
PID 2276 wrote to memory of 2492	2276	iexplore.exe	28
PID 2276 wrote to memory of 2492	2276	iexplore.exe	28
PID 2276 wrote to memory of 2492	2276	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5f178556a1c55237ffa59f44c972a1a9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4667a73671c6f05f7eb7eb84648d6475

SHA1
dcb2c211829068c6d03ab4ac6d3e7e5f39d0e723

SHA256
498652ee8308d464647d19bd8eeda205ee033c58ec26bc0a3ac3fcb5a7bf2fca

SHA512
d7a21614db9b020a12b02e2fd855790d9ba6167ad1840b7a1654cf1f5847528f64baeda608089ea5030bd2f94bc410baffcf9427236370d5f6ea99d10864e254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14f5b39aa92b6633c6792dc401c32557

SHA1
b43f3ebaa6230a6e3520731f532c5c26ba8320c6

SHA256
60933f8710e2aea21db8957b38f3107e373375414796f7896f597cb604540271

SHA512
35037fb91b91cddfd5132c69c7b856449dcf51ab7f91efcf18c12840518b70bdbbaa2c7df5c362e7d4ba2005e4fa994c1e0615346adce82f1456788f2e522e0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e0645b8f9e17b979162d40e21749b42

SHA1
25ac8e3573de060c6a9f702b8e95a6b2afdf4250

SHA256
2d9b5889ed053bbba2a87860bda3a18903495bc02de4f8df5840af931eb9bf29

SHA512
33863b778436e9d73a3c73501cc531249b5e44e9f60a34253f09aea44e2e77fdbebc5128d1a2161782e8d8956de44e4fe88afd2d161cf8ff4dcbf3fe4e3fe9d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
661ac0b903c30b720dbcb418da147da1

SHA1
df484f3ee056a1745400827e47483cc4714ce3fe

SHA256
0a4bbeaec2e6737834a0cbf00197c1ebd2deaa46f9e5710318bda0c585c9cc8d

SHA512
a36972583c074b46383b2909fd8eb8a5fb900b543cdd8d68029d863eb1132f71cbc9e8ec656f11d59d73ddd87812461667ccb8af6d8ab311156cc8beb1c89c83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60297daa742acc89c00c33dc023742e6

SHA1
86e0d3f097439b28683a7fa5bd886cd7ba7e9c00

SHA256
c5bb14438d19b0b07d9c06069ba6c6ef8dc7415fd44fdd8fc81872b5d5d60013

SHA512
36ddb711e20fadbd2f28f3b2b27624dcf4e0a34500b0e4fe03268abeb6e6b87cdb316a83055840866ca3abd32aed5c6d335d924303ed1051953438850f521eab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8e34773a8b08310601e6f90fd35a90f

SHA1
2f6cfdea4c72f08e0965f6fc1f488462d0bb8b9d

SHA256
1e3066caa95d8834af29f1dd493121377e15592673d29c2661c212b7a39fcb51

SHA512
18b9eed822813e57b6484b9ab43b92a0321dd05257574122943cff3d3e2941e4edccc825e6f2c5709a3dfb09c83d1b6a8f9d173ecc581e9e2e64742543d587de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa4e1555afd5d1c99549ff3c758d4175

SHA1
d87c78526f5d8695e5d04c7a0927c1d7a4dc39ea

SHA256
87be89e16b431681ff232a5927b52978aa6794a73c632aedae254944d2d62c91

SHA512
011d62fac8a81a60530c19f8f20a9f5a215e616282b25d556b8b96dcb78b19e3d8e231d5f11c84320a4b41177eff2fcdca95dce37dddf933b56dcd87f4e19f96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
604b29c1bfbcb38006bf208748d4a87c

SHA1
a1c2cc55b909f43977c227535d1b9944f91bc976

SHA256
bbb603802bf7d077a962bc4ca0e7a8b5bfdadad303016714a120df4a3ae40bee

SHA512
09af59e21ad32532cdafecc898f671db8a94279e8445080f29333e82d8a65bad837848b180f5466f68b919f4db8086b96faf62166d0e02993b171d2abfa19730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f58b1db5dcdbbae1f119bef7328b6ef1

SHA1
bb04d46c7a5de4fbfabc427d30ac6ade78e6ac01

SHA256
ac25ca542ca05920826fba0c12130187fb89681519bc00ed3f115bffc3dfc590

SHA512
a1890c7c0af67f670220a36539c45946f3cb64812007b1196e410255926604499e4b56b1d0c98d91d228dc86146eaef87a816a45d4a2973fdfbdb9dd34c83fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0a24ee1ed865ea461b68e3334913ee0

SHA1
13e60e3459b793856050898cb2d3b6d9f2b51f83

SHA256
7323aa391cabf7b24cdb2ee6c741dd3155d36bf7f6ae1da10ed805ed69881413

SHA512
802089d93f881bb598993404998fbe643c41e557f01d1c3db2ba95ff20ac1c6ace687956121675324e315c8dfda6ff2662ce524a128dd82063fa1b9c24ada73d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ce8636da8c0e6ee80c4c695d3888332

SHA1
5e697460ebce7511f1128c80e9d7cd75fe4ae722

SHA256
dfa38282d8bb50ff27dfb1a7ab8d798af2a1a8395fb0e63762d3c0343c8f67b0

SHA512
04c0846861fc0e6235de8cd3407edadd8cb66698c8eabdb514ca2bd78486101a50f7ce23dbce97b21df329933f5a6b1e1800e4dbc9a84c4edb74ca4bb13c65c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1c9e21edbd5a28052dc5a645a3c5c84

SHA1
5aa1f28009c4b4f1dc96de38d069b7b51839608a

SHA256
46d12555f860c5f0078abb05bf7adbf6228c8e23648a94997175aa5c14e97995

SHA512
f1891afa5c59e8efaf99c70d9536e613429cd03ee5b71621b75bab7df29c32aa9520b59164164808e7d8f3f834ee929fa85ce03c59d2412dd03cd5d6cf83f046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1063c7cc67eea54b0b611f21701b74b2

SHA1
666fed454cce07ae60672985ed9aad3aea6a4c9d

SHA256
caa92860ae52fd5ad146b08b244e9bd33ac9223daea1677a7c6d9a08030309cf

SHA512
8d98d70f594a4618a43d0d46c7f2f0937ad707e05b6fd19b71df4a1e29b68b89aaca493fd5e2e78ab0e952e7c4a01374395e291a28817633ade60f97ede7429d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc853b03d43abec3c3265f98995860da

SHA1
a07472ce1da46f0a5591c85a2ac54a9a270042f0

SHA256
5d9fc4441cc0476fa98cd6a861347ebfc4b5598e80c52b5d8891c79be4d207df

SHA512
49e24e08d549599da1fea3f72b8f484d172e2de153b18d30b025b66749597e0ccc45012df4c1c315265aa0c49f204624a6c329fc314fa1cc028832633819fa98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fca28ec02fd36e6b3b86f90f758530ec

SHA1
8cac99361b5e16ee2bee5d36ff03e98f8d9e5c88

SHA256
5f2b40a9f176715a3f586632be146ada551074a276d4725ee5ab6520ef247b5c

SHA512
207b30fd715e83f9092f5edaec45f7dbc8fa7acd6cd1946aa0c8654de902d752d8bec66f1583319bf9cd73d9c82a4284bde92a347b8b374c5be8a909840f1d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60bea15105de0357d7627547ceb3a32d

SHA1
d7c6d3ef58034a0258fea6effed74ac3a5c08f87

SHA256
79c4955ead9b5370d7cd1715e2f68a78cafdd1738b70d95a90814c3a43af0392

SHA512
7ac0fd14acbe0ef61a85931b0457d034d39e3224dff7f46cc8d37beeda7c7eb4592adb554c8310b36e8a593dfdca4bb23aa6e048fa073f156dc12313693251e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5fef254a6a8049421bed1916d59b67f

SHA1
d0781d491068c4583a9e4e1182cbd4582ae4e0e6

SHA256
196cd07b77eb27515b0956ff609934c409e64577d7e3cbc2ab9a321700d5ba89

SHA512
e8bcb70e50585fa248c7fcd411a9dda05d20a3e40131ed8a6b4d3306297059e39841ad2a5e515be3b15ad703f8291aa42f2574e7f6bd64320ade75db30d06cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd87875f5f16fe1b1b27e7917ca8cb6d

SHA1
b5a633d72c2e9b2c68199cafb7cd5dab8d5d71a5

SHA256
8072f7cc0b0f10c5bc23f09cdc4ebcc04ddd5f0efe7c469b99c5df79871aa371

SHA512
117bba8baffaa38674cbfc350e38ebe0c9c206eb1ff50a0eb942ef935aeb157f8684d1cbbbcb8c7a0bae7ffc0c536b50f9a3817f6f448759969dca45409f1d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFCE5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFDA4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFDB9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit