0ce24d8188c4cad3943ac4e679433aa0f24db27491d24397628300b87de3ee61

Analysis

max time kernel
146s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6038cdfa73afdd7765908afbec3dcc98_JaffaCakes118.html
Size

20KB
MD5

6038cdfa73afdd7765908afbec3dcc98
SHA1

0ea1a6da317fe55314d3c4b02eefe681c24d7494
SHA256

0ce24d8188c4cad3943ac4e679433aa0f24db27491d24397628300b87de3ee61
SHA512

116c2f2de49e34de75da0db68a6371d85697cda0ed7d6ceb7576a37cf384ae078d75b7a69240cceafc720409fc7adc495f85f22d8f1ee8acc0d5342ca9ffc775
SSDEEP

192:RGBlMZijLOTciZXOcqA7zQPu45NEjuvE3NE074A4YiFXXwlrsI3lxRLSn0at:0QZiOTIc9zQF5NEjBNslYiFnqxReD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422386581"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F734961-16CB-11EF-B8F6-D6B84878A518} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2984	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2984	iexplore.exe
2984	iexplore.exe
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3052	2984	iexplore.exe	28
PID 2984 wrote to memory of 3052	2984	iexplore.exe	28
PID 2984 wrote to memory of 3052	2984	iexplore.exe	28
PID 2984 wrote to memory of 3052	2984	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6038cdfa73afdd7765908afbec3dcc98_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
512713cf3d803261ceec0000426b6b02

SHA1
a5a46f39a637d7fdb0495a935ae26716098dd8e8

SHA256
64cca12011e042aebd868783460425cf15de2e9e0abff67948ca9fbfdeab1bbd

SHA512
639c5c99c1ccb6110d08e1abf21fb375b62efb235c584ac63d29be7dc72932e39a0458aa3a9b5667e763c3ae53ee45096d07da2ccf5a09cf306eb5915cd2d550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
182a989116fa63ede068f0f811c1d851

SHA1
2db1d2b3105e429525854b1d725038bd4b1cbfb7

SHA256
4ff30283a14f94d5a45c6a32414996dfc21eb1f9cb735a0d3347b9714e2d9ba9

SHA512
4018f328cf5058446ad5cac2c81d7495fdfb2976894df3b2ca01cdb52a601abf14bf5e134293353165e77fa8754b63343f247bcb987235e5f34d19b19bdfac2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
975984381f2f41597b3b4380c09d96a5

SHA1
5adc3a5ff6d6ab34f69d7a8fcbeff839a8f1e1f4

SHA256
45922caa81a31e2b55ae3de12a60e8e9bc0ce6afdb1e43b5957563b3c076ca33

SHA512
ad5ea0ecc3a18c30a0cc5386cb246d973d2626fe077c024ae5bcfc1b99e20309dd4d3ccac9eadb58a3177e0581c9222cca1c3ad0604fa1d58a09dd61fb3057d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed475f30bad7dc426552093664bfa084

SHA1
9f9123995fb400ed025d7f4397b36382df005d0e

SHA256
1649cf70b7034438fd7ec9b6ca4394df7857e974c27dcb69f1369eaa8db473a0

SHA512
dd091752c2716adde68b12a15f106a424afb21b5282f3236cfaad52256bc587f3a464fed85f981664a1b792a8b518a09813a2344c9ac6da1c970fa2509720a70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
634314db8b32a7931151145c8f125242

SHA1
5eb5000f2c3fc14029790c13bfd15b8ac5bdf77f

SHA256
3046f4c1a72bdc85d67a4726a8e4184f882d3983d5e49cfbe9990182713e1c04

SHA512
9fe25b6d7de17776cf35adbaabac790c96295715fdd63763107c2e82cd7fe2e7929a7277f436b75069f49f5176b94c9c8161a51988dc6a98d3352a436aa1cc4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83b5e15f78fc8e0ea18ce1e749a2ca39

SHA1
98c3b308fa696bc070b50bbba65d85cdee51e53e

SHA256
d08a62afba23b856ac8143bb0429bc9c9f89f91c5a9e59bbea40cfb22256a9f7

SHA512
f7cb78462da36beb8c8084d9c92266118973a16c8b8125a4dc4de5c5e0a6a326977ea6242d185eff216955488be616c94a2a3694c4eb44ed08d77c8873f330b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b0f2f33dbb3399112ea12c99678494f

SHA1
9a9e485ae0b7343ac08393fdd18fe7f03f1c7979

SHA256
0cc17da64abe8b940321f7c145f02232ca218c1e7e7bcd536ebd54b2409eb527

SHA512
c956c6d7ef7a6a1126fea054cf02c24f025c9c7d0e42b87639231691da119f6b7275671cfd3f2dce4fc95f7d4be744d0e00861f8ec91552a2401f9fe3149c296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e0cfa7b8676e48a5a77812e5d323899

SHA1
915bd46d395aea2239ca54586c03d9a0e2d8901b

SHA256
6234c21b14a235bf70ae553cf36a65f4d2f6ef691d044ad45c1eddb2b800e0f7

SHA512
faad691b55758808827d22aad7a0dc81f82541befbf1bc4ff4633464a2e67edc1289bb9de6a80a56ef38281ba3ea21f8504fcbebd0db45f50df00e4e0abe52f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
157702a9cf4156d238ffdceb391a3f2d

SHA1
4b99ea5786a0f11b1531eff4dbc7c71cf56ffb84

SHA256
afe63a08e4442c4a4a87bc39a5be9d3ff55b6d0f36723aecc1d3774f8ff9afdf

SHA512
402df139ef2c65143f927afb6aea014852d11af14025df74eb898d7edbe534869fc75b93a372f85b90cf2be6ca4c58649d0f5de7dc9eba0db3ccc0aa9fac2bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f25da6241e311b197cb6f79c58036d38

SHA1
9ae39c1b4f958828940e4ecea55d3282c024b7e6

SHA256
91a6ba9fa84e3d67ce4a356f3c48600138a24378cc599b35c7f7409dcd4addff

SHA512
ba7509301d401f1d0340eaae1e8e6328db93685abda2c49ffa2e62a87e5e8bb552c6cda6af6420ca3d59893c00343c878f26081b977ff3cfece52c0d80c7b13c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6f1454e5f3d9cf199a185474384334b

SHA1
b0cb97cc4c39595d9f8709893674d962cc23f7ea

SHA256
dc0001785c1ddef29815140e17455bf4381204e6dd435b48cf1191dd8c5b9317

SHA512
abd33742564a3cd8945074dbae0284236c365c63ba77cae5caf5dd83a8a6fa489ca6e04b0b75b95089b4fdf2d67a299794556f2174dd8c9014bbba09f8384494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1933246782ed1592dff497e2eba14920

SHA1
61c94643949ab89d124da2ae7f3da0cde889d73f

SHA256
854c0e3d657ea799699eb9f77b6dba0244c41e5897abeda9d67f71bf40ae0de1

SHA512
d4d247ce70bdfa87630f372e7eb988110b35f254f3c9a55132932f7763dc52639c526e8c18a09d9ebf2722d8ed89efcfbb820eea0b6f220d282c7cbf50deeaa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f93ecf8086ccc5af30567a8c6e69544

SHA1
44aa70f1bf903fd035ac7eee65b4cb9d5cc3646b

SHA256
d31455c7e476c0f63aef91c7069f90fab886a3cc2ede9464e43c577034bef860

SHA512
901631d094bd6f1810c43138fb40938e77393011c58e4b5cc14041a3a21bd7447ed9c22f2e63f68e4a50175e35dff2bccf332a841ab5eef2a31f5659ed721c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45fbc077cc6c2ad379d8caf994171912

SHA1
d40b2b892772ccc2cd98a02f6d21b9a93d2945a6

SHA256
02eb90d8ddf06024eedc929bea7166ff63d86d60fcdf7d1dfce82083ef51411c

SHA512
4388f78780acd3d1ead8533df3bcc10587057f04a3f9de7676998d3d330c36fc2067ea8d7dd38e11b93bb138133da9b9345649573b5d7eeadc88254cf80eb905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\0SV09F8J.htm

Filesize
167B

MD5
0104c301c5e02bd6148b8703d19b3a73

SHA1
7436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

SHA512
84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F34.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F49.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit