f6ed74d5bda755f5ff5bc64558765999170aac7530b3a134acc1ac2788b0f3b3

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6255727b094324ded9ee738cb445667d_JaffaCakes118.html
Size

38KB
MD5

6255727b094324ded9ee738cb445667d
SHA1

991680110335f632a87ce818b7f5799985b35269
SHA256

f6ed74d5bda755f5ff5bc64558765999170aac7530b3a134acc1ac2788b0f3b3
SHA512

c66e5e2aedc461da7161ee841323956028f5cc9bda82b26a7afd23169b794c2a353138d3bd0866d628d6527f53890e44fa3e0861958adf45eba4954a2c9c3671
SSDEEP

384:S2Xl7azIuh3zNb/aKW3KFg1jbixdJFO+NrRiaT+c2d0vvf25Nbs0v7yug:S/h3zNb4wOen

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{731F51E1-1747-11EF-BB21-6AD47596CE83} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422439978"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2428	2384	iexplore.exe	28
PID 2384 wrote to memory of 2428	2384	iexplore.exe	28
PID 2384 wrote to memory of 2428	2384	iexplore.exe	28
PID 2384 wrote to memory of 2428	2384	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6255727b094324ded9ee738cb445667d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8be909ef945173e3e4b098bff7b0967c

SHA1
a30b1e607e15ccdd22249a1724508dc64c9723b1

SHA256
5037e54d53f5d26797aafd75997a936105120feaf7d364468ff53d56900fc5ae

SHA512
b7edac1b5cfb3ecc20bceadbe57e07ae86d8cf1d2ce666b5f48d69a05bb8cc4dea5397cf0aa1f2877ebdbdc59c7d908a46e45d051fff53f7b49833b4bbe380a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d019e21765b68848f5d829c753a5c99b

SHA1
1e8cca27622bbb1e671cbddd6dd927b2987b2e33

SHA256
14f4f48b1b9809c25116687c78e2c0f6c97a7d4e089cff0507c40eae21984aaa

SHA512
979e7e21ef86af9020fc72246559c63b0ef60a5fb13b7370c85d8d888e3a8bfaf65a4f56fefb6c4d413e4cbc36f19be45d58b9f69fd97e0e65c4c3cf0395e4e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5449fa67c100a7b1dc8235a3682476b0

SHA1
a19864f60aa0e6b8dc09ab2a799eda629c5326eb

SHA256
bc67008f2e83decb844bf8ac2362383ef0d1a68d77d00bcff803708082051f95

SHA512
e9402d9dbc3a5ce6ba81484fad86c66c9ef3a9d8edcac4854768f843a28fbb1c5e168d9d979d72a08f906d7029041a92e1becbfc1deed70998c1f3b57628f040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a398c220068a4314b4a221900fc2612

SHA1
cecc097e369e9750970e96b61ecc9ce67399f388

SHA256
e4406c918abd89ceb95c195ad0ccdc575a9cf818c3f46c554641b4ba28724bcc

SHA512
d6311c93c8d5cef85e9bac8a3e692082dac067cb152bee40c315de81493a73566197bcfe5bcea002ffbe30c275e53b1dcfad6f09666fe24d27c17d0774a5fb3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a34d213002df18b0e18b818a4d0032b

SHA1
c01575959368705ae28b4e4ae0a24fc73a80e5a0

SHA256
5aa31d98f313b1c8454e2fcc4d7d100af7441a3432ba986806553a0e1aaf87f3

SHA512
27caf6dbd48951a1cb37047e9fe5de8a201cf890b89d1e19bcb397cad8a23907ca9fd2a77b698fe74fa35a6e1767661ce063d6f471c622e9058f7ed472ff1b8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df94f870714d044458383b319683193e

SHA1
6a9df47d8ede993f0f70fde8055233b4d2eb1330

SHA256
0d05cacd7adf999f73413186fe58a6a3d230bb2ab53d743f3aea1a2017966b3e

SHA512
19dcefb4ee33c3a79cb902905157df04194118767730201ff4e530fcdd2b7ec54d251f888756c1b3edf0a713fb922f4aa7c14484d09251f9f474906eeab1a91c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce530dc2c121f31cd6458069ced9ea4b

SHA1
0653a96c28fa260b2e9941fcf0f4aaa5507a2fb3

SHA256
7e51eaba1196fef526165a624778df3f9d0b9eab6a89aaae5e0b322df4e36cb7

SHA512
998d2cfdd3d73cb058447fa9944d7d770e68c7a605e6fe6c95db4aaefd281b1d22b64dea9b7697db55783080230d0a675b20b41001158e65aa58d22e72d8e6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da4aa28f8c9495b81d62fa6f955105fb

SHA1
438332132632133b0806fd1a8d48c93ccc3b1362

SHA256
f8709427203918e2c0a42e50f68f9ecda32e87e0d1309eb934f60b59dee93538

SHA512
72ed9c694df00325163f5fe2965c96840de08d9ead1064b4199e767e0bfeed8c742de631016faad6c250dda4add002ef0741c0df871385782c66972a424bd51f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
054bef1a1d687ce44bbee88beb209a6e

SHA1
e7f2ff53b0501113c3b7d1d8dc8b689d332117f7

SHA256
19805746a9182f826cdeb3417baf6199b815dab9e52b48020f724e3c0f27bcd2

SHA512
c996af48af96567d434f7a575821635871f72846797191c8d0181954633c250ad452a02565c783c2b7f52b3dce480b8e51205d3c6ae12d17c097c182e7d416a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5893921bf5eb9a77bccb107cad2e64a

SHA1
200ad4de9692a1d705b59598c3f96b37db75d4aa

SHA256
abe9aad12aea1c97db1f1ce9ef985c5845954f15759359463519c5528ad7d9e7

SHA512
0ce13eac5252b9b322bafcfe6814c33c73f555d53f20d9635d451233a17bf0a17f29bc5a4d5aa37df807cf63e233398ff0f0e9abd3f97982f7213fcf50809f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c737ee56c6f09b317198ebf7e4af82e

SHA1
877d4ee8741a4fda86ee80d551997deaf0a82266

SHA256
a3e04a4efc9ff2cce3f34ec4dbbaa297146b6a3ca2ced66a8af0acd969dcc7d0

SHA512
b336f919ca120bda6828f3fa75d07602c0bd3b01f0bdf9d7de7ad0e6870a59e487e3607c37efd89ff6b2b6ef6b8cbb336047d3dc4463001860e2c89ab92728a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bd0023e209c6d4fac9d07ad3a71f3bc

SHA1
1036334320e7f4dcc76a9e4d6bec63f4c6c0b120

SHA256
e989dd532180fe22f350a46c655c6939de19c377e26e5273cc4d0a87a3961d7a

SHA512
c3132f6a420cca84d59bbd70edf180fffdac43a536250691b2202ccccdb645c5ff90d7aa2d0ce3f346cdeb24f857494d8a452ae78d025e693fa72580ced7a5cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1210dd25a836e5bfd624023d7d8bfa26

SHA1
1509a8ff930e2beccc87e8d2a89792029c83d692

SHA256
52b8ecf67cf4c21d233acee95bda6cb2a0b3b25ab07f502b78fbb16c13df7bd5

SHA512
23965c4765b41a40586f7b7b7dc8ea38ff7268d15b368fa483b594132dfc6f75a09c6db93c6e13869cb2d0a43b77eaf7d48788b4c3e9bbbbd959f1bcee9c1f1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
450ff6d55cbe8f775cfa8eea8fb81bd8

SHA1
50a09ebc8ca7c5308d89d3bcf0e48db4c9ccf3f7

SHA256
17ae0f1de3a73f0432567225626b01e4c87c65645d0366cbd15987c2dcdae4d6

SHA512
c1195ea36e8c1f3ec6efc854afe9fb8397635b1388b78a53f7bdf4797ef2eeb7575f977ccc3331e1231810fe2afb6a7814edb5b43c6a8be890d0ba9eb7c927ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db4928c69a337ba4494024459a8fbc59

SHA1
127042403fe83454e43e3d8fcf9fd80ecf544297

SHA256
122d6b1781d44b41d72a2e263ed09f5cda21dde3c0dcd36e3ebe18cd51b47f42

SHA512
673940d6a522387fa128fa59431780fb4ce79604b9d993157678391fd864c84b4d9b708e1aaa4c36f20c6191bacbce1d9f281bed4e80d9d4a5bf35f4bac60ca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42334897b1a982a99f20bf14be71531a

SHA1
c5bdd19a9a3d99364081c41ecd1a9e14adb31328

SHA256
a09a71f62bbd0982bf5e1dc18bbfeed78f9ae0eb31ab0f907d635cf67fecddf0

SHA512
1679da1ccb2249b2f0df8d3574444c1cf1bee0bb8f1d14b1ca801d34b7d89be4101079def14d90744f54866723a051fcb331ad965413e04f68d5df85dbeda251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b8e309870fe7b67830d8b2159904adf

SHA1
d41c8cd361752498df972a1594f09f3cf7100eb2

SHA256
1c2896756a9a859828a01e7f63811d56aa745503959df4177cecb7bcf43c6cf6

SHA512
58f8abaec6abd40cf2a36b20fbc8da60b0423e264bd04471df2d2483396d1b2ccabc89b5b7e405143590e3bf63f826efe2be7d3496502cd48be1b58d8b3e54c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ca38922269e6f9c3223cf0b1c998174

SHA1
979d695f10077745bae86071aef5a6c4ff833cc5

SHA256
6fdd0e53be2f7dffb666f764f42d06ddd23f6744097239c9851331ff192f4d84

SHA512
bae972f515afc6ad57684b6983fbe588586a332f264dad2380ee722c5649e39771862706296cd24cc7db689984345e7863f09d36fb50de1acf418e81236e760d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2010.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2042.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit