9f14d37120d6e5016bd7642d0daa254effdd278c91fb6459ef819c32f06de4ce

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

639443e7721996c531216cb83c8bdfa4_JaffaCakes118.html
Size

135KB
MD5

639443e7721996c531216cb83c8bdfa4
SHA1

fad5daed6158ee802e2d0bb67b85941517872689
SHA256

9f14d37120d6e5016bd7642d0daa254effdd278c91fb6459ef819c32f06de4ce
SHA512

da00961cf5835bab92ec64a78ae29047b316f0e5bdb957bf0a3e0cf2d64b45e0baa70e3e2ad60aedbdcd476eb732a4adc01577d818efa135280143049b221575
SSDEEP

3072:RpQAc5zfhNmwA5uwIVEBag076sThaoi7SjJ0MtcCNacN+SQtK/S/nm+ezroXSWXe:Rpd7SP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{860496F1-177C-11EF-8303-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422462775"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1460 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1460 iexplore.exe
1460 iexplore.exe
2340 IEXPLORE.EXE
2340 IEXPLORE.EXE
2340 IEXPLORE.EXE
2340 IEXPLORE.EXE

pid	process
1460	iexplore.exe

pid	process
1460	iexplore.exe
1460	iexplore.exe
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1460 wrote to memory of 2340	1460	iexplore.exe	IEXPLORE.EXE
PID 1460 wrote to memory of 2340	1460	iexplore.exe	IEXPLORE.EXE
PID 1460 wrote to memory of 2340	1460	iexplore.exe	IEXPLORE.EXE
PID 1460 wrote to memory of 2340	1460	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\639443e7721996c531216cb83c8bdfa4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1460 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
968210d01cb03ed41548742a678191aa

SHA1
32d499837ccf9eb987ccba631e79268f8b125a12

SHA256
ee2ea243d41a53e256505414e9c3b596dd92952d214d407e310b5f08d6a27773

SHA512
3d0779243cb4f764d39dd01ceb18c1616ddae71a37474a2459cdbdbdf61d4ad1612d80e44e2adf9c974be727b44726026d59b01c8cde8737e5e7c1be39b45698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b379ddfedbd4373b44a79f1b262867df

SHA1
af8461ad9bbe6de60122e19bd4dbdab6b5cf7441

SHA256
3ae7f28c4a4e37264ea32f066d56621aaa687b4ba9d70a9d18fc4b14c2343b4d

SHA512
87c04ded00fc09059a99aa78c30ed237f1209b4f0940c3a62ec09fd7640dd48d18dac7ba65d432d24b663c9a7884a39d44ec936be94faf5b99c5b8d72824e42f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d886235eb6b9bde671e016efa7e23a80

SHA1
d9cfaca51e3c3c3c636686de55af7488f4485e99

SHA256
61cdafe8417e9d285d00b651268c31cb1c9600ac637699c74f638ff7f8b40829

SHA512
f266000ea785a12630ea3a0998ae18c00580afa5852472c0d624b03753b055835d7c46db5e690ed753cc290fe2848295a12af559702135014de0894b5773e336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80959254e2eaf503bee48703ee20cc9e

SHA1
2fa244db2d28bb41d605f7b49230dd9c5e40b6f3

SHA256
c515ec174369deb783141cd7d71e5b4975167553c65749b20912dc00dcccf8b9

SHA512
c8312e8cf4cfb307b8a9c0e2725e5dcf52e7023e49a2bd8ebabca6bb4c6fa95d64553297c5947c8f5737c6db167475fb2da5fc5ddcf0653965352bddb9bf0b34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9755e63cf5d104562d8962b7e6b900fb

SHA1
dc81f2713e96021a502cbf7d16caf510090541b7

SHA256
465af09100bae50484a8dca11b270e0956c72183aefcf04a34823062e107af1a

SHA512
ea69cbe8911e152272b6f30aa39926b9b49024bb23e9d319184d408920a76e9bef2e00401c8b2c5c972ee335324712f5587c3373ef67f620cb2f84f7002f70f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
225c2e34c2b8f06681f2ee9384dd7727

SHA1
7fab80f929a3a52cba68f7574c38e0542d8cc9ed

SHA256
498a50b011d7f76fba0380832efae1fc6ed363ad17d710ff4d4aafa327b6e956

SHA512
e40d32e86668c64b1742f7550a20ddff6e09d32ccea12f0c60a716bfcc715a8828e659b09ec3fe86babe5db4ed145e2cd7be6d9fb1d03f1e4ea4a0cddd0d8a62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9893d7912d352a1aca3637c7f462d67a

SHA1
c8d84d111e57a85760c0d92ee1817cb311934758

SHA256
2f09e8fe86bdd18b4f7adea50136bb34d3dcb3115a56365599f0369c55fd433d

SHA512
90134bb4720cf578abe244ae3e67ef3765c93c0b107989066410ff87f67a82386ab9b8378a4e3559ce326e35d9904b74f546aa529e21937f9ee3988bb89f4194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
024161047ddd36094369b446331af248

SHA1
7a7d318099c85e7788e4bcba847f79a79e9cb620

SHA256
7d358dfed16e826e082b8e686ad276077efef511569e1d4a9f3331ad39b52be5

SHA512
14b24b64bf7c130bcccee05d9c72161272e01ae03977ad2c6ca8dc9a42e9fd5a99f606d81507aa5a35c1b4ed9e06c72d4a6e762d43f6d347d3668d3614d3c3d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d7b66627da57571f7f51e7b8d057657

SHA1
696c3f5de6f402a33af1f446206f1c4ea01f552a

SHA256
4a81004f9eb8bcbf5bb16452e2f32a0e9057d2f6d7dcf08b31d8dc89aaebacda

SHA512
d9806362e8ff39a682f14801b753735a2b6837c021a6ffcf0797eef14ccaf61831874343fd430e3ecfeb6688a9decd7dc0ad33f42cd0ed63f6be8d77ae9d2647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01abfc8357b21a6659aa6a00eb007d99

SHA1
04c31e727cc083c2dabf319a491a264883c36b54

SHA256
bac98a52eb1e5b66919d529b3cc3c8369d98f4da482d41b13517a426bfca7966

SHA512
6058d40bcfb2517e5342f09c2fe15982ff0b4285fa7f4908a44131b9154f6dd2908f491fda26f7aeb83cbf7c3fbd45b908e6b5d010444c2d10793c73bbc119d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a29d18b0e41496adfebba62b26e5b167

SHA1
d70ac934a7e78cab19ee41d6516961a63804ef2d

SHA256
3271032fb79cb039742f9eeff353d559821336599cff330927b23b190767a726

SHA512
40d636d247fa4381b6afd32e97d53578f038503250daef09fe6519e62efc24515c4169e2891159ce121a8a50d6ca4d1beb6fd8f49115f2fac48c9a60b5bc8592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6fa7896bff2fea3e417a644cad45af9f

SHA1
7029778fb23ce4fa7bdd22de5416f326f489de82

SHA256
8193d481ffe936448fb00878873a916dcb17f051439c5e1ed45eee2812d7ccd5

SHA512
241842ed6442f516db72d6f8fade3ca89c98c51c8ad93ad720152f03f4a5d5a932d367db65c6aed0e6327358cb7e55aa93542d5cefca642627d5f1170dadf5d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D3F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit