d8439b65b98f6aa63318ae7d796d5ccd3e4961cd2ebff4b351c0efe55aa95c9a

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e5502e70de2e900b5526ff9ba3aa17_JaffaCakes118.html
Size

143KB
MD5

63e5502e70de2e900b5526ff9ba3aa17
SHA1

8d0cca3aa0836726043abcf92e7a442f4f17666b
SHA256

d8439b65b98f6aa63318ae7d796d5ccd3e4961cd2ebff4b351c0efe55aa95c9a
SHA512

d143f026d1fd283b1780d6e223c6e2b3cd439181c5e9f6bcc7c9dfd28e2a219324245331111de7f90e3de30dd69ca16f9f1f5442318e69b7779b36bf522f492c
SSDEEP

3072:SOWKup4yx7dyfkMY+BES09JXAnyrZalI+YQ:SOhcx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0F7F431-178B-11EF-822E-56D57A935C49} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422469371"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1676 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1676 iexplore.exe
1676 iexplore.exe
2324 IEXPLORE.EXE
2324 IEXPLORE.EXE
2324 IEXPLORE.EXE
2324 IEXPLORE.EXE

pid	process
1676	iexplore.exe

pid	process
1676	iexplore.exe
1676	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1676 wrote to memory of 2324	1676	iexplore.exe	IEXPLORE.EXE
PID 1676 wrote to memory of 2324	1676	iexplore.exe	IEXPLORE.EXE
PID 1676 wrote to memory of 2324	1676	iexplore.exe	IEXPLORE.EXE
PID 1676 wrote to memory of 2324	1676	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63e5502e70de2e900b5526ff9ba3aa17_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d88995c0b3eaaeb43e7f102903654d6e

SHA1
e02c383fe291fc0404a4a9ea049186a086b0bd7a

SHA256
672cda90fd3dfca700ee0279c639c8c459c952cb50a4ce67cf1a6756bff42bf3

SHA512
367aa9fb8825d4d5a51a8d59aec487270ab4d0136a3f3f0748b0ec674781ae8cb363b18bb0bbbe6738b4f547ec77836f1012a406a396bdb89ea73d4a5928fc78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c417673e6abfd3fafe2333e1dc8eb0a

SHA1
518831ee5880eedb6916a9144672673f13962f5e

SHA256
5be4f261163b401aed85585210acc165101051514d0b840bbfc698d3997567f9

SHA512
06c2e12f469b9bbbc6749d1601d8688cbde677dca4e5f4c1fca7dff23788ba8d7f326ac78983871d2df463efe4ed15f3c20a48e4fe7fa60e711061bf04faae4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d44f42ac43ebfd2433192b8d7637a784

SHA1
6ac41a16d7d5ea57fd460f417f59331e217773f6

SHA256
3e5827bd27cb2d4658d003f84f9ce1998b37a2d2910c0782da9b1e395c4ccc72

SHA512
3f1336e340cfbaaeaa148714586b66bbcb7ea461c14c0f52a6b381a3bc6c3fe2ce4928afe519f533a3aadfe9e74bdf75d2d6c53808ac78fb5613abb639f062c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e464068eb1d04cf4298714e83b4078f

SHA1
80cbca21ff9d4ea8a080ae819e7e30e7fcc4e0ac

SHA256
5a263f87672c3d7b267c4a854f39f54eaaff9ea0b9a95860fa5afce198f3fd85

SHA512
ad7777da893c12c2c6a0127fbcce082225153ec59c05210b12c6abe858f528cb04341d47b3201ac43ba3347e4c9b78407ca77a414e70f31b672da4b58b5c6905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95cf013731739c5cb96e73c02692a9dd

SHA1
dbdc1a33495bd26794814e3eeef0c5f223f6f359

SHA256
c57ddb3e06005a2221b554eaad80e1bc34b30f9ee462a98a604f501ad82dd4e7

SHA512
0eaea25152462f60a4ba56ed651235ddbed64988b18cc6750a20f69f35696824272a1d2254767035d293d22718e2299303da109e3d68147c6e0581ab10819a75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d55963ae1a6b7ddb599f56c8d4d97464

SHA1
77e1681b1a65f4de74ce516100a4ea5a9c796858

SHA256
aee4953fe1c96165552526785690c1284a18debbc5923210e8781ba85e2eb64c

SHA512
5773a125608cbf09999e600cca30a101cd073064387688fbcc3665d27171d27877e4b089665ffeb81301881bd11249008d88f4c750e081b58bcfc78ae5d1e1c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7251f0c5246f2bd64d7c5e305eb7f292

SHA1
08b5fcfc91dbafba66d39d4d7552bc8fa52a1b43

SHA256
bf328c188d25545d9b0f1b66908a45b041f887630491fe4561aa108cc53e75e5

SHA512
df138d1b21bee59e44abb5e1a65eca0ace97005df783b090ad792f675e72a4f4a354de90c6ebe06974bad80b40da7544397e36c7e8eef2753757c403b38f7aad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecbae7b8c70dea85a7ba293d9e5dcd1b

SHA1
4c2f48a1822895d8fcf605f126559005f8146924

SHA256
69a64160df4784e847d1eccfd58d04e8a6bf40065da9561ecad5448cba26c68c

SHA512
3c0e7ca9247acbb7526c47edc98967641edd71d0bd00b7e3eac8fce6ccd198b15524756c988a7bbeb0f1284008aedb22a788d1206c50fbd2a30d6ccaf76c3553

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
223991a028e23552bb1092e951757d4a

SHA1
687ac9caf1dc646afa21b92e271a03673821d902

SHA256
20d97fe3a94c84e7bb445792e66f520acc95a1a3166ff4026e75be7e73eac74c

SHA512
f1705686d6d50ebc1ab21962af4c0ea6a874eca29aab9c2574d6ff99499afbb67e724c4d40032976b8f321a3cba2c31767ea08936587e56845d71b2294797a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ead5fefdf14368d714af9a6c1772e415

SHA1
f7e1ca95183d9ab6e491f657baf2e0e3a6ae516a

SHA256
cd6c9cf2c5de921473e04628695d4a095d42c03f618e4b0cee4a5dd207b0f267

SHA512
0041351bfd922a45ce5f2b06e80b0755fb5ae7ddc8f3a293a6d0dc9f720fdc64b390dc27a9b970c170dc5ccb1dfe1d30e77a1927f085c7ffe2d31860a10a3256

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f103e81dfb0885c010417f4b08b359d

SHA1
21693cbb26eeffeab52bedbad1b9466c58b075fe

SHA256
d09dd9e887dd9a84c631d14067ac8e877fb18877c48e55e04584ae395311bb37

SHA512
00372ed3a622d51aaeaea52c6a1179114691d48948834c20c261edbea6c8f0db7071c4a97d3954f329ffa2f3ef6c326bd2cb09cb019daacfaf2ff80b9d778dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb2ddacc915d675aa34feee245934766

SHA1
df0f7bed6881ccd4bdae997079fffb917bdae6c2

SHA256
96b7fcef71b70e332f9713890c45d1be46fb539d94e310f4a82d583530e5c8ba

SHA512
fa6c56fae26d042e27eeab1869a567aacc541eed74e3e71ffe6919bfc5362c0054c8e8d540b72c9b383935f3061b0d5600711b5273b5624f275d8e6dc5f13b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26a5ab78cc0b04c217a01f823aa5a8eb

SHA1
a45b708097569d49e843289c2485c392acd3e992

SHA256
76c7452228f22acff21a5768c3e3d89ebdc3b8dfa00255cdba71ee952b848bf6

SHA512
6ca0b02533a5f3fe42baf93b5a72d529a0d48cf2e21b115acfbe05a3f67d8476b71c1d29eab5e7ae9852db68e2dd1c9c3899a4e7482270dda55358500bbf3560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f5b08a7698e1229456c097dc98243f6

SHA1
66cd65377ee93e220fc07bed220e93d7622c27f6

SHA256
bb9b03445e123229baca697bfdf3f9e4bd7d9fd4483917179969e1c5f596f84f

SHA512
97e71653a9afd40c6096ece4ed937205d4b500187bac3b06719c565db9ea8e18d56fa81a83e929d69e7608fd4d186ff92df4e08e4cf2e201683bcbbb0f61d727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4463ed0b14cba61a545626d0643dcd6f

SHA1
d2f1e7b92972b402058d87eccf75c5d2cbc43eb2

SHA256
543df9c34c9b0651469842ee7383719a3478bfc352e753e3a18ba7da74c1dbfc

SHA512
f7218f313fe80b13719d24902486de54cbe544fffbd76594793a9b1575fdbe0834b7346d779e9db16183b195ea661113412fadabafcffd02ce8541c63463425f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d105d29d6e7b7d1cde8ead4c7a300fd

SHA1
aed762e1a0de69ce5a971b502e86d875250e19cf

SHA256
1ac9518473f5668698d65cb76c69c0db8551171a998bc9f13b853f308707857b

SHA512
3876330393a3771825be0fcf90a9a35d20a50455eeeb0734eb12c9c31d649037f0c0ee0b0b24300ecc672ceaa4fc2bbcd014013a5fe33fa1f2f4c5bcd627fabf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc589386ac8c23670c2c595e711d8baf

SHA1
1ba080d1d172e37ef6f56db233c4fc2dbe1944bb

SHA256
ba7600650221659875e5d1a66cf8649d37fe901c3677a1cf294c5872ba1b3677

SHA512
a69848019a6f50fbd26a9b8d457082dbcb292b36adf2a222fe1018f9b38f5ccd0dfbbfaeda1f940e0c9a3cd3994dc34f5184ffd02245a378dd23fe9551b6399a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e83442170a2f9a674d048031e07d1a5

SHA1
6c337b5112ad157c6b33e44f2f0e48d1432a438d

SHA256
699416a7fd1e753f5e069f62535374884abd3ccb8d053a2a633f6b8aeb778a36

SHA512
97712bc8e65070f61507293d3da15aa9a48d8b34d695377135366da5ca26bca0d1f9e9b3c3bc6dc84b5aed46088f8af628bb1f00a3ae455a74233e1c2fdf1bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E9A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F88.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F9B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit