0f32243f775344553e11056455e87a17dbb5ac5b14005bc70ac4191a6e709d3d

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68dff6905b481ffeeac9ef323b428334_JaffaCakes118.html
Size

9KB
MD5

68dff6905b481ffeeac9ef323b428334
SHA1

ef955ed12934f57377e4de906b4d874a48674d9e
SHA256

0f32243f775344553e11056455e87a17dbb5ac5b14005bc70ac4191a6e709d3d
SHA512

19107af61f43cf2ea415f853b31773a4eb3130c46f32377a41696c263dd5f7adb85f3d5b647a2d3f7d5cd3698f5b06232455f820cc013489f78eb3243647bcb3
SSDEEP

192:9FbIg12DR4/Euq7EKQ213mAsvyRcCFbEcGG4w3vkiUM5/CD:7Ig1WwEucQkawAHg9w

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3910A941-188C-11EF-852B-6265250A2D3F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422579468"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2820	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2820	iexplore.exe
2820	iexplore.exe
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2616	2820	iexplore.exe	28
PID 2820 wrote to memory of 2616	2820	iexplore.exe	28
PID 2820 wrote to memory of 2616	2820	iexplore.exe	28
PID 2820 wrote to memory of 2616	2820	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68dff6905b481ffeeac9ef323b428334_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d066229b5ce1c92d9cc9e6a696780ed7

SHA1
045d51f800ff5344b3d437aa00345bb30b49aa41

SHA256
36452dff30a18a063622952d2c7787ddf91f5366927c0a8d072741d581aa3937

SHA512
ff44ebe984d83b6ce3401eff876842a1ccaa88647eace09973a8f9eebb2db0e30e3311231233b2c36f0245ecf18b249b8df376dbef74bac0ad1675de4a790ddf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
349b2283cbf5e687579773e80a3319d8

SHA1
7ac84d0ad726148d8028c82a22b46ebe9693e6bf

SHA256
d66cc6c3c5d047904ff998469d55e8faeb58544f8a18a8cdfda21f0dd2fcd6e2

SHA512
dee8c2fb1aebf0581d0260c38c4655b75d7fb95e02f554516c36527e62c80342813b2ce3a0fcf2d0877fd877e411f906d3926969ca10adeee4bb48797e8d9189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e1c3a3a7071e81637de52041a099c4c

SHA1
8668004d6515a9810d348c27eca7f02d91cc5795

SHA256
1976f197c99b352238adac4bca56e2e00447829ed1ff90b7a605d978a12a7e32

SHA512
89f77b3a2436decd804b459b5a1401ba1c78db63529846048501e7da9a18bb7766e1e4372afcca922aaa70407baf9339f0f4f9b639739400455e99341a741715

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88f916c044c66f40dea740a2e3b9fe66

SHA1
0c20c09995ad03673ba7ac8c0d56c41545e23297

SHA256
d4461966c37484b3d27ebb63773b30ca232aec847f9d502ce2a4c1ffc3e776e1

SHA512
aa4ea9d12129c5932fd9780331bab9f43700dbd33f889d9172b62fe086771cfb4b041c548d8a43e39cb4db770acade51b72c2aaafe5e80dcaed39a0f11a0c981

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7642efb8c525da1126abf87cb15113d3

SHA1
ad1d0b2ba030165908d15e6a95cd81d85f1f46b0

SHA256
114f67f606f0543cadf215bb901444b8d6d5a6936046de882d33931d5970100a

SHA512
fe01c8d292e2ef21c940e9f8dc4e693d4f5e1150b016d6327ccf39d108e9cae820409289c07b4e3cc17711d7f9674be19a5a5406cb28fcd8d8c6b4b2a0beedce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc1bd793258d2517e9ea6329d74715bb

SHA1
45fdfffd3e8de80022bf51118d2ee1a97bcc6953

SHA256
342c6a47022b4ba125f3edeae65cdb4df9bccb964a474c631f0c698c856ef37b

SHA512
9e89d5f14bbefdaf6bd5fe93fc890f7bda42433c1440f79660f70deac9cc4f30e565271fb1e2064631afa3242dbce6eedcdcc1e78cf0128adea22b78d6706275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ff81a93f1e9e5babe628268215232b6

SHA1
172dfdb262c959caba799c45371b346b18a79c96

SHA256
3985cb35c9da7ed1678f09ceb1065749bc45b045bf05ab26c81078bcdf594a02

SHA512
bb80788664600a31a9f1f7e64645651f6bd3e4f95a210852bce62ca0945920403aa65b25a8ceeaf4e7b71f6eaf85ef5a7cd22909eb1a771c8c4dc0371c3ba3d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8ac7fa78dca8264d7b4d9f978aa43bb

SHA1
a2cb81edea9683c20984f1c6d1d5c8dbf546170e

SHA256
d0a774cd2daff3e7ecd1ddedc38096d2c2d10eb3baa957f1e2bec8eda18a817e

SHA512
75750899ce11bbe2d3bc7898c2fcb3dd08f645fde041ec82b193dcb6280a3c41a5d9c5fc3c5041242d9df7413c67d0ec8e0409dee820677ae2ffa3429896039b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
411b960bc9c34ac24af087fc891380a8

SHA1
571a161e8f5829eda42a0a1363d6d910943f5852

SHA256
1f7843e58fd5cd5f9e394663576134494e4c780e6c5f6dda79a1fa048cfa3f30

SHA512
696444ac5dd1aea5258a550c6911155c3688c3ff088858e7ee003d21e885624699d0395725379705686658601c6be7823e8108014c72d67523975f3733dd9d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42e8da0256f14c17382fbffa22a43978

SHA1
93daa809ca65da39d5637b4e20855ae1a1f7db8e

SHA256
55d17b328f9e2757c0b2a6a43aa39b34bf8dd2d6de545dcd7c84c06a292f54bf

SHA512
8bb8866a51e595c0a323a5e64b063557f88024f8f749a82aa7716279799b129466639938f9781162b09ce211a629cac8201d79b2fa944687bcaafd87c2e8d555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7f8c396cc7d8423a69fdbad024f5a09

SHA1
35d8a18a0bac9d99d3aed44967f750abd073ad7b

SHA256
6195b023e79401a9c4a6b76884691f608bd426d6db000b8e35cc17be8db35935

SHA512
9a58db02e2b6c56f5fd331b7de5a0f4009cfd896666b7ee2747b3ea66bf68c30281c71068bf3fe368f15d7890dd480a3aae718b565fa9b5e107472b197a6fb1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8d9b60a57d68f1215906ac8f730a818

SHA1
f4ead1fe0185c62c95052790c7f9018367a892ee

SHA256
5fcccca8800bd28b06fa0294f5f3c717f69a154aa0883d1c567d685f4e7d67ca

SHA512
e77ff89134de75eb8bb6206544970e42e967d21c4b8322899f5ac0cd41f43db82ee292ae42f1e742c89f4410f571ba525dc92235f33314f9eb598294c8ef7362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3b7df77fb47b8f4b3f0076c76f290a3

SHA1
f195332efc68df22ec9eb9ee3a76ac8e325e2645

SHA256
9491ceb8f779fe4d5d4db88a526f8ec774271a451e032464d9f66d8099f2d0f3

SHA512
b8982a85c87aac4e299b68ead31083fa78f4520ed0d80c1e8ece955e4d43addc7fa86328161ddee448acf18579139f8311759aff2e80a152fa0a4644c9499f89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a067ed78d9bfb44ec8d49acd713abed7

SHA1
855eef1bffcb33f730382f49192d83ff958e6ea0

SHA256
8f4c7ffbe26e52e462abea74f2feacc8301af006b9b2f0adac1fec0f109c9293

SHA512
93535bba236cc938e505f941eb8c0f01e3db29310f71b85555680768fbd8bdc79a48726aa31e610679b0b35e4fa485774a0b24163f2629c81f854eb286a53b39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80072d88e52c6fd20fe162da1d81af37

SHA1
7c1af4e047d73c13ddced74f108b068ba1dfe8ee

SHA256
be37676695a8de5f7e6e4027884e9158bfe7913f16f68059c7e1b3f8bbfbd684

SHA512
c3c8b2ee38d7ed087ca44c9a2f59bb7adfd944dcee8f074484259da9202dff39b75893fc63ff8bcbddad9631e24ad941d2e0dadcc6fcc4d407d94031596a92cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
542571eaff865fac78fbb70c8617b295

SHA1
328dc5ad7db75017e203f02d2dc7126dbaa98089

SHA256
b1d8022eb9587f9bba5f999fdca76f24a5ee03ba70d93d74c06d9ab810d9248a

SHA512
117d959cab952f0e68fafcf7e9b5e40920722d55c4230f88c84187d417c02f9daeddca2dc057499e78390e15e4e998f5252440e7e214fa2d93983fc25536ef5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3169fcf04c625513fa8d19b284e21f5

SHA1
1e27a4c153f9dbe453d247e0aadbb083a3d07543

SHA256
3895e2ed64006509f8a5a359eda9d8aec95400febcd88fb4d5d661bd7278d3a4

SHA512
04eaedd65714d578bb1f87cf9a4b3833767ebc41dd387324831da5b8cb510d9f4a74646e301099820e077eb3c7610c2609f0439dfe2981c916f64feee0898f18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fb2bb7a6fdf8256735bf62d3c726545

SHA1
0ab639abfae2fdd61fffd7f9f9494001a4a5d9cc

SHA256
46f55339aa2569e71c43e79fe2d6f8f787a536bc5c89637da2d5ced434a203a3

SHA512
f81fee8e3189923058743220787984f3d79fd69fde34c6ad24866fa6e818e1c9e827c7acb78d872c005373988285af2706f00d128bd78d0b1166c1c81f7a0705

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98e983d642e23683a38d9b7df932e7a4

SHA1
7837e517adfc13f7d06576c17de949656ab4fd80

SHA256
b149c2f76519bdb3963d2665402959faefbff66e115be07cd83653b651f95376

SHA512
2e6ce73d9a38a4b86357558b30752a78bfcc2fd73304800a16a8f9cf02f04b48b4a9b0642fec74489126a9cdb66086314dc67ad275c46cecaa7d929f6ed0c64e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32e6358b8b61221802956db4046e79e1

SHA1
ad7fc9800baf11f6a11b0c4d5417b56233ba9987

SHA256
11317b5d74e85fb9a0eae0cfb21d0503d60935f816dcef267fdde9e039e0bfea

SHA512
27f48fa42e9f480b6477ca9804de69a62758a31f06698618fec0a29a70f5edcb3d8c7dd1b7c55c01b9461a17c87a32429cb06f3b0806ff4efe85571b452b5f29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0d77532afdcf0b7db9f748eaa93c1ea

SHA1
61db84d26dc1d99b6c9b4da72a937527f7e9870d

SHA256
81586f3d619ce9c4adbbb81ba9401285d51da2fd9227b37d040790423ff5132f

SHA512
67ca504159f91a10118c4d13ff5c0380944ea199daa0915f3e217223b2fda96d9c9976a715c34849969af3555c89f45b0f86e60b8084b7c8ecadb50e143a5b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2EBF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2FE0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit