511e3af12712369bcd31860b2a5c4cc3ea0340ab1179cd04dd23b46607bf03ba

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68ef058fb0310355a2e78efa64f15711_JaffaCakes118.html
Size

213KB
MD5

68ef058fb0310355a2e78efa64f15711
SHA1

764341dfce76a89231caf8345fc8c51bbeb03015
SHA256

511e3af12712369bcd31860b2a5c4cc3ea0340ab1179cd04dd23b46607bf03ba
SHA512

0cc61195680bd1eb13cd79b88f327e09fcabe9fe0b9ca824176a100b55334be3c6038e990f37276f62acab4cf6d6eea333febbfa491e90e52208b1a672b5b70d
SSDEEP

3072:SbGq2g0IkNbyfkMY+BES09JXAnyrZalI+YQ:SbV8+sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13397001-188F-11EF-B27D-6A387CD8C53E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422580693"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2848 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2848 iexplore.exe
2848 iexplore.exe
1940 IEXPLORE.EXE
1940 IEXPLORE.EXE
1940 IEXPLORE.EXE
1940 IEXPLORE.EXE

pid	process
2848	iexplore.exe

pid	process
2848	iexplore.exe
2848	iexplore.exe
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2848 wrote to memory of 1940	2848	iexplore.exe	IEXPLORE.EXE
PID 2848 wrote to memory of 1940	2848	iexplore.exe	IEXPLORE.EXE
PID 2848 wrote to memory of 1940	2848	iexplore.exe	IEXPLORE.EXE
PID 2848 wrote to memory of 1940	2848	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68ef058fb0310355a2e78efa64f15711_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1940

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0d4746071277758f6a524f2638639562

SHA1
7b2751bcd7376a4e166ade7d5736f7e59b5eb6fb

SHA256
a02047d3d3b46ed41efbb838081b82324e74abf6763d782c790704adde789f02

SHA512
a336c392f2b709fa5321d6adab5a548d06a7533fc6f70b950813908367c455c090f782e136eb3389b4d15a960505a33bf0e547a5237ee57f6a198158f414e169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
46bda56eca9a9d536ac032a65a26a4a0

SHA1
ac5184448b6f2c39f7049f26734c6e38edf27533

SHA256
3b934a72584558b7bf3c8abc5597cb360bd0e0534cc6e49b643fc05f8598d01d

SHA512
3d3117e8148d7a56086851435e3d69b0a36a05e0f6f87a339fcbdbdafca4f88fe5fa59b60fac2979b28a769bb405a40eee843c265551de405d101857a848a5f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1673ef445c669ad728d006d1c5221401

SHA1
4918f7d7c71f4a46c7050206469a50ceee36c9c4

SHA256
ccc6d71e31621c841ecbae4a41c5065baa4088f001eaf0b78a39397f3d02940b

SHA512
10d6a784599dddcad8a8d38705ccf4b2d55fa7d584e2796ab7dd62d428b92a3b65ad61c2c011c3cdfe80ccbbe0c89e68c53417badf506a07948a53ab139c75f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2220f595ea259335a8200536da8e5106

SHA1
ada3a728191c2265267928aa8ddbc36983d796cc

SHA256
a0c716365ccaf4106c85be6ff48c48741892a92ba492a07b13f7095dafcbe161

SHA512
b694c48708317ddfd8338195485b81d86e78169e3f02246230d4713229c7e34093021be38dfb32263e504290d0d60c9e74da6d71344048f045f2fec3765783bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f765aafda0829a8597c7342c188cdf11

SHA1
b0ef72a55dbc1761023c352c280183cd3e0fa354

SHA256
ec4654df3994941d7a5c35ead4f5425ed8e16e0cddcec2caf94c833495afea13

SHA512
c690b49180f6a85433cded4357bdb5f2440d2afc8ab2ea20293432b83cf810049a4d5b73a12420ed30e868f68bd13c77ef93f5a05efbc045b488ddaf37089112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f470e7c92f7fcb36d08f9b784c16761c

SHA1
a6f86d59ca050dc7ca419c53c9b619a0f3a0f513

SHA256
c6e93292129e934839c647b6447df76edeff71226a0cbad0b5213d84a23ac2eb

SHA512
f6ab508b9b1f1d7780955ac88bfd341d18600efea8a92dd3053fb96df95ef4c921b9ad234c198a567d3fb39eda4bdfde3311e26291ceb3dee4abac89b1f9f685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c37fe08872bd215cce06abccfc1757d3

SHA1
3daa3aa7b0456682192206285346dd9e28aff868

SHA256
2f252d4c0967acbaa421552c1d4c24ea6bd028b4d8ee34ff9c03347bedef2648

SHA512
596d31bdeb947e2ad0f99c87ab50e9f41a07b4bde75f979cb3024f076a44224fe53a1e507add844cfe2481f7b870182831ad157bcb4885fa224567735284ddd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1f409d70c5ff2439517e1aa11962d9c9

SHA1
ea5b8db0edff62106723d2d404ee9c7d7dc8cbf2

SHA256
d64417133ad81f4a139713c8cdc5c4621b12f79910707fe53dfd4d1c7f11d5ae

SHA512
5191f8fa526b4ebf856d028e139f5513a3b3c1b173e105811104bb03ebf23be45f9483167d38eaed728dce15613cc9d8fc843a3119c29960e52d3e303f9f42d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
702e3917dd019842af314399c3497bea

SHA1
5a34d23d821279d5b177e2a685ee0cc29efa05c6

SHA256
ef601aa01e8e721a0ac26c809f1e714aa3da3aecd34e421dc8747b955b02fdda

SHA512
a3e8dc0ff6847b8ae6d74d8ebaedadecb8130ea76c26782cabc3dcb8f6273e34d605eaf45aa5828974ce5a12d0487ebbdd15cbcbafea849524814b82b7e5ab51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ad7d27e57dd6212f22a8e6e36b7e026a

SHA1
836b4a3b9315c557c98da78d6b25374ae6179595

SHA256
7c887b483c1dfc2d23dc6f0074f8e79dad163f7c8e5828b4aecdcf304b06bf32

SHA512
68a4581ee90510694cd5c315b868424dcbf8f82bc5cb005521d751edafd65c06d826e689d8d7afa439ec35bff0d4d4a892ddf789da42ebb80ddca4ec0b0cd3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a0951a760f3333e9e96225c7665dfe40

SHA1
94d97863ca924a4479a9fd6ee622900cbbea9be9

SHA256
3f67b287f96e53c546f392b205fd1854628e15ecac0b044f3c576183850094d3

SHA512
54bd44ac2492f660df8ed28006f34fa0886173c55b076e05db496e0ff08b80bbfaedf24fe8fdcffab85ee7e0f7c40f821851790f88d1347ddebed3b139695cf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
81b8ef1021ccbb42940118f067e56a96

SHA1
2468809afdf8215328da546370c7b2d155a08a75

SHA256
8370ca9d5b049ea8da65865ee41812c246cd3f015ef181594fc8eac99f38ecb9

SHA512
44bd3d03c4d2856d9b6ea61678965d1eda03dd53ff56431161d6ac96930061d4b8787589aaec57c907b5a5b2a2d159d18bf6232ce1648a044726971abfb955da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fef1b776f83ddf489a68b508f1240b71

SHA1
1ff58fe61da35978ad2a1e6b36cc3a15e21866e2

SHA256
0cef9a53426820f33ce03772e212f6fe1be7e30b903615fb927e5d235bee291f

SHA512
fae1a0090b6710198b7297c43a8432da02ebd3460ea433eab58f7113158ef79d366b1e369a2055754cd8b291ead4f25d10681563faadef3b07e759c0b474499d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a194634221c1e9c50fffa280e5a0c59a

SHA1
31c99ba9627414bb4743c1c2e47a267f4ed0943c

SHA256
e481f6b4e9eb10261198ba6a6d3e51181246c6086445b27e6f735d3d196f6e72

SHA512
b45d1cc795cf74141fd0c5c6038f53438063aba74a2c28065b7db00a3b7858815ef18bb9ce7040d18e0efd6472838be68983ffaa998170182a73c203bf1eb23b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
903aba26e33a09705a2db0d51ed1ba43

SHA1
2d50c4b87da2be8746302f8cf09a4280ad761061

SHA256
1fa95a3c3ac52e67ef474a56791a61fa520e666d99384e88c94f0154ff4d5228

SHA512
b68a1b502781b4c71ec338c9677847c379b095cf954781f508e16cd46ffd20014e25e56c4738421a4412d447680e8edcb63832d88b0801d20401228972d2c1fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a527a8aa9fcf9a71ce5825d358d1f3e

SHA1
e0814a99225984aaf92f01c6cbf539396e48e225

SHA256
b7b791f372c792d5e65eaea03c8d2976acc0a2c1abc9ceeb275e23df9a9d05f1

SHA512
1e6bcd2c5e2e910a35458103f333e2ae977fa8f0e39deca435a4c0fc8f9e58ac510bcce835e5896ccc263df96e5157cb8949dd7ae5d809efd72e58ae7e010a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
45131ab21d1c28bd7464eaa9e2c8d52b

SHA1
d7f8b25f41f0d9cc4f07ca16af9e47c5804ec535

SHA256
2d20bfa1c312adceea02da90936cb65a689c27aeb55929f236dffd5609beacab

SHA512
e166b8f4c4264ff9277fc2fa24b0f659e0973ce50c91855d32cf924e437f182dacddf4d0c2f2817e3742f151c8d8834ce58f0878c2d653e38452c532734b21ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c73a7d1e182ef6f6db9eb5d8bd7637c4

SHA1
87daf6072bcf80ea0dbd5ab3b6c99892c3580a76

SHA256
5961dc12cfa3c81fcf632d0859a78bf09a0696d18f8fd5ff676890f4b79382bc

SHA512
48b7e216abff5bc5415c8c38ece8f1fed433033c63dae16cb52c706dd31445ca6ef59748f6b980b381da33444de05401096295336e8619b7e701098e952a75c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16CD.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar172E.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit