8bf5debfed474ddb97c26013f0017847e720687f0582462a4ccc953adc9b5781

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68fc0fa04a92ca0d8eb66347b0b33893_JaffaCakes118.html
Size

18KB
MD5

68fc0fa04a92ca0d8eb66347b0b33893
SHA1

86efe05c9e76916b6341ae8b7a34f2337ad6e5f6
SHA256

8bf5debfed474ddb97c26013f0017847e720687f0582462a4ccc953adc9b5781
SHA512

ae35920e4979c7e83cf4aa99df0768876256eac445db42016a5fe61655e449584353e6472f3e64ee62c07e2eca38bc15a092ec3143278d707541f9c16d49f91b
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIj4HzUnjBhl/82qDB8:SIMd0I5nvHRsvlExDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2A1A3091-1892-11EF-882F-5E44E0CFDD1C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422582020"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3044 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3044 iexplore.exe
3044 iexplore.exe
2788 IEXPLORE.EXE
2788 IEXPLORE.EXE
2788 IEXPLORE.EXE
2788 IEXPLORE.EXE

pid	process
3044	iexplore.exe

pid	process
3044	iexplore.exe
3044	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3044 wrote to memory of 2788	3044	iexplore.exe	IEXPLORE.EXE
PID 3044 wrote to memory of 2788	3044	iexplore.exe	IEXPLORE.EXE
PID 3044 wrote to memory of 2788	3044	iexplore.exe	IEXPLORE.EXE
PID 3044 wrote to memory of 2788	3044	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68fc0fa04a92ca0d8eb66347b0b33893_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0653a999679fcfee4af6b7b6dbf6a3f8

SHA1
655c9f3af48e6832af6c8786fe32df59cd10d14a

SHA256
62f78d20101c1b0a8e2f375727e267ac53125f825d430517b83f4960ffaed01a

SHA512
e29b0d93c4b1f657bffd5e987bb9aba6b3f7ec823069fbd051da0cd374ad44afed2c6d5e325f8e52b9a8513b77a5710004964d3fe5a2fc513adae640943db80a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fef55c3bc5310d5a9ad00db68b3fb5a

SHA1
59ef22a6364f8d3c6460be873e2b6e2226bd0d26

SHA256
689c856c262c11585a53e33b5c52b0b86b7625218aafe31fbed7e773ada08da2

SHA512
73815126c543f61af37c4bc83933590555460493a17181db3c25107d34c563de896d134e5a4ecc7a2756fc2aa558027ebda69d3a7c9cb951467551d84739e4fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d2b0f6118b0eeabfc319b373ab25b9c

SHA1
5e645eace9d54c3a3358a7edd6365d87e0ea1707

SHA256
3170ac1bfce6e42d93f905b02a9c0529f00f00480d1bcc59965d5a9ed79d3369

SHA512
b9268471a9b70cfb25aa9824995fcb1476e390fe2726b1aefce24beb4c20734dbddb7618eaac531cf3211ccddea4293c727ffb3e311cbcae90a9bff0fdaa936e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2182884bcbc813e1b8b6f95268910b44

SHA1
8794e5768966baddde233fcc80f0b551a406685e

SHA256
a282f15450e0f578ae41b6c44360b4b8d08206d3698c32ed94a57e1a0b0b060a

SHA512
5f678d880107010d1451872d857a6e86296636ff404c8832596162b56e497f8059777675814206169d588dff6ff285da78832926ed060c927585b801e32bc82d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ee435e3d02569e4cf529f9aa14fb168

SHA1
ee223d671312a1387190e885197eb5f0e27ae68d

SHA256
b127ab7703a9b0b38e312a230d086c6bb9282ff8af46c0f24431e8bbb9eb9c2f

SHA512
6ff9bee9df21a3097c5b454953e92254900ce05404636b185fb99c2956c0d91d3ed04c02d858a1a475e947a8ed525c93134c8d8b729f211cc28abab91fea3385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b6eeafe796409f6a68cd0961f6714f2

SHA1
66789f3c03960bcb125e97248a21a26a92859895

SHA256
49fa44774b7dc7c4f0964dca4e71861bb3e05ec607cd56573a2e59b0a349ae19

SHA512
7d78b9e0ffb120cb58958d99a46ee803d3809206535b9b2a0eef3f292d04420f8b5c320b031fc89aaad1e97befcd21e2f0d8c42dfeec15651d09591d4c3f6bed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da1aa1ee75b64b769ef5913973eae403

SHA1
ba3640fd711e3bf94ea4fe3864002a7e4b11005f

SHA256
7262f9d6111532fb3d3aa88844a99ccf19f544b33f49cebb69df83992152ed73

SHA512
2935ac3bedb9b823db7e45b1be0e57d0f1e7db0bf157ef1e4b2d0210460c882ef3746091b69e7248ff7eeff2160ca6ccfe51f02968f1b238af39819ce234b693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
589a248846629503270f2ed416334029

SHA1
104b0185be6afe13ff2d3864944e97f2debfb903

SHA256
54dcb3934e45fa3149f252496a58f33841206da880d82a9c7bd4756c8eb96c60

SHA512
d5a7f8e82f346c190cf520591876062959a4bfa94fe4413ed83622f45ba88888e64186c6cd57151953eb2a084539938b0c28bbe93b880935ce4d1a61cccf2cdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
116982e4957a445ae5af69b9d954170d

SHA1
8c202c3f88263a7a54d5d14debbf0aba6abab23f

SHA256
8bf8a54aa2fe2e043aa36fc0e8eb132bccb176ed11984f879c9052ee0c1445e0

SHA512
fb272f48ba3ae044161950721c9e296a3cc82fa80132ade8206174de710edcba3c16fbcff00edd97b870d441199c4b164a77338d00973999173f61d84b60d7df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3570dcaf7581694b76c0d848d0ac5de

SHA1
f3089bfa6726b42a4b63b9f43de341698d6a5e3e

SHA256
09a5e850a9fbddc0085cc25a89b6d93093308f8b39aee0612c22608f55702c2c

SHA512
00ba0541031191584407164bd75909118625bb418be475ded04825b16f348833cbc225df26bc10f711505c9663b02d72a976885ccf984c6b77e103ee397b4390

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3c1c100af0b1ff8cb935fb065aa1822e

SHA1
a866de70a817a9b1d9a3c2e5c2ec94615d692099

SHA256
03a03970d72560abd9d4cf967708d8fb12fe07d5e4595cb45fb683a6e05d2b2c

SHA512
f412e73bb1bf2cc2a1b00df098e81cc3decfda8ff5ec99a97e0a45d8e861de6d32b4f9f662c923ad121bdeb7f068d1f93a0140aad9978f04bcabb9770ff18e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit