51eafec7b365d26428465af52fb7b5f47c200a1fe9a27babd4feb12153c3e4a1

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69075eeaaee230baf8ac2d68258061cf_JaffaCakes118.html
Size

68KB
MD5

69075eeaaee230baf8ac2d68258061cf
SHA1

fee4a932970cfad7078866881a5a9f275dec7b4f
SHA256

51eafec7b365d26428465af52fb7b5f47c200a1fe9a27babd4feb12153c3e4a1
SHA512

55f786b37e68a8a953b34034f011d0512e11eb6f2e91c04d19a378abf8cda602fdd2a0d0138598a6400c41b9e16aff6aeb0f9119b1f88949233a5c88a24aa3c6
SSDEEP

1536:yq4H5BxC8NeOQTtxNe2+WBQYZNePCb4NeGV58kxs9bMhrn:yq8ahB0lxs9bMhrn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 80e8e69ea1acda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB16E581-1894-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583178"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2860 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2860 iexplore.exe
2860 iexplore.exe
2948 IEXPLORE.EXE
2948 IEXPLORE.EXE
2948 IEXPLORE.EXE
2948 IEXPLORE.EXE

pid	process
2860	iexplore.exe

pid	process
2860	iexplore.exe
2860	iexplore.exe
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2860 wrote to memory of 2948	2860	iexplore.exe	IEXPLORE.EXE
PID 2860 wrote to memory of 2948	2860	iexplore.exe	IEXPLORE.EXE
PID 2860 wrote to memory of 2948	2860	iexplore.exe	IEXPLORE.EXE
PID 2860 wrote to memory of 2948	2860	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69075eeaaee230baf8ac2d68258061cf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a43fde18616f01f2fc7001833c6e8141

SHA1
07663a4a7ff777abdfab06c09fb2730bfc84392e

SHA256
0d069833eac0a5ae6c80492a982121dc63de4c3812d9d85fd8cfa8db73d61f22

SHA512
02ae080664e2ce7ba6684385d25f0787e721bc7c94bf07cd7a5066457f4e18905504c3d2fb022ea8a153a12394eb83b8a00b0ae83964f96cfd1816688c20f294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af4bc77cf3be4be6f99f28ed4ba24253

SHA1
222af5c2c1c9ff21130752e82979733178fd8efb

SHA256
b7fb37eb2d3b88ce967a7a6d9762315b946c0a0f8d5675ad8e7011db09bce960

SHA512
e426acd98ffdd58aa338586faf2607ac0e184df86eef3b40bd6fd2009da6737dd7612eb6b9a47d8710087789d1aed48fb820b0e20a80c0d2b4a91c7e4ffdc499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d328e7b441e9aafa945ccf212d448e51

SHA1
2082ae2401c1b27a8313254f5a1743b848bf889b

SHA256
dffc2706c51d6ba9d31d150387de9ba6c767331de00022bf16c4aedb722120f0

SHA512
36f9cdcd7ffd74f36312b7fa54a923a7f361f3a2995c0307b9023f0053b464c4ecba165173a6ee6b7f4f0d3f9c1eb9234eb86075e0df1f2e88d38a38cdd61e36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35378392a1f004ce16b948051a5317d7

SHA1
55fe1b689e71bf1a6701671c79408ad52d96845b

SHA256
776517ed6373a01dffe9b9d524335d1654e8440906c5325509e42d76db25fff5

SHA512
72926768a3d27ae9438482205916ad9f8a8a568445155df902a767063d0dc868db387e7551ae01fe7dd465312f3e01c8d61992f7b2bc2a73f3ff5276445d198d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e854ffc177ec7b8cc9b8e262499b7c24

SHA1
202a960d041139030ad2fd65a8404e44ba65e896

SHA256
8cb07ab9522f18b8c11368faa160277e4af71018899e307fc6d8bc54b77ea361

SHA512
346e8670a3d62ddd9657a4bb70e74eb69b12d171692a667f3861cad4561a0bfc91e0c2e9b6f62552db539f9c29d4a5dc4757d737e1060f3d385374c8cbf92073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40169116cc2c0abf95f1e6df55337c3b

SHA1
80266c679bf1fd15f0efbeba6dfdffe323ef0b38

SHA256
2eb642d685ca02f0a0624d0a991fee62c19eee2ef623354e2323373315c5cf28

SHA512
7b1cf01458642532eda6ca37355807caa0528887911184863125ff6d763da8ff7d22b33f2b8f79d5c1ccd8b8ad7c896e5e527bf343631d161948f2c0b7d8f1df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba68df2e7bfc0ac2be64ee3e0af02ebd

SHA1
246fdee367df7b6921a142733d5be86fee84c192

SHA256
7222abe042866ccac366bac95aac9147eb6d2668ffbab31857d2d3de734b0ffe

SHA512
080524a26f18ec79b13b9dc4bd13ecf02e6b0b05a090f010ad4b0744893c6a2c41ffbc5ecf3360af623b8b62e05549027aec6a79fa2fc1d40491a12cc50e90b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4171b2599058147af21b6df64e4eb4da

SHA1
095d249f701cacf22f3e74bdd6076bf09a1b0868

SHA256
4f5ac5507491c480f89f4d17e17f61ac480495f6f34a312ed7c9e9c21b0d0f72

SHA512
55f8d799dea2bd37df054cf02d51c231defe2d4f05bcc45c9baf1bb4003ce7df5118676fc583f8ae26a34db0015123b966fb2559e8c4e9cecbd9c6f1687a8730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
189fc38f541111591651e9ab684abc2c

SHA1
23912edcda32b8dc777a52cbb14dc785c5bc5f0f

SHA256
b975b491763c64c1d62a19ece0fa5157529f9b728881936fc5fd2a1bfbadacc3

SHA512
628454ed7b19de7224ba0725b55fb6873f2bae68633b807045aec4430402e81061951da35362374cf82d5475edb1aebfc2747baf3a99074a8bb9b146e41a5f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0dcb9d62f7330f4966d5430da745293

SHA1
dd4029f59adb6f2197d29ddf5959d49a8ce8335c

SHA256
6fb562837f4ff81385653ba2916011db2608f3d11df01b69b933e896b0a9ab15

SHA512
6d829838159c7e2ecd9f2c82a45f886dfb401b9c21433edbeeb63e4f719cfb54885fa76fa72332af23bdf5a5e97006c65c9a67a9403ee670def1bd0b4cf258b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e82d2e09878b14813df46026e3c4318

SHA1
ebda4e2b59a44f67268fd1b44de3019a2849d83c

SHA256
77ec162cb291b7013ee35ab36cd52bc3d6e28d190d382a5cfe3bc2bda9b170d8

SHA512
d32f1df9b7124ebc46ecb26630d095c16353b5b6c59f41f49c1eb0d3b8f681f2d239416b9e24cbfdc3d4e37b53df5ca62b87eb8897f7d2390fa92cab6ee7621d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5eac170e09b75b5615fb1de28424f86

SHA1
d748b2e5c2be6513645e34bcd3b18a961b64abd9

SHA256
fedb976ba83132dc5de98943d230c2cdb949628bb238931e3f6b3b34109eacb9

SHA512
709af223a546127eb89ca7b8e0eddfdf1a06690b87db39de0513b6d6f55ca31e389952b71d76b8f792b0620acb196eb3f7e351a964a1e60df2654d6a38b023a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0bea2f7e94c69d466ae084d9842bf1a2

SHA1
fde65946a8c5f147efb7025906a12ad9c23ee154

SHA256
f7bcdfb601f4a09de98b1c69ee692c76847e9ffaac0d06d94446303d766828b4

SHA512
14e975064a5ba66ae41f10fef087bcbcccb00230eaf24266c7b1dcf420d8c8e61c0ecd839b0a46920213a84b34beaeb549df4e528243cb4628d29bc452cabc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\wp-emoji-release.min[1].js

Filesize
92B

MD5
5a18e242e5852db26743e6db36f2358e

SHA1
c6258fa68745756827a07a5e738280923ce667b3

SHA256
49de0f60c7cf93772f9fe3a75cf8cad8607c69d10bd9828fab7e0ed8d8fb599f

SHA512
d6cc02bbb42d3197b94a9cb5cf207abfa2cb1f837a96089dea9a1f7fd3f367b3a56268a0571fa831821ddb07941122b7e3aceaff33ffaca5402402a455c5354b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab94A3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9804.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit