922b387439b6b35904128cfd3b3b760824f9ed4a3accbadee6ad68c03bf30d52

Analysis

max time kernel
148s
max time network
136s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

690e965aff1eef058e5ccbb00893c226_JaffaCakes118.html
Size

37KB
MD5

690e965aff1eef058e5ccbb00893c226
SHA1

6a2ae3d65f4c281c85e5d2b31d42fa32b8445c2a
SHA256

922b387439b6b35904128cfd3b3b760824f9ed4a3accbadee6ad68c03bf30d52
SHA512

3633c4b20d42c66fd54fd975feca0f96ec53307e24de7a50a4416147b10a7750b70c9a8b0d9c784e8f64d641b140e6d8a636e8db24932609232cc863da6c42f3
SSDEEP

384:Sb1oCNiZo/FMf6jIBqBM6gBM9/uZLc5uLy+o5O30wvOFx16nYpKtiLgQxGf77Us1:SWVi/FTjI8C6gCIZw5OaKdZP8bQb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{56485261-1896-11EF-A346-76B743CBA6BC} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583812"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2028 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2028 iexplore.exe
2028 iexplore.exe
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE

pid	process
2028	iexplore.exe

pid	process
2028	iexplore.exe
2028	iexplore.exe
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2028 wrote to memory of 2016	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2016	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2016	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2016	2028	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\690e965aff1eef058e5ccbb00893c226_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
47297d055f79de73ecac458be628fe0e

SHA1
5719879010137804eca12da341038ce65a606efb

SHA256
3cbe05d88d29241f1359df61b3b39bf46797d5efb1f1cd2dd1cc1a818353f615

SHA512
653f05430c87b125d20f463865272a14d10db9b9a62c050933699a8e732b759097e2e9fc304379e8a1bbc06bba54715e314a402cddfa660a8cc265d869affaaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
314f43cd7f9cfe9d6370f387d80fbb19

SHA1
c4c67c04a7582dfdb3c8ff6a4a42714ebbbfa1d4

SHA256
13ac48dc7f0d99f28598aae7fb188a63ddef630282695d7c94884bd7dcc97c7d

SHA512
9c5286aad9de365f95b66698d11428e58b4c264d64de6d264cabb2a4b2b000b368ec7e9af68e3f6d9743007e93bbf77c9cf05d6ada31d2b8e00f0290666d30b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14b92e127516780103c2bedc603420a6

SHA1
54d0c4156b101cd590b11e4e9256e3e99846f470

SHA256
a678c1c9c05f7d03a0d60661b81660b7f90c9a6e4685a8dfd8027d301fd9824e

SHA512
26e8579270e018fb003ad1eac2290b8489c01739532b582f87dc9544d1c2634e7597410418fdaa87b6b4aab8b560d16630f1ecbd6a7f9d6208ea59b2b139f971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc1635f3341011fc17b8bd0595938a1f

SHA1
6ffd1294f0273f3d049509244679cec87d08e7f9

SHA256
6ff8f51815670e24facc8f44c1d94b6fe503efc59f79df46ce59dc66ae35a17f

SHA512
32ebbde5c661c344aa715de5448bd1d4ca9c5517ba828e49a34a3c10d339a522e68221dc5fbd8da9e0a0a7257a70d146129396dc9265e810529109bd09df6372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cded350f240f8308ae99820d412c51f0

SHA1
5326064f59bf6badc41ca4db4aeee481c4c9e572

SHA256
645ea28e2fd4ee16564372f8c5bf6636fc89c89f91e0205aaca685d2a19f3d18

SHA512
27ca96c02d1a768a81fc1ad38890fa9162e86e8caf77020e82bfbeec3c443fdb6528b93b670f6cf5fc6c909c6ce416788ee9e85aca1ae653c13a2caac1ab8903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b68cbb8f81b7593b6639b35d02e6e9b

SHA1
fcf39c1d174a5dd4086681463ad55c0c069fa5c2

SHA256
70502261038b74428bd0a3d412d6c31dd69a7e5d6f0151592c4603affb1ab7d6

SHA512
4b5216b752f3d9940ed0d9d35388b373584c5318569320376497b2b4dc211da2075489d710a509179c32719da9ecb7168d83a2b78831e95bf89a407a709b2ec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08b840715787fb56812c6b3ef82494c3

SHA1
0cdc28b3146a0062e0afecc3860e982a697db973

SHA256
e4332ceda76638dbe5cf02bf80402d2cf5134f607da9260260e9461cb5b2edc8

SHA512
179413545bebd249647a753558418ab8c3300b09ab8848eccfdfd8a172a847a0c6141af96bc684b416bfabe68e842b09eb57f22c079dbefc9f5ce1a5e6f41fb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80b5261f0200945eb285601badc5f14e

SHA1
fc1f44da2e48095ed6761027ed42c94cf9363834

SHA256
74de460f06c7de90231e17288a1c4244fb7149cc280bb0e852672fca45b1758f

SHA512
11ee3147d9bb42e090b059f0cab1db3222252d738f7e2dc5b650797956384dd236bb939dbd634ee8e40da56ae1c73a05774fc35ed58bff4ab2a3a5e7ef9dae9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2350aeeacc20cc32ed26187a67246eaf

SHA1
3d8d1672511a7d16e0478c310879ab55648e22c8

SHA256
6a918f229f937a0ada01a445e5a32426549125be545889ae7d90064a94926360

SHA512
70fff56405938223ae409492f86ba2c08f534eaf884ca258b262d73eda024572bfff282912dcbfe049e67b9ba71b727f3d6667d7a3555a89b38832040c13688c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66bd70c1e6c0ecfa40ef7e0de0d12166

SHA1
4b55385544a0409cb5d4b18028c221cd72ed0a8d

SHA256
74c3b8eba8eaa5f874e4feab44885d4aba776f410dd3307f93f2a26809f3a11f

SHA512
07e2d85014dec3a57f15fb934985fb1169cb626ecb839589664680bb3620b608ef050eb0e51292d45350ddfa724eec7b02452f32d59ae2479600e7801aaba19b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f6236823ee6c249784561c8c6883fa2

SHA1
579b9e60d1216a46f1faa44746f1c40e8b585308

SHA256
38856dd75bfe5949f3db59480c2b3734f0a70848b0a098b0bfd327823a737d42

SHA512
480811be6ce07f68d9e2f31140c35c222b4d21ca32f6a3e9e3e965e2643af9dab910baf39c2b09aff33a13c8e6401c5f5aa64462faa3d7afd50474fcc23430b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b53b516c569b1b85e61f90f18afcb890

SHA1
97f42d72a2cf80577437eaa35f0fad3ce110fa79

SHA256
f25a5c52ee5a382e3b74edb0255b1051baf5d2ecdf951527286a49be3311693d

SHA512
c5844e06bdba8fa449f8a89fa5562a5eac436c1a523851f441486edd655cc08a962de9f12cf82a2a4e04851a2821ca5b4c1d77ece7bc9e196d5cfa0b704bfec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da07c034faf8ab2a7dd78e2ef715506e

SHA1
36d34a690711520d3e3b9daee58244d8ac4d744a

SHA256
d7d24a74ea005a2514a891e545764bd8b9b9d799fe41fdd6fc0649af48f98166

SHA512
29d28c98a65bd50ee732e49b16125eddcc99410cf317fa73dc4609c8557d3a91150c08ac828649fd024c653d480552472cc9767d3dd8830a2b1a99a753c8dd39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97238327a2a3eb316cf6b6b0f2b45077

SHA1
b1ae475ec217b310f0c7a12be3708c85994594fa

SHA256
6907c2262025cac566bede4909067002d2dd5271cab51e8942356a036df4889b

SHA512
a0e6590979d12ccf050226e2f6a01a881213995212694936d313de2ad30afef37531b3efde45a6a8a367f318f23d1dcb41e694e31e4baee51bbbd25a655f4444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8c603248d0ce4a345757f8709183192

SHA1
757b360611af6e9e17943af17db760866e44dc58

SHA256
a942526b99849143d20863879b4c4d97415572ad42bb3fd7dcb388cc30521d45

SHA512
903896716d77143dab1c558417d2fd5fdbdf144d2fb5b4431bb6484a11e45edf5a7ecca181c05a34aea40f94e878b712e3352ab82b96ebd54e6cad42394ea73c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff9fb38ce4d31d0942147128b582417d

SHA1
e36ae317be182ceaf9427cbe36d5a0ac20217296

SHA256
fec1b02543979eca0ce1f9e47c748b830cf29d2a4a2d30f4e49af5dc7d7a8379

SHA512
048fdaee3657dde7a7dd2db5f84a7b5c46de0cffbf0f8dae2beaff03ead24a8b4a6e52295791d1876aa488d5e22152fba79c5c735078eb037092fc4756845090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d28ccd30f17f30f8ef7815eae8de00d

SHA1
1aeb079057319bd156cdfb9dfc1878f2e584a84f

SHA256
4f055ce45d14e0251deb793c43ab111660ab38ec2dba014589e393f5bb1b8819

SHA512
057d18f67aa95b54277c5290983422bc4431f9520ce233acd4f3af1530c960884b15f6856d8c15e89422b83641392dd7bd04405a7c2fb712f8a570a92fa1f2e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3cd285e89792a070cb360a0f1b48aff7

SHA1
ab5f45a70eb94dd951e211056b55fceb696e1cfc

SHA256
7bf4efec1fe1f6814e6ba52eff1692abac2429a2788c3cc0295e527ec102df5d

SHA512
ea7b663b362091fa3169bbbf659a261273a7c4331a1e89e62e87910483be255a2523fa0faa556e75772393be99e99931c09ea97e1398d816774830d05f9a60f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C9.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar90B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit