277157e57c1883b7e61d158ea56bc761833dcc4fcac5d9add8755f114635eabf

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

654aea12b5b788b90be7774147163a6b_JaffaCakes118.html
Size

51KB
MD5

654aea12b5b788b90be7774147163a6b
SHA1

55959965f6f122534a53fb5ccdae771df678b3c5
SHA256

277157e57c1883b7e61d158ea56bc761833dcc4fcac5d9add8755f114635eabf
SHA512

e5a4e0b216961a4e535b7ee64692f484ded60c4a068a894e588d1ad0d5d2f8ca8e7ebad4981c247a56d8e6dd20a13e228c0300223b739de811eee56db434a094
SSDEEP

768:Bh+Wv4rTn27Ww7TP3TzKPpcxPIshYp5V3k/b0NVGZQ:Bh+Wv4m7Ww/3PGxlc5ZQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422498298"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C8E90E1-17CF-11EF-B023-6200E4292AD7} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1920 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1920 iexplore.exe
1920 iexplore.exe
2612 IEXPLORE.EXE
2612 IEXPLORE.EXE
2612 IEXPLORE.EXE
2612 IEXPLORE.EXE

pid	process
1920	iexplore.exe

pid	process
1920	iexplore.exe
1920	iexplore.exe
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1920 wrote to memory of 2612	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 2612	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 2612	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 2612	1920	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\654aea12b5b788b90be7774147163a6b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
72d4880bc5c5e75d2c69ea85932f6015

SHA1
ac33593f45a034fef778aa22b0b93dd29a6c7366

SHA256
7e576ce866607f8e6802355e09db9431853bd6568fc239ff4e3308b4edc06b6d

SHA512
ba0976e2b8652d3dc71558e669ab450b793c49a61aa01a1b0b4dfe9a6c8bf0ab065548a314bad955104be5d5ef6948d959569433c40c69b01dd8b3ac09fa36e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
6f78c82189354eefda54e26116fa17e0

SHA1
2033b822b309c8aac2898766d3201db89885d703

SHA256
50788f1b1b8eaa6ba6d5f2d206573128e10a403290b907969f892d4dd0f47edc

SHA512
7a5cd6871a6c84c02e148ca44cc1f56048b195bc0d8b5578aff2e01744338b65eae36530fd97346432d9ada97dbbcf655a3d598630753d007f10527abd47e5a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16fae649b4b660fb57b7f6259511c1bf

SHA1
f47ee9846dddfc47e1f585a5b5b6fee494113200

SHA256
48fde4aa8586e43cabc2b1cddb4948e4f2574e360d25bf52891280fa8a4a8238

SHA512
4c3fbe07adcac761cdf723a88510d686756ce425593f36f71d48b1a0d58a4b89890d23874693655df754600c0950a67df8dfcc9b313af50e96ba71f2681f7d41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b94243dbb06a8e21e02e9e4c516cac13

SHA1
144dabca097ff342181a38c29cae8329a96957ce

SHA256
6f0f0870c2d81336388558e595ef4c614d4920d9032d9fbf3caccefdfe07ac76

SHA512
2a7cc8e9c62030447eb7134c6a3bf7a6999e3e48772711d2e89771e4a0496ca7bf3581cee83e4e291211369b792c0df0391431d7f0e6060c9b716e9a31570d61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a68d1604c539a7dee893f58ba55cb411

SHA1
52b2a97b2488e0bbd39176f6d572781161ddd9ed

SHA256
4e5bf439887520401f14bb3d3fa9e870ed51abebf4855198819209f24fba5ea8

SHA512
52147f18c7b410185c55a8e9fd8b63ec57eafb2eb3fe08105a36979b103c28802bee2e256bf3f3c2cfc59255cda4762bd6c7ea1365e89e388b37fd0f6ac13e75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62f5d49aa5b3de96fd82862c7c6f92dc

SHA1
e67e56fca667a8350e9a2a363f23e48193152656

SHA256
4f7eaa2bae14c8d65b971e623c9e7de3741c6e9d1e5acc5b1d6d2cdf31c9a2d8

SHA512
a26edd4092bf44b805e05a13fda7c4b3dd63d88744fdc0464ac54c49de497f3432be9c5a2ebb35616d7bd9b6beea26875fcf0fdddd06be96c26704597fc05038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53cae3efbccffee1b460e549a143e54d

SHA1
9426aab8e68069869fd9df980fe1936fcca64b11

SHA256
20ec3be0c3e5476044417def3e6c7b12c1a32de7feab37276011af2f3da02152

SHA512
584c12f5c314c331338b2e32e91c073d968698c45e11380837f851e1387bef803ef368b90b3bae2f68c00900f1e9b0da38f4a63ad1703a74d343f8d324e82f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
153c0ff226c1f18077651e3859475f5e

SHA1
2f3a6cad7fda7fa8fccecc06e85d5d40aa0dbd77

SHA256
96a538004624e531eb922ecb82dc0deaa00476871f3037192d30c544dd3bf8e9

SHA512
982b84720374bb84143732007db2ee3c91e6c277c400d9e95bd8a388fd05f742282df340d42f9a5252cbdf0ad6507987951e2a76b386b26cf14c0fe20c59f3c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edda76da7c37de7bef25700d33be2150

SHA1
8784aabf55daefaab27ccd801c5fd6cc9dfa1c50

SHA256
1e86aaf9f55b6415bf74d7a236f28e45146b6a9c475bec9affb6ee860de87513

SHA512
dc24fefbc5484a7e239236600d672390e9accafefc3c6050580021da3b4209f63341036c7e2e7845ba3b13b5f20f00137dddd253206fb0efba46911be6e6b334

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76699fa8c133e03db0bc046343601d83

SHA1
c1912e2f152105843f8200c4e0290210278bcec8

SHA256
d4a2cf4accc05b7d47c1b4295fe58615bffb696ead96c26fb0c9a12881b474ff

SHA512
c80c5a48d3542055ee4c9c475896091e2b6f7712201e0c16ae5b27117cc1a23dd6076e6544e294155c17d769e1c72e32bdde558a30e7d816d13a1fb1061b1a2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dedf8189801ddb6a8bb4d4c636eec747

SHA1
d597027d12b965b4f50125fba7075ec8a13e673e

SHA256
76b5d4949853a1881523de2012ddc0e2980ea62535897bc78a2e73c06e01be12

SHA512
dc4704116ec1b93c7351283a7aaab1d9f3ed2f197013992283595c1148d2e3e6f2d8113052ed0d93bdaf7a08b5d508e1a9108edfe35fb0ea178d188f35202fdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca098dc9d694cabdc4b53459aa437bce

SHA1
e196b31a7c43a9d0aad05eeb33456b450451276a

SHA256
ff075e2b90e98a4d00658c55f158f2434dec001326c5a5339f45013270dff813

SHA512
a1460a8d56f847211aeeee2ffc62d9b351486029269afaa0ea9061cd282b6f40f8cd517b7a78f82ecbd26db3faafaf0a3c857b94fc7f8e9b25c707ce2efc8429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a06aa42db0de07067569007b893c489

SHA1
ce114bfdf3781316ce825fe3dde392c1cc4f94d1

SHA256
7b3484523a983471b4381cf062e389593a1f92b16ac427d62c985cbbbc12d5c6

SHA512
241e793f75d879b1e25d7b7ae7cebb8f327184710a9d7bb54b0a5e26ba355bac30c21cee0442e98f0f58ecc48216cff2f6f0aec90bad7ab7c1426fa944b930f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78862599e3e3292371a38e768f744f45

SHA1
ed86e4cce36f84d5744cb9c6cfef6c9e7d8c190c

SHA256
98ebebc1e3701a0dec218600225e9b343a110b50c8e8d96b626f468789ad9b8d

SHA512
a40e32acc84197a946f88d7c50e2b9f59683146dabdcae7ad58d21eafca7d606480dd689fed4359436d5333d45cf5e68725267bae8e779d976f2a44a442f9bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6e63da7dfef6f6bd73abe3f2ebcfa5e

SHA1
e88d56271105505b62b6d2f1ee615f86b61a4a01

SHA256
0fbcfcc824292dc8aa55767b760e5752ac3a211eb3205d381594b77eda097250

SHA512
0b958b9e0fb9d2292696a2bb1feaffe07cfcad0ae2018891ac75d3863d941bed9d4b81854a3e715f173423e20c5442ffb82a9a2ea12d0be88e38c420e3d73dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bca843346e9505ca34433c92cff1b5a

SHA1
3c650329128d8657a770a9cb13af640c4aaa3b61

SHA256
15a8b59c7a5cab8b749b31fb2c8b188dfbf418798db526bf39581b92ec15db40

SHA512
dc7fb4295e528dbabe4950d121e644a9698ffc96246d7e4af90ac0f28f30c1ffc078a95297d30fcce3883da0057ad454c5a32346ab9b5b9f900ba67b3744879c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
e2d168a7434420800d1f7b0537719e4d

SHA1
2a9b4a1e843a24ca200b31669d90b8a4e1aa69d8

SHA256
39bc7ff748bb289bf621e3950ead7e4a66fa89dd18ecfff5f17fb3c861e7c4ca

SHA512
1d0fc975b957b68c14b9376e67f4d569fb474263b87f8de7af2a2c90d946421e59575e187289a7830604bb376670dbd0237824a29052abc64af3e1ebcb3f3f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
a298e3f42c286358b4280a4022343626

SHA1
e8f1509f2acc65582c15e7c05bcfbfda0f44c2bc

SHA256
ec270a8c1b13565283c82dbabd64e58c5bdc64d73eaee0051431b1ad9b9e5a74

SHA512
ec6d2620f1a6c893dffe91f30bdc5bb3f1e936b56f87a9dcbabd161ed1f3fc5fdc98f40128d985464a5a0809b598c2e8426477c111f0718c426737108f085b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\281ea2f4fea937a3d0014a5dc3ea3d88[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16AE.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16C1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit