97bd140cf48c2d35c87c3f62d7056c0098102fe9d558a30d6ade62b1acc859c0

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

658fc6af90489a075d77f981d1b4570e_JaffaCakes118.html
Size

22KB
MD5

658fc6af90489a075d77f981d1b4570e
SHA1

f4498fe023f3d84510a24a671d74946478d56704
SHA256

97bd140cf48c2d35c87c3f62d7056c0098102fe9d558a30d6ade62b1acc859c0
SHA512

202b637dbf52b387fffbd701968001b99111e1107b605a9ea8db7ed166fd248b67261b2524b450bad3b961eb8f4533dd7ab4550c9c1eef5547279029ceff7791
SSDEEP

384:SJBzgq/THjBa7e6Aw3jBz8FYd7Y1DvfY7WW6iX:SPzjBayOt0mkNe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D0C3A21-17DC-11EF-9C59-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422503993"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2072 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2072 iexplore.exe
2072 iexplore.exe
2300 IEXPLORE.EXE
2300 IEXPLORE.EXE
2300 IEXPLORE.EXE
2300 IEXPLORE.EXE

pid	process
2072	iexplore.exe

pid	process
2072	iexplore.exe
2072	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2072 wrote to memory of 2300	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2300	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2300	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2300	2072	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\658fc6af90489a075d77f981d1b4570e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_99093FD26651C4B1E2ED11F785F66C14

Filesize
412B

MD5
e9493c3aaa0a92a410a7ecea9dfd506a

SHA1
972f983cf4fc70d3c5b3cdde6bda01604c3a20f4

SHA256
ea87112155e3615285cf14f29d1a6ce58e0279b1ef92b73a21379507d4557960

SHA512
9f16e01d5b1a10633d5130d6fbc36b9eadcccba1bc608579b4d8aa0c16e496134a02f214b6a6487045d27d0f792193ee96fc01c1d774a3142a58a7c8c0bccd88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b0ad85cf4e65989f0626e9baafd23d67

SHA1
165d0719af807e2dc057e5d1934099b01f5e4b6e

SHA256
1bf83249de232994b5956db946f47136b143957ebd90115d0bc9cc5f3933572b

SHA512
47ad02c4ae4dd793cdf5323a50818dbd21d69cae95d35f751c6bcf1b7327adb2a0baff78542b94597a423730369e586f16961751b7f18c46f5907c488b9c7ae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cccc7c353bdcc6034187612d45c4aa3a

SHA1
6f75a22add75fdfa11284e6faed9e22b4b691cc2

SHA256
bc10e729b085ecd86433eb5874ac8bcd5aac1f1cabc9c5c4c94670c8f1d7f3ab

SHA512
60368a2906166c7b9660e44757702553111e528be549eb185f6e7b30107cbe5005b066c644e715cd8524159df95d11aae7c314aab7a47e9d56b41aa5d418d728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4ad7b6debb5ad2a0f488b993a08d000

SHA1
a201d73bb95222880fce17c00e30c6b4e150ba3f

SHA256
dce81293fe98d38258d4ef57234f6d84939b3bebb7cd9034c6da2c7f836c135c

SHA512
1b1289b12a1e958543740bdc29a4be1e2454329f510f3abb26ff830c408977bf07bb4d4ae077d4e164bab3d6579e16b65029e5889e43ce4c09bbe86b650786ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d13ff3124102add17c250aef123efec9

SHA1
b67d59f30b0bd9072305aaf9bc1507808070d5ae

SHA256
ed4e3d3c64b0f941dabd18a782b6395b4d170e1d3a353522b85949ccc4f584eb

SHA512
613e9d2fc99136200746d9385eab559738023387517049658ec6c5248eb2e48a832dfda005edbaaa0d58ce7ecb3d1b6238103d64e4a125217657d20e5e61443f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17fa6dfceba8f96c339dbe7910801452

SHA1
a9ffe4f32fd8b696d12bea1704dbbf57607a105a

SHA256
acc77069faeeea89ced04c71d205afedee3b7c920b1af1dd112d5482c7875ce7

SHA512
85e63553193045273bc8cb0a89cb129034d4e76d198dff19174c404552206a66f5c35eb8fef264a65959b495a6926ffd505d7bfc58b21e077f763bc189f0ddd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6525022e0a777a8c0265eb1f5f2aee0f

SHA1
09f2380b79303ac0afdb52ff1443748de67185c0

SHA256
36c81bf8f6f7bee9de5d16adaa1b42bd915aa8710fbf45dabef8b9e21130ef8d

SHA512
699440004dbf01fa994d11b9375ff370fa19c6f894249db65ef2cbaa948c3d137823a36a170004d4fd87f9b746af809afabe5a58f6166cb0907be6c55b1177ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
101a178a7421f95ff403b37ec7462c5c

SHA1
c594502d7298d0903d91fe31fcb848e1733eecb4

SHA256
9af34f1c4bda8e4748f5707c4c793ea2054d476e709ab2e6e366878c78fb5565

SHA512
d1402c97e0f122b37f91118916dc8415f32624ccb24dd50a54f62a5a3598839b781e9406e7bec8bd8b865abfb1a157496d81b909843388bd1a91b21d362e40c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
817953ddb089fececc64a2c4311a7473

SHA1
3ac9015eae408f2bc504204124a130453b4ec7d2

SHA256
31e2a68cc2383060785adae66fda95d4bb87239b6a5440e292d673599961f454

SHA512
94091d5a0181871acf8595b3ab73e58d405952cd9453854ddcbd2fc1bf46094991c2cba4202f58af8c99cdc0195845096375805142e01159456d69ea3731d686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7afdd1e50f0c5f51a5c713cd228d25aa

SHA1
06f762dca0c72f8e4f8f9765b0ed5f0deaad4b88

SHA256
dc1b7892c4ca1406346fb7e63b571b219565b741366eeaafa49d423a5126ea7f

SHA512
eda5223347b71856e3bdb2f14dddd75ff4536b8fb54f8960458a41d316bd17e9d53f9729010331c657ff01b1d9e1a5930446c63cdd71b82cebdc543a9852fc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b92081e14a0378ead6111e3e9ed35f05

SHA1
8e57c698cb226283ef604da9e601fde316098405

SHA256
7463d19b51e39c46e5a9809dcac28ce84675c5f9f58d82a3d1007c53b6971140

SHA512
4c3d91304908f7aa25902194c347559221241f143b216d0a5e84cd25e134f5eff6fdd45e16e9eb0e99c6268153ec0389b223d5257a6638cd7dcf47d5106f5285

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
367f371296c4298bf37e0f2978aca5d5

SHA1
65898adad0168c36eb15838f7820054f28a5590d

SHA256
85e8e9421f8979cad7951805e075c0c6fbfda0ec386045ee86360dad0ec283f7

SHA512
1917d32d11420b73faf7aa005a59c20042a6194abe902831844c2cc7cad44bbf0517f5ab2065fabe6ab06907ed0df1a9aea41e40ed199eeedf8ccb6e29fa8c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbf3fc580861eb40a64ca9aac1f116be

SHA1
3029c5ffc41227e8fb9551acb88cae2753c4ee19

SHA256
d64a22c338bb9f64f37b22180d39667bf151bfb2558e2bc64af1240816421f39

SHA512
67ec8ced8145962e4e358ee7dbdf1bc5313ad0d02f16d67427a3093315915fed9d55139c38ab7435b4316224ec2fcb061110b45a088c98b52eea7ecd05fa7383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1029fa8dccf4ed3cc41c39cbb25fe4e

SHA1
9400bebee793f3ad73acb63b499e30b4349f82dc

SHA256
9c22dee00c579efcaa16ecd4bceb8c151ce0f451a875f753aaa535a12bd6ee25

SHA512
decd8d7f89a1e5b553aedfa0ba12a34720dbb06693ee43ec4aee6f046660a3663329dde476c7dde8954c2edb3b3681e35e563a31af37056dc72585df8889d16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76150904ec797c1a56935d59fd62d568

SHA1
52983bddd8b2db712aa2f35e1a39f691735c10ad

SHA256
9aa33564238f79cbea40ffefed3edb796c330cd1620729a40ae63e70a83603a3

SHA512
8bdcdcbd0f6f2d417733745055f51910907ce51ca2cc086fa02a10ba21ae232b8d91e66161cdf6255fcae76da93e0a9029f34df67bdc3dc154d2aed81a6bcd6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
396B

MD5
953861eea14493d61f997a999ad62744

SHA1
2b51ce81d78690fb614f3e92b176597fff55600e

SHA256
ae97447567fcf962fe6b48b6c198a43b2bdd3589a891f140d84f90c9d5d73b5c

SHA512
0328bb52e24dc9dc5862ae8648e4f556d6a04236a95c0aee497a137a3490994e52946e764e52af5a22e202b7fbc9830cfbb39a57beefb77e7090491d30f0fe6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cc05b28016c2ac8bfa7965eb11eb5a65

SHA1
4be2b9bd2f91f2670d948dc71db8d2f8467f4f44

SHA256
24e4fb2ff65023e15270e096614eb490590a8d22533935f13c4966f944ec5d9e

SHA512
620c6e4a33429959ce66d99693206bec94ad7efdc5d0d33a1f2024700da81bf2d45e5a4b7a3994a284067e05b7b99c3297df94c7cf91f66e0ad595d25fb073bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9492.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab95F1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94B8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9615.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit