2753305c4aaea134be3722b53bdc7fb59b5bdab0bb25c280e6cf1858204f3e85

Analysis

max time kernel
137s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

660f159185b43542eac237c7306b7dcd_JaffaCakes118.html
Size

213KB
MD5

660f159185b43542eac237c7306b7dcd
SHA1

ee95e9cadef898fb0b5c75247bca367d77ab86be
SHA256

2753305c4aaea134be3722b53bdc7fb59b5bdab0bb25c280e6cf1858204f3e85
SHA512

8ac6a149705c7872fcfdb616cc4efec284d31e6f3b4fe825acf16a52bc0916585c8b5d7a7c70d61821e82111ba1f6e7f5a6598d0590df0171eb7452249b5ff11
SSDEEP

3072:SIDLvZgYsrJVyfkMY+BES09JXAnyrZalI+YQ:SumfAsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422515378"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FFBB7E31-17F6-11EF-BF06-56D57A935C49} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2032	iexplore.exe
2032	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2060	2032	iexplore.exe	28
PID 2032 wrote to memory of 2060	2032	iexplore.exe	28
PID 2032 wrote to memory of 2060	2032	iexplore.exe	28
PID 2032 wrote to memory of 2060	2032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\660f159185b43542eac237c7306b7dcd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19f17609c1fb5265faa9361e12faf24e

SHA1
e27e526403a7e5b4ccfa2aca141f983ba35d0381

SHA256
50603a752b72bb711ba70eb1408c907857a01e16dcb39009b71cde0500401b0a

SHA512
9ca65a2efe480385998fa25e5f98c4556a00a2e5291fdd954cef742f1e61ca829b317ec6e0d75bac6f1a8712e8f0d01c430547500ec58658af28c582914f9efd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4393fcac0a4b4475fddae20aebcdede

SHA1
16da88444be1f065fc21faa19bb4fc902551e646

SHA256
08e6a1c888c75cd68023619cdf60928edaf207ff7047ec7d0037a46dac6c4274

SHA512
cffdce1912a1cad7b5f80195592f90b5aa4b7b3f45e80bfb72f316957d0942e2a449b32415ac3cb838acf426c38840f237f7bc8d7714d83fbb0b721b5ec01e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5aec9611feacc4c7a187e026ec1a8c1

SHA1
80b19db5a8a7773d67ff5a45a5cf0b197ca49331

SHA256
a0c798234a87934f74b2108979ebbc2205e0300f52e8134bdfa8af4b7ec0b637

SHA512
647ee6bec85653ba57c24cf46aaec7d4c8f6d9fbb258f34ec8b120a9edb713b42e8115c6064cabf0cc550e1cca48946ad18bad1c88e3716ee9b445d2a91839d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1634786443de829d1b6d5bb952929bc6

SHA1
226366703d58ae96e2ecf52a7a255dfbb8b7730a

SHA256
0bdfa0593e984f4e136c6d4b37e4373ddf6541322faac95766f6515fef47005b

SHA512
239b313d445b38f1809f215b3a569d2f4c24f5fbe2ae3acb151b7b0fe9359b9ab3ea50608cd5cd5118283aea0d6ac06cc28f1bce0c491d169f518b1620ee1dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70a71d79e74485a3f7ed9b47465bb4ba

SHA1
b98d74d128f1dc51e1fb2dec4e9cfb8f603c51d8

SHA256
8e71fc0e737dacf6ce641c7abbeadb033cac03dbc0c9e9dfd558bd613aea0140

SHA512
7968f8fbd610757dc0fb2833ab4219869bf5bca7500382d5317784e39b2d175d4f2860094d48b304d2ce382e5daaacdb546f2ac18f688f43e0ceccf5608eb32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b07fb7a182031214077884a2791f50c

SHA1
bf0f6816fbca6c13be4e1569cd83d1ea9d9bdd93

SHA256
314fbb04180063086a3c675d6c030520760ba84bf0fd7cd91699d4270394d342

SHA512
2db56b3953f84722c1573c6fd6591fc8250874c8bf690a433998030fc2e5b5f03e4745f14daaa02ad4444e896da3c65111ca3c5055e810d097f409a0487061b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
963240c4d03a82965964c89fdf9a507f

SHA1
19098b01686fbd835961d484ae7ce6ce01abf903

SHA256
64c6aa9d74aff29c56c52d9cda423fbc4500260f6df3df67773eb50c9482bd53

SHA512
5c3ef81bd0f30bcafef0066a305ee526061c95427b9cc305cb957762aef2d4ad64901f9a606bf312915c812e7dcb5912c70f3fe29261cbebcd671bcc54f68f8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa005af29ae2ee0b8ab2d6d026dbd4f1

SHA1
94a97ea7abd716d721f6626f2cad37842464f50a

SHA256
4d369a770052ee971c9f95058d1d5f80bd674c77d2b7139a482ac9f037f9191d

SHA512
8013bf8aa16160e0a1665bdefba506b8b7bbe5aced4f30ed548896a7252108739ec33b9fd9bb09468b928cf8dbc324652d59a75fc858bf3bf2adaad46d93e517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f2a442341b057ad0178afb8bfc17c3c

SHA1
138d74370ec2533fe7ac87b5d9640f420d008526

SHA256
e4ac6349d92fe86e0635c3b2c308f1df5e80aaa84a9945b3badfe314fb461902

SHA512
a6287c57c8b8df8d33936b5baa3bc68ab46cb9b55cc785127dbba978e70026754e970e5bdc9895483a10fb2d28bae8b913c4ecdf3479880be9a1b0e2ffd3dad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffd765f5421cff6f2bd535ab18293caf

SHA1
83843d99061ea2db797567c308b7ca9eb93fcbea

SHA256
47eba6d35342cbc4d35b53ef87aacd2ab749f36b3d9306e92e3e86ec9609093e

SHA512
fe0add9f1380fddb20379f2579c304adb3378b3c90f0be2325bbe884ce4fa290fafdfaed7a24ce6adab820bc5c24da2010dd8d2d3920b58e96264ca0b1efcaa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c75cfa4ff2a8b74a2178f6f91a13869c

SHA1
6a216229e5279aaf636b6411e0fa8a84eb1f25d9

SHA256
56c3d331dee662045648336c4e0c956309964d9ee1cf3c4fc117c6caa4af24f9

SHA512
63ce641946ff8e069323d5b906d1ce93652146d755bb56c6f768bfecd5a1fe207f968167183cf29a0228ebd06e21f7fb4362c56d81c2f1fa8581d00a66f71c43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4099fef9d4b540b287d4ab3614947b1

SHA1
cab0bc6b1e093358aa1d027d47284e23d7816610

SHA256
848cce82851c62424c5012a2b8335b47164fe3118a72796f293dbf4f03e23717

SHA512
c9ec563faffb2e8828a71c526854969ae5b108d1c6f1f0db3633fc0ad8ee27ac85a4b033a8b0aac95ae8236b5cbc6201b0cac00993a18461d692cf568089e10d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
183ab9ea1e82d77cf2c3418fc611cd59

SHA1
4a669dac21db8f950604ba4997bb9d2a1fb6335b

SHA256
efa56ffa3df7c770110c3f0eb7ef4f9b2dea39a9240aa1daef307233334095b0

SHA512
21c6155618c51b49678acbeae2841b0af3c944f0ef26a22e41638a3f93df453f77d7549ed23863c16337fa59de29007e2f17e0207103eb05cb083e839747e01c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab4520096a5b030487c2898d015bf194

SHA1
c0dc7688b31d4f09213c6e33d5c02e50b4fb1181

SHA256
b4a97cfbb55055decf98a358c9aaf13e49d87f3eea437ca0e4b035b4982109b0

SHA512
22f3529e46dc03443097ac43d356a725b701e5606f6072b7f34bc2d63515769e0df9aa9e91dbc222b1d8e735639f61f7290e1cb637058883dbfea6b328d4bf90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1021fbcd607441242b5eb1a2c75deef2

SHA1
e0008c5e5a0d85f1fe9411e366d84b1b1eab84a0

SHA256
97e57e0bee53281bff8a1a5006448761e9d88ede4ab0b211c4d0842cc8107dcd

SHA512
2a6513ecd07b72d2026a250b4f369399117befa444cb983eed8f713bed4b3b0dc317803e1ba8a6e61321f5665ec42c0599d336acdc84a877d88cc5e1ec3b7b69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cbcff2b62960241709e9b6812fcf4b1

SHA1
73155280329bedb4d535ca982dd2ed02c48d1a0d

SHA256
886c56c1daf9d9f9756e5b34482d8b0ab6026720dfe9957618912ed304fa5baf

SHA512
1a77e72188053eaa2170252630999909278e6fa34abfc78e5fa6b3f30d4c497133a56575211a628085443718045143aec028ff9948c9076296de9db0f4d68482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac71a1c351ef3f6b3838d23107ea3a7f

SHA1
ee536c976b2cf02f58d73e5ff2961221db4beb7f

SHA256
3811717f176d6f1f69ac607308fd39d2a546290250e7fbcf00d9292ffe226bb6

SHA512
ad65f7a838f9568109d7adfa3cd09a0b7252486b781cfcb641661b17abdd1942ec2194866033344ea09ed61f5ed88b6494da6b41c71337d597e9c5593d67dac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7532.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab763D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar770F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit