d10210bb4e685f31713579fbf98d20715bb14e8c89c2ccf6ab7b742bd7f9583a

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

665d8cfd29c81f4f23bfb324a359385b_JaffaCakes118.html
Size

550KB
MD5

665d8cfd29c81f4f23bfb324a359385b
SHA1

d26671c3d4ae9b3a683be7855d02bfbad19e5705
SHA256

d10210bb4e685f31713579fbf98d20715bb14e8c89c2ccf6ab7b742bd7f9583a
SHA512

8fde86a74672ae851f96d690abdc02c24159033bbf976aa7ba47e3db04f8032ef7b56b044a9598827300652af97204c112669910e73a2ddba35353105bb15117
SSDEEP

3072:wE+IpBxYUVUE9zfs49AwVeL5AmPTmBcM2mqQ17:wE+IpBxuf48LTG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{610935F1-1807-11EF-9A38-7A58A1FDD547} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422522411"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2956	2056	iexplore.exe	28
PID 2056 wrote to memory of 2956	2056	iexplore.exe	28
PID 2056 wrote to memory of 2956	2056	iexplore.exe	28
PID 2056 wrote to memory of 2956	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\665d8cfd29c81f4f23bfb324a359385b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
195fc28150bef9b30510eed36fb325af

SHA1
1ea8a314d8af1d431b77d5280d1782e9a8e867c6

SHA256
5c2e51ccf5767f80257a0a0bb66dee40957e5379431e15a118e7f1343ad1f6e0

SHA512
537da7e46d8b5afc796c1908042088c583c5380fb729f3665845fe36286b3efeaec9fa26475e9c2263f55b1eca04bd7ae26088a9a85950b2b7f750fd24eadcfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
572ce74ba9e3f6ebb167fa9963207f6e

SHA1
278aa8ba3ec53d91fec84d2529ca4248007d5b30

SHA256
17520108d1756f8ae26f0f66aa0b175d9f29e93339c4fdb67d2687906e3e917d

SHA512
fb8420b98a725c41301795fcab199e6bd8fe66bccae39b3d1c296058d4be49b6eb2dc5a48aa4f0ce62424c13cb16e0672af381f3834f35b25de6a88010e7a9d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a8a00b4ed8db3df9300a64995d5005d7

SHA1
7cc0e07e2f2276a82ef67ad1d8ceb9023ea5beea

SHA256
0c80923428c348131ce706fda501e6d17355eb44ccb92a286279bff6d31f972c

SHA512
3a05747f7a3d24c0b6c030f938bddd2a9b1352371d3c962971921217bef2d52c058d055e4e12651898c4167b953519203ce89467af982876c9cc1fe566cf298a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de24eb6c147693d136c7812a8a655931

SHA1
d05815658047f11ce51896e91dcf1234ca2c52ae

SHA256
02253e372bda63e4a05dcacd11d56551ef56ab282f2e4430aa85834397e1a944

SHA512
4fcc276361a7b516f7b7c7ebeef6cab787811fe1450147752b30020755824be04f0ab1c47e259bf0275e0a30c50d4e572823a6d72e3084e745af4260fb50dfd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5aebf971fdb51db28259369a999f332

SHA1
fff69518c4fad7cde69e927cefaea2b66827afa9

SHA256
deb5b24db9567a03f68703348beeaf226b0a5e17b4e5d469599054f8ae28294a

SHA512
3836949245c28a269b4d78bbb56435df4e19dfe844f16bb543cfb708a3cab473850995910a128487231002bb3b6cb61c304dbdc83d927b94684b5af3ac1db522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6f4d15637027025832086229802e4b1

SHA1
d32339de5ccab9d09e553fff0e939c696ffe6e97

SHA256
0989a10b656578bc0199f00ef11cdada6c028743b60ba5a6cba800baa630a223

SHA512
6fe2b7741469bfeb9ca168dee1e64f43c2cfc6942636ec3377fda398b453783231bdeb46c6c4be7f61640c32844b22446aa27282f0481b14852151bebb38d5a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
184fb0ecee7a1e9368c10f1f769b97a1

SHA1
bc74df3bb2c14e1601acce985b58571ea503f20d

SHA256
8e056a93179e4f478f89896db2562f66ffd8cb55d141386697747f1dfb876ab8

SHA512
578cfabc7f3fc051bcba41f953b04a0ba2c575eff9632967e6fac58ce37a5f875d393a1db6b968738335e3a0b6c25170f8db5ad34a49a5bb55083a6de7b7e0b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8d6228a1bb803a686296728017e18f0

SHA1
b92caf5db31e1aafeeacc0304c85a5505a67bcf7

SHA256
fe0e2c3377dfbc5d5a52a3c0c4780fdee25408aff9e762b5a391dada9c8332a3

SHA512
72792d37a9448aa5896b55c1b59dca688a28544d801168a9f6e20161f6abfd1b374bba8f5e238e920435efb4e9ad49e7e5535f0c9954ba7dd4cae72f623f1768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7228c1ec9560d5d532fd69e61abefb4f

SHA1
ce62a90b759ea3c0875355d9e668db7e6db35b17

SHA256
135d409e9815cc2b8d0f217f1487ed3ddbec7c216b7a19ff15f035dc64b5af70

SHA512
b1e5b403c84870dad1af875ff69f38c72ef38bc96d4e5b408288d66dc178d3af4e791c68a9970ed511837dfc6857f92f90ea0990909f7728d53cd914d62c8f9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
916d680e5aaad7e8678021a2ddc95dc7

SHA1
9298fcf34238921a2d2c43e91ea56fd1361b2db7

SHA256
c0d80b02545f9e4a05b027960c9007edca007802e84375b36d5018aae285eea3

SHA512
356f9eea553aafbf798fd8e92c76c3ae25a20cf11b6949be3296bce72d6a51b6a71c0da8718310591b50fb0b0c979694a1d8e3bd980580bc2492c8ec3a1fab7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aeb3d343288d617460f15e36b34f7284

SHA1
0bd8f2bf18fc704611adc3f52f3cc51612e7e44c

SHA256
823b586149217f07dc43e942998bee29eb12f130018f7c36111e1708d1142a2b

SHA512
35b971e0278e884d1b01431560fb68808a1788bff34422cac54988e5add8c3dfa6ea0e55c81f7c433b8257c934ad4b8e3460252d9ccde59f193cd151f86d7fa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21e354322a00d4662d68fb65df682a70

SHA1
730ddb36ab8f7a71f25e87c1eee38607757cf00c

SHA256
e99c7d0ce1b75c75515256816390de2d68d5c71eb43e9572a2bcf941f606b173

SHA512
0b35ca2a49b49b8daabba48bcbf706b1c0e8989fd1b26eeb919de8f9975f7ca0ebbf241ce5982f4c3eb2473414c845dd32fe9868376a898a01e9655ae97b014b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3549c23c9abeb489a5dc46eca8fb5cff

SHA1
e38804907fa51eba4bc3e982b372ed18cc67363b

SHA256
e8cd50c36e1c19da56fdf6f36ba4373d3ed5fa27ecdf704c243b15e5cc7e898b

SHA512
4f87c38fb325a04b0d70833a95f1cbd9057e93a83323a0c9d01630a0d85f8bfcee5b21e2bc608a21fc42153edce82a5d5315650b2b12cd3bac10db01509937a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8de32d688ea007604878281f09299400

SHA1
11afb2435ae7576b61631bf6d17dc362466f4aba

SHA256
86a663ae5d6564510875303c07b63922e1b6684bfe99f642d817ba3807f75999

SHA512
916447ee41843bcfdfb50ff906494e71e59f0546b36b0164d7712a1b2e5d81199c13c4858f6a5a029dfe54f829b3d5ac86bb28bd602b7e62a46e32a913a1296a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73a8a270d2451383d89aa4257399b3c6

SHA1
ee7956c7606954b0f810fccb6b15075864a7fd91

SHA256
1f4dc77a84049ae435a5322ed25b2482d104e2e005868f071dd88f8a024699c4

SHA512
63b58d17329f1390aa96f840dae39b4226607bc880e5391b7a791416b8ce78badecebf14fd2d782d940cbad47afee319ae6abbb1db272c0f949cffef26a9f6f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
b5d10cf174c1a728c4819a19da37d3f1

SHA1
c8a4158ce4b035a5f2038201ae69847453256283

SHA256
0a751ac8ddc8f334bde4f110a5b9bddeef6bc7685f5b08ad8b429bf9f902ce1f

SHA512
71dfadc8a849daeffe6fc33afb9ca1432a727b58abaafbb64f7b9d90347395ccb84f382d3bf2c3991b01945d8e50d95e79932e5571eae38c5c718b20479e2251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
41ac6b8f2d48c6433ffbc0f3adbc50e4

SHA1
257d9bc0311195c570d2a611b283ebb44343590c

SHA256
e83cb919d723abe52b51bb48f55d15dc9b19a9184ff12788114c3d83b63ab7de

SHA512
bbca7382f17cff17350e3139176d045ab8346da972beb03bf8d45b90c62aa66a26dfadb846fbfe5599b1d5ed712247ea17ab150696d8e154ca553b36ce8f1147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\cb=gapi[1].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DF5.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E17.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit