7aee38a4da4cf3bb61819885766ab48971041e7b60924f5f130b79592baba827

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68aba068aba32bef0d9951c44fee1a58_JaffaCakes118.html
Size

102KB
MD5

68aba068aba32bef0d9951c44fee1a58
SHA1

c7a90ca875b6a5a6498b75cc88dd04ec5aca9947
SHA256

7aee38a4da4cf3bb61819885766ab48971041e7b60924f5f130b79592baba827
SHA512

116662f3d76f484baa7c16fd93d1284cfa8b0c4f44c952b603df8b8e080073fa2fa29afa1158b1bff1e92e96b47b09b7a86560999938e51a1fe7b85d5c0082f8
SSDEEP

3072:PBnVO78UwpTXGMOPYPY6/rpKSOgr7N7iuc0U7:khYPY6/rpKSOp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422574620"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF766911-1880-11EF-BD10-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1900 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1900 iexplore.exe
1900 iexplore.exe
1796 IEXPLORE.EXE
1796 IEXPLORE.EXE
1796 IEXPLORE.EXE
1796 IEXPLORE.EXE

pid	process
1900	iexplore.exe

pid	process
1900	iexplore.exe
1900	iexplore.exe
1796	IEXPLORE.EXE
1796	IEXPLORE.EXE
1796	IEXPLORE.EXE
1796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1900 wrote to memory of 1796	1900	iexplore.exe	IEXPLORE.EXE
PID 1900 wrote to memory of 1796	1900	iexplore.exe	IEXPLORE.EXE
PID 1900 wrote to memory of 1796	1900	iexplore.exe	IEXPLORE.EXE
PID 1900 wrote to memory of 1796	1900	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68aba068aba32bef0d9951c44fee1a58_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d2f9db8fe890fd9f9954cc6d0e3892c1

SHA1
07eece6baa38252d8f7887f1d7244a3ef2fd0de0

SHA256
7de12bdab689ce9bc3118ab30a201f16ea6b93d4485ab3da4a39f464d92189f7

SHA512
47e73261e37563e8f39188088d4cd0f45c64be3534e38a01f10c1b91ff2f8d8b6439dde955d59a531a507886907a3a9fb8f020653c350ecd2971b77873a77438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f292f2b564305f30092814415984b4bb

SHA1
34db9bd5ad3c9bfeb0a2073b9f2a003dc097291c

SHA256
d7e846a5da82f72bdc14ce63465447ae409b283257cd44270cc32998197bd342

SHA512
40b12bf4615a3dbf2cb63e230c79b7a62ba117f48057410f41ed50da085cab0c039a8d8e9bb616499ac8e7c59772500862026bb8191b4963e8b41e3d183f308f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77f2a3aff1a6209649920d5316fc95b8

SHA1
1a697f2f796c36bc294e3053a09c85014ed4e66b

SHA256
0e6b914e4d2349d3e16c43b4867d08d9118ffdc9df609a1785baadf705184d8e

SHA512
cb109320e32b6e9df64f2adf7534323009eaddc65a73727fd624c87ce01c017b535382c9b96347b8fc1a83ee90c2b2bb34c96c4e25f56705f6e12f304c6f7d6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fc4c22d0389daced8a32c4191f167a5

SHA1
f8dd1fe5e21b3d1793b2b22400a6ac9faecfd606

SHA256
a4392c4db23ce149ea35c82f96df6b4190b0144fda34bc74a5c84c612e159835

SHA512
38b22fbcf705d6fb48fe21f6d12e1d2da5d43116e6dff26d12d1381be5aa1531febd8a3520f604d3070c0ac8f3a4ea308818a26eff2f55b3d13dcb8ddc55b4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb99188b304fccf970751dd50effa7e3

SHA1
971ac1c7d5afe6a66f897becaa4e70236b943e1a

SHA256
ff649d60b6438bb76373e887c7c4c74f0279722ff7a172190cdf04a6f7056985

SHA512
d4ab70dff32c8c2dc462d72da01418cb573900e7d859f7afff6e6fe603ce5be4c0b1d9063b3f16855c3d90f4785c6c39791e911e5b7be8b2142b8a542ca8cca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8576207a4f2a2cd9dac97f81a719bf1f

SHA1
3ae3f01f6f91534cf653fd33e89aab4a59fe5b69

SHA256
aaa762b604a24337386308d9764685168d269204c133888fd80fd25dbb26ce7a

SHA512
84da6e8444bd7b1ac48f698c079cd0f9089559471fb6434228452621ce79931c78152c507f0be17de0d6f25d04b22305d9aa488814d98b23fe5781fc2fd2ae54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49d83f79c863f549940afa0377f74ea5

SHA1
e0d99511b8fc7a6c04bcd094895b566975b06c80

SHA256
2c78a7ca0c695e5521ef80acac032831fadbf79334b91bf11b4a64f8c89a6a14

SHA512
0b2d38c70c67e3c8bc0cfc1c1d34b9a8f9ba26f425bea0c6934c298fa8335649a1d8c516a92f8c70cead7b0912bb6249103a10ab490dd565d55debf9c4d78baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad27ec9f6ed5070a5bcad74341da52ce

SHA1
9ac30e4714586fa6956ec3bf5e847d6144290e82

SHA256
30f02962ead3d08fe3d957792a7dc1c4e90be31ef8ef49807dc95dcb048f51b2

SHA512
1466b1268fb8f1d78e592b3c76c2f6c9caae4b934c39fa0313966feff8f65667aab518fffdc194ead81a4cb06330dc7b2d97013300ca68fc48b808a20f4ca14d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e1c389aefe12cd8cac2150ebe55422c

SHA1
f6edce0d5c19ab96e49e857c2d12463ce0d9a80b

SHA256
8c71d65e26cef705e8a2c263710dab3aef62698e90b70fa4ecd2cd380907825e

SHA512
d78a724d0b5765624bc252fc977e2c71d17cb8a0bc38183b014f52fdcdff548e4139bb68d40e50e66abb031470811f4b1b5365426e61d5ebda267b4299befdfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31ff5da008083d79821c8a39d5d9a41f

SHA1
e829246e9e7b72bde4b87bb61be0d2841fac6fc0

SHA256
d74ac480b12bd2c76ded9038b16518e1da9d479c257bc008e945ec878e3b451e

SHA512
e84f78d687ce92cc08bc767b4f527c2974b98944aacc7953ea6d867ec75b8a63a305259e4d50d881c0a8011e813aebc9845046d673cdf8894ebc4999b2f97a47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ec18311129af27b636837517d5c8d35

SHA1
acbcb611f723b1fcd61364437445ce5758ab3627

SHA256
b3bc85a3f982e41cd995e8a6ee6f87d3c205013246cd785088d0e3f0b1d6f80e

SHA512
a6db3861be897ba20c9dbd0684501e7c889d65233d984e2656a9f183c00f6fd7c6cc1d53f3d07a030b0f8ffe3a372ce0e07d89d9a43eaeb22489fff264e4af19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1643d59377cd9800d1a71b1472c289dc

SHA1
a55d30385c1d0af68b2d8f59d6bf3f090fdb271c

SHA256
9e16dcef8cc21566e5862f86a2b200304631ba867f7654c23182f3df9e4abffe

SHA512
b9d77391ced839bf69697197223ad8f3d09433df575b180ce2043b7b3b95a67c6015497a046546e009e89e958cfd3f8704df77264828d6a3c1f227ff7733a369

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
336d3089582e942f1bb06099f856dc3a

SHA1
524845f1fbe392d1e782d549407b12009afa8171

SHA256
be59d158faca64da8022490f176f86c94f54af809d5f507b0222c0a24325d39a

SHA512
a709a3e7c95ce63173cc629f3f196e740706312846bc19597a583174338f5db6a15d78e5f618a6af0ba947d52fb46c1950ab5463b734738ac2ffb75d0a3cea22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38314d8f2b29657feef2fa1a4a619885

SHA1
439df11f3fb9d66b49e40cb71802cef08264501f

SHA256
949527ef53cc43e4452d19367b07ed5a2ce7b251879c5d428130d9c239939db0

SHA512
ef4497ebec472b03413b42ca3c87ab6e63db8a0f71f88530bbc7397716fa80182a0025102570bb40b1f6a2412dc89ea0d12e3d63f551610c82eb5facd80eaf9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a00d9d84003c3b839d37c32abb9ebb3f

SHA1
80b033aeca9eb304882aba631d154baa16554dc9

SHA256
12ef5be03ba4d7d245d5a3aa00e3905631a006f4a4bf6096519330f93f4494ab

SHA512
cb4c94b40ba95c79550c25db940650255ba0254bca2825b9642788df908207867acbedc2327932a7ca41a2622a3c599d425d39c816922060a49a5bef1e590117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e3df573746d4cdf38a01520e3e04a2c8

SHA1
7d20efa8c7ccb324d294a899063f704dde00f884

SHA256
12be107bee34cd0e5d71c98098eb89004c6d5a02c26e5e109eb3b29621aa9319

SHA512
201441c6d3f42baaa16a038601d75d2b3b1663cf3c54e8c479708d4a45d04ea57064791634a026e6889463d3f7987da7f17f53d408e7cc6e5fbc9ff7db8d5644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1362.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1374.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1510.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit