4d1f7ad9bc2eb729931272dc74adaef1721b0cc807717b25fecc513348c4f360

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

692f037049fef3e2b6092b5f9a08a117_JaffaCakes118.html
Size

31KB
MD5

692f037049fef3e2b6092b5f9a08a117
SHA1

16142d3d8a59399692279e0e6ee52d21adc3126d
SHA256

4d1f7ad9bc2eb729931272dc74adaef1721b0cc807717b25fecc513348c4f360
SHA512

64847046a78cbab2ec546f091372fe3f5e971fc9eb15857297922f006af563da878b16421574c6cbd36c9227864abecf909da49a37a80dba1f3698bf49df2862
SSDEEP

768:UUA5Ft28saUvKJFrmt5Ilf2qQJJ0Ypfau:UUA5Ft28saUv5Su

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97078031-189D-11EF-A336-7EEA931DE775} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422586928"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2184 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2184 iexplore.exe
2184 iexplore.exe
2692 IEXPLORE.EXE
2692 IEXPLORE.EXE
2692 IEXPLORE.EXE
2692 IEXPLORE.EXE

pid	process
2184	iexplore.exe

pid	process
2184	iexplore.exe
2184	iexplore.exe
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2184 wrote to memory of 2692	2184	iexplore.exe	IEXPLORE.EXE
PID 2184 wrote to memory of 2692	2184	iexplore.exe	IEXPLORE.EXE
PID 2184 wrote to memory of 2692	2184	iexplore.exe	IEXPLORE.EXE
PID 2184 wrote to memory of 2692	2184	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\692f037049fef3e2b6092b5f9a08a117_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1715d797315920cbd612b2ea7199e6de

SHA1
061fb97fae09b8271426409328701b2a06741b55

SHA256
2ac2220e5f9f191b4e5f3e1074d5951e7e8dedcbf57d150df2245305c34dd2d3

SHA512
92c4c42f1f0ee3a3bf96f885afd617ba391e21d33bbdd7a9ecaabefdbe3293436aa6362a2a126152656ecf60c9c59331a2996a26a9c1bd52eca8edef02de2792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cacf3e2c9ec34dd6aa0d10959d3d96bd

SHA1
ca4cdb4c407a94f88994a381e40e7847a98d12de

SHA256
67138a7407e8e71b59e2ae2073f0a3be5e016917312333310488f564f20ced8a

SHA512
cc9fabb5eb233b4238adedb5fd9309d9ac585d1796ba62a5a4af9e6457ebc52fafdcfab44f5f1203284436c4d896d31ff12ca5610d66cc93e4b6da0e433e2caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c338c8f51ad750feff1b7775365b9b5c

SHA1
4127b3343bac3321910e8b60723e5be470e41292

SHA256
853d936b2d7b28625fb06fb4ae67828b957ec006e519caecc11fdff61dbdb011

SHA512
25ebcbf886c75bd5ab8552d30a7f233cd11c489a637d8da53d47141866a375d7b8debc016470122bd9c59df0d85c70f42a10f57885992c69971357d69e821b98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aac7c78d0793ac33d26b411b8e3110b1

SHA1
4cbd0d4dfc7b39dcd38472510db6357c9111d161

SHA256
ddb459517100381bec27ad5cc9b3a4f3813af975287c663e1b51e495887fe103

SHA512
c1f969cdd28b2d66e6c12deb9b190d53dae786e935e4027772328706aea33cc99fd495ff9e4faa3171f1aff37d9e80e3f1bd01b985dc2ca56582a055b44fdf51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38bf2b4ead1644c6bde1dd3f62f6abeb

SHA1
5acee944bb8da3fd1f298c42b1a250d1c212b20d

SHA256
ec07a7a3df0dd37421e4ae0fa9ea9934e90f2811a6cb093ecd35e1cd80f89f84

SHA512
2e9ec781fb23e0b7161cd43f4e01600ccdf659155b3610b2c882ef51c244c2d18379c82157913a4333be5736206fac5f94a8fc56b32f96296e05bd76872c9943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d792dfe8e92f57d0bfe956b3388a9cda

SHA1
636c09fdd3f3431fc0bf7e1f2582f84e2cce6513

SHA256
482d59da72e409ae6401fdcf9c13714dcc92682156a08a84df671a9a97a01953

SHA512
91368a7e19d3a58e95ee294fdd2064675357cdbb0b8402ca7fc727d9279a88b2b10c4a7994120c805f7dae2cd7585187f179b1b555f67e01c833406d0f59e7c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b44eeb78cc9cc5ef89ee935b6b4e060

SHA1
87351c710511df0106fe9c2987fe5a610d8b4a79

SHA256
96c2c0ef4371eea8cc9032a2096bd76595bec4a62d5bc438918650fb98374ba1

SHA512
2856b626c789b03024f7e3d8287487d8f0740a7cd947b7ff7a0c9ea27882b60591586b909400c753a4e3c42a191f309fca5eaa8d05e11e4d93d7c908b165ed58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7751cbed5df3d76fadfa08524449406

SHA1
3d3d089ad850a2e68c5ab5939d3b8128b7606a70

SHA256
778e0ad46d21983ae9dc0676f0ba72d7e6824f3b97d48bba7a94ad1324bce10e

SHA512
85d7b42b1337c813405bdf1009f442df1b461f80d071d76cb7addbc93f4d25da07e2c09f86641d4ab77500873e66ec028336b5f19eb03dac2ebaaedc9f94ca4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15f88046f7bbec50b70c65fc79093848

SHA1
e9f6f56f8e8957e6fa21108bd33749ca67dc7ce3

SHA256
ffb475b9997eadb848c06cd2fd537776e2f27498eb7a11a335f22e101ef441ad

SHA512
8ace13e9c7a9f1f7829c768ef54e9bdab65304fdf731d7cb96b306d94faf1faf010d35b8a0a92a48a3dbd85b5e0431dc905639ff3e9a99bc30f8c870d12ce6e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf3dd95252053142f96a6973b1f0e6e0

SHA1
2a7efe717f61aa31688a3166595d6a04039b81e8

SHA256
0dd079da1db5983fed9a60dafca2e46682e83920ef44e6c21352faec9f905a47

SHA512
41a47b18548c7edfcb7256559484a013deb129100adcd6a6bf125aaf1af3235cfdfb8fd193b5ae90b05b8b9912f3bef4c142ae229acb5941db1186d724ccadb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95baab085c2aac23482ca19fb9f990c0

SHA1
a61f7791600c8a4c53df0b18dcd92f2aad81bb37

SHA256
d31af574fa2fb55c9269cac887d48ea4b77bd68e6d76b740baeac065f6d0f560

SHA512
62a3d1438fb3c87402511efc6d46afb6befd5381a171e056a2ae00122ebabe700242ac90d068fdb9900c16562a0f36475a41641ab3aa64e5641a4373d4bef052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fa89087c6637fdccfb4ed6590bb681a

SHA1
8a801f6bb48b8274f35d8cc00c27de6774210652

SHA256
fa035bef779ab806b05962d62608acc2c2c2b4395ace3a4c039697b814838e01

SHA512
08a3894b2547c5d44961eed91ae1531bdd1d6ab3b3c4611b816c4fc335e149790960d9737beca3b256348ebc2bf4b1b91c6f78bdd36c88f239be571665f52d36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1031984aa75879acaf4a94e040418f09

SHA1
b9c0f28786e610e7c5c2ff9d4f8748e2afcdf284

SHA256
34bd51e14e3e07b6e2bd9159fd311d32aab0e0c472970a18ee5235a421ae63c5

SHA512
4db9c33290b67c91064960d21516fdec6d209ca1502c12aebcc371d19838637bd1b3bc17155bcf1ccf0cb4ea47c1d7ad25c143a181da80ed548bf7f76ccd1329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar86B4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit