6ed0d159f9190e44a28ca132313c5fd223de03ca6f32a8633071a36292d027a4

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69352512e19101c9b4610e995b26f174_JaffaCakes118.html
Size

213KB
MD5

69352512e19101c9b4610e995b26f174
SHA1

e509c4ed65c55418bbfdfa518ec04cb3473891df
SHA256

6ed0d159f9190e44a28ca132313c5fd223de03ca6f32a8633071a36292d027a4
SHA512

307acc08054856fc40cf4709057b00bb87076458195e2c89e7c405d06df10e1c8999ec7e7847a9b3cc26a20c52c6046ea61543aae8a5094e1d45e6555c1311e1
SSDEEP

3072:SMpejLTFDeqDjc7yfkMY+BES09JXAnyrZalI+YQ:SM6c7esMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6067B31-189E-11EF-B5B3-EE05037B2B23} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422587515"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

992 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

992 iexplore.exe
992 iexplore.exe
2720 IEXPLORE.EXE
2720 IEXPLORE.EXE
2720 IEXPLORE.EXE
2720 IEXPLORE.EXE

pid	process
992	iexplore.exe

pid	process
992	iexplore.exe
992	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE
PID 992 wrote to memory of 2720	992	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69352512e19101c9b4610e995b26f174_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:992

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:992 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26f765f69db64b5ceb6b81bcb226d4ce

SHA1
45fa080f7db0c088cc717b177538fa2d74d05cb8

SHA256
4d5fa54079431ac481f16e0eb3ecc7c7d6035266e1263b66997a79c99f689f02

SHA512
0149ddd344f0d3bfdcce368a0346256919ed3cf0cd18f3f90c5f9e061889b4572d19729b2fa7c3c9a6c66eb7ebf6c014dc9c382c58bded517bdad4e2f00bd677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90dca443424ce9350acf4d31682790e4

SHA1
fc3b6e678348baca12ad2156550131a3815a7606

SHA256
e722d0cb3965c2dfc6d4c206749e18c207688f6458c5d948d647c72933ae041c

SHA512
f775179560fd1d01440eedfd99b7d9da98f81118a98a2ac335f5a15c5bf51de1b6a79fbaf408aa2a422755b5a6386292142260e087fde5a092d1e025408690ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f68323507e737a6eaff1736f01cb17d

SHA1
741b68e493a4b63deccd581b20c6f5a85e38037f

SHA256
1d0f9668a307861dd678c4fa72ba337ea8904140ca3e5c02f3a581e6d4062ec1

SHA512
23dba282fb1272d6b29eda5764ab331caf6b0399f296ccf8e19f81a7828287ec1b02d8c2e432781aeb0a3d9dc369db6fb1fb5b6d8c3c0065398efe9cb45ba6fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb33aad589f71368a464f3dc113df6e2

SHA1
7f967f60c2638a89cc2081fd72746f3c088b9275

SHA256
132145acc09c05fe95d974c8d73dba744f6c60bbea4b751bd5fcda168372d073

SHA512
0a11a001c65a20cbd2047150b4112c9a04a307a19bab544439fef1b9a5cae6f0ae3e3a791925156e87df9c5f37cd6f5226b2fffee72d929023f5e5a4383e61fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6505a72d63d9b6dc41666b974c4ecba6

SHA1
58d304bed3c8e1e562b57c6fa49a3b15a748b0f7

SHA256
4c806bc0ce27353c301d638da2097e1748d1020cc2d819676257cc5cdac3e944

SHA512
40844a408d0367477c097614f89c93c8323ace73b0d7ee9c73634c27bb93ebe16fa26ff7114228a2ae4ad77dbf6b03c494d67ae588eb8b0db5a09fac6067f63d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7bee7db314c2baf442f00ad629089df

SHA1
070bf46019bc6f6c872077a22dbac71c6525661d

SHA256
557ebb65f9e1a67429f3fa31c7b68a80969f11b7108260f6be03d173320ccfca

SHA512
4e5e0bbbfe44d066b97205474401c99c8d368b6f915d6815f319bbbae28ba4b1ac4e173691aced6511bc4716cb7d63ff3f23c75db9494827cb32af76846afae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4040322af09e9eb63023e114088126a6

SHA1
66f9654d9567a00ba1bde61b2ac43a515c5ad3d2

SHA256
d909e8fb07ee55032948ab2e720ac8e55bcef74b707981b626a894ce609d7867

SHA512
bcee87e9ff53f9bd41c208b4ce4f639fe4979825978822ff3fd6052b6b41d37b8b068a0a63c4383515793185ff9f5e8f644a7fa88ac4ca86eba0cbcbadd157f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d57831168748573967252d49573f2a9c

SHA1
7e2f1dae601fa698e9f8382b81a4f16eb6048998

SHA256
3613bb6ec2dcd9c3510ad942a0e472e1355713d78ea95f53214b6f65c8f8a310

SHA512
b49cca1c5ee9f048c4fc97123712ff814df23ce63f296d4d7e2a04d81bc2c8d4045b5a9c54cb1d15ded55af067fb780351ea3db45c696e959a711098526faf58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
676b1234b83d7188bf5b32a063d7bc62

SHA1
58343206c31a6188e5da76df134bb2413d457699

SHA256
a912ebb6d38eddc18e9d2de58448e1119a6366b4eff9e7926be0687319485f15

SHA512
e3db8906d8d24084d9c407b83c415b5b20bf4552c9eb1d7092cfd854a11b60731f7562abc3ad441f06096eea8411008b492e039f26eb6fdd79c85e72f010e212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01f203d9f2294fc8bad546c414a22a94

SHA1
b6331ef4eb6953e691c505a99854ea8966f23a5f

SHA256
ee1adbeb91e136f9fcf243b3b285bdce2da9a7980dca4d5d930786632c300f64

SHA512
4bfe4a87fd8ac05fee24276b11fc6b0a7196ce6427b57472ab3f051258144c80e6174f87ae48be8be6ca806571d0d7237e5cccf576a815115d2f451aa3033270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
181f931301233e675c9ffdf970f6c5db

SHA1
4fd29c3d8f12b5d1a812faee34e48c3a417efbf6

SHA256
8f2679d323a5436f0692e934b5189cb322ba215df270b16d8e381534f8985d41

SHA512
7d2c1481ca255a150fb78e3f1b9abe1fea2fc755e9ce358b4245cb2ade9f77256cdedf216cff996a71633c9b0e80dacde1eca23c9a82ce45b3dbfe56abc55620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
072d40fe210cd5f9cb111e8a8166d9e3

SHA1
f46869624282d37b98c9a87b98c72b4b2f0e943a

SHA256
5c60327d60d909b53452f5d96d54a03dc36ce1e0283f934857e2fd9ab3a2cd33

SHA512
7e9a9a2492e47cb698563fc07c20e6c42ecf459a4ddf689875c25f78c0f64a6c04b40f0365230f53ea99d927a2c0c9cca73fde84aea51dab79187e3613c34193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec0e3a08008878748b6e7fe1bd636e5

SHA1
8ec9afadcb638bd69f9c8c49b9d9dc2300d45ae4

SHA256
b367623c65a78732f5005d254ac83fa3741d2490f25484fc24d8682ae4d205b4

SHA512
a821ab75ac06d6e92d08726e553090721a2b60ad57451beb9e87471cfd16f4be920b3b72c60fad761d96ecaac5de1af71334662d1a5ad3bb68e3d89b0e80246e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6630c382eb38cb3efac6b4b405568c1a

SHA1
f2d99ced80c057c18f35ccff7f502133adcc1fb8

SHA256
2daffde3643b0780e6b20d97fe58350764c2188e5bcd03b07c1bd7cd8d8e3a13

SHA512
2c8537e9612193915fc35c1223faeb5ee0470032b3f76a5481eef31816973d79bbb2081573dabc781d8b90e6a6e80d6f31a7aa86e2be3de76608c85de9125703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d114dce5716e3ab95d766ef8ee675d29

SHA1
382dbfde98299313d41291ae65f3144ac0e98ae3

SHA256
02f3f3516ebfda6f36f8f0b9aa943e2537cf41963caa82bf1e94f00b19396157

SHA512
1c2041ace720667db284631d6392df3a8ab70dadc6d2a1b25386ac8814c39dbf2f899503fd49e258c021f7283ad71a64224143d14d20b34bce62b6d04fba61ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
143fec20f80a46e18ce812ec8087f2fc

SHA1
2297c2156cf3f4187bf84652d4477705bf24c75f

SHA256
02f1a485877c0bba484e61117c65e1d4208ec9e21923c43652a873f7f5204bf4

SHA512
f723e0169c0a7236fba00f254645dcf55c0b5f1a6ddf2ce3e09f5201b13b3619283faab193704eb59d92193a1c58a5923762bb3319533302dc0c4023142cde7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fbc0d3b6c7a1a38d4ac524c998ed0e3

SHA1
7cc6c811835170affc724487d98a02139af91070

SHA256
ee6d44a128f5d28f93a1f13e2a855353759f34730d069121647c2f48cd604108

SHA512
669942ad0a5157a80197b4e89c65fa602a48434062eb85cb54f5c8cd8773dfb2985e96cec13ca1a8ef2f79f4b2a2d73e80afaccd4a026543ae5b09a187b4ca72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6d43e79b911c74fcb191d28060649aa

SHA1
9d527dcd6c8422df860fbfbea23e5bde68874c6f

SHA256
1a0ea373caa4f788eab8d1e1f29d9747ee43652d40e47c69a877314dfb8e907a

SHA512
e81c32bb598deb0e8e9351e1d3530670a460d021672550a67a5a1eaa3dd67f0cf423ce6194a91a35c3edff7f41c28352902e636c4c8c3ea6e4ed7ce58745915f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aef90519e46c5d55cf67612a04ac2a75

SHA1
48fc522ab677d945ed2705a7d8380fe6cd9b683b

SHA256
ebd6411b49dec3671af42e28ff1627b487cb2e1a586efc9fc2165b7fde664ed2

SHA512
fd900b7a18235107fc20a5e0ef3a75676bdea49a381633e1bf7c974eb017b3f8528273cbdd9685341fa50d6594e6fe28f4ce517ba5f29edcb79b8d0e3d8c1cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96812475c684391ba68565fec1417a96

SHA1
840f800e625508081533b7b67dc668874533f452

SHA256
b78910ec4fe5620374625a8ddcafc671a741a9d04889358969340a719556feaf

SHA512
79be07807d520017371d769733f56b38209b93ffbe5bae317364bc1a8cdadfc839666b923252db2ad759a085c9744d6275a558673c173f40be2fdb095e58a218

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B02.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B62.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit