f983d2291904fe033d2aa02251ed36d59195094f55df664769a9ecca74f0946e

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6920fc36ef9bcca1e41c2e1161ee4aca_JaffaCakes118.html
Size

138KB
MD5

6920fc36ef9bcca1e41c2e1161ee4aca
SHA1

71d939c821f71d9ecd6abd2940048ab2c28e30ca
SHA256

f983d2291904fe033d2aa02251ed36d59195094f55df664769a9ecca74f0946e
SHA512

73a3d69de666f7cdda65143e47dd03afd980a9024b9d8324ad4cbde11c13b60420dbea704066f9cb0e9ad75a44c6915ad3a0b72e9981409497ed2087fc40d5ed
SSDEEP

3072:Skq3iYbt2qGbAT3jSY5/3YeorC5K1PB9fe4:SV3tqrhp9W4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAE38391-189A-11EF-AD30-660F20EB2E2E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422585672"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2028 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2028 iexplore.exe
2028 iexplore.exe
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE

pid	process
2028	iexplore.exe

pid	process
2028	iexplore.exe
2028	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2028 wrote to memory of 2080	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2080	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2080	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2080	2028	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6920fc36ef9bcca1e41c2e1161ee4aca_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49967e346011e976fdd9ea40d2ff6ce

SHA1
4f1a31ea724918a614e2f281a00905c2601dfafc

SHA256
50d9581847a6599cceff1aa6228268a3267493fda1ea4d4fe4e6b7a2bb204098

SHA512
d260632ab9b622b3e863730bf5c1eb37d8f727b56bde5c6026c6bff5a48ad590deb96499ad72f96aefb53cfaa6022bb1e32b41a2fc3fe0b7a521606766128f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3cbe72d905a97210504f3ee9b826656

SHA1
6b6360b18ab9772d3e5fc0616ff1a3bd95e64284

SHA256
b6579f6cba21a0121a71e799bce9a5f3b18f45aa5fd577a75a3a8fb12218c7a2

SHA512
ab2666d3d1896f481679b40f9cb44b75851f766cd01c7037d24074b49f3c86e1cd564850f749225fa136426dd696973e8b3f5c6c7ff99b031cce339b049169cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efab69d46f0b55f138fc05760cd8367c

SHA1
5b3ecf64561a88632437b2f3999413f80da67fd4

SHA256
57432c68329f59bb234a2c7d4d3421506c4506da71fe5444ac0b466fecd9d474

SHA512
3527c7d29278763ae87b8091cc745cd2a1b7e4b34cb34e4fd6195098f16756ff46d4fa493281149251e9aac9ac1719333d219c62b72439d9ad8163189d7cbc33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ea2f7fd4c54f64a2dcd8368eeba88a8

SHA1
c693905ef96d957e69f7f5acea20798407521782

SHA256
9314a9ca49e5572a2ce929bac084481e951dd2eefa36fb16b2faa28c97fc9b57

SHA512
6518790196f405616bc3a3bafe80730450133104f2d151174fe440eb2def098a800f43b9e9a9acb9091091d2b167db8b902d999be7fd1ea8a01859186b2f44ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9178822eac6cee90be50b16387ade596

SHA1
70ef3f7645d234292e5689c3e43056b9c73c2315

SHA256
d7cad12308bc1672de5370405ebfbd9c5fb2b2c3960e8eacf7a7057981b7c44f

SHA512
d7047a8d6d69351493fedbf8b5023bbf26bee7f11e91ff0d00d0bd2d09cf2e7716af16fdd0275fc8269326d55fcc5bb663805f280ccf6cec1b1172d9a2951223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28eefc40b0c36b73fbdc89d9603048db

SHA1
0744ab735ca14bd2a6013233be2af30ef9a2624e

SHA256
d9cc6871de6fb5472de4099d5e9c14b90befe5c0ebce713e71071579aa14dc30

SHA512
99768ed45412a3c793d75ee5bea8ef1cf698ccd5cef513c6c9bc3e1b61f6bc7b626a5243593cdf45e4178c8c2c35a7152695ed85c7b89a75de61a0c730d8e251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a4973630803260972146d614bdadc72

SHA1
3a0a9fa6b1de6076b7a8387cdc94e73faca153d1

SHA256
28b8a4452c15ec55fae1c0b76a6c2d950583d4e456693033d66fc40e56c7cb2f

SHA512
17a8651b572a40451862c3e38aaebe14e3e8d6b6a3ab852366cc8852b709980652ee0d9a75f648cc4a2ecacfe00434f29ad1d2cc40c9f9c8cfe8be899b2f33ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2531f44d4419bf33559139f11e3e6f34

SHA1
1dcd18b99de7a05565a9ae087a0b71d057a121ce

SHA256
2ac80d6a7fbf7b4c69ae73f84c432428b5111a4b5e3659fd841a975174911025

SHA512
800d68fa00b1530be0f2fb0469e183a2bcd3b1bfea99232a2fd01af465b2cb0dcfbfbe8879bea00802124db157f555f42e0a33d17b15936bbc31e8704a49d3de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78381de9e86e7c1888461ff0ce69642c

SHA1
a9e7c29ef9e258225a1f1153bff8f6917f00bdf9

SHA256
22c00f0cb3eea68a478fc78e87dd2ed21f7ff19b96500d20dcd83b97076061c9

SHA512
c2f5d476d0de4850f41ec612642ef7a746bdb48d722857b542033b56112e8a213e92d5ea6630600893723fddfa7a1c6b4eddfab78b91d0a01905b61800326fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5decf5db602244361d19abd8987e1fc

SHA1
e8d217fab98f7f0b7ef205ad593cc5d959374469

SHA256
a787dd86c1f73cca0b71398a8bdccd16e28d9ce847723a06fbe22096cd147770

SHA512
10d804351954f29bb9c5161874020121221835017b5beef33db7e7fd60a7413c7c31ec2a9162e2d049fe50c8d3e19f42e9f541e5d7a8180dd099984a4f1f2044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bb7a038f2eadadb7872b0e81e41e76e

SHA1
b999741593b32e161391969bf1581336db226b40

SHA256
0080836f32cdc0270a20fdf242b8c6b09b8b8e0f120ed8280141e47d07da1729

SHA512
b76964e7eb848681b0054d65a436f3d72579d24bb043c7192e477bf44ed0c46aafd80eec3616c3e6131159eaea84ec44470dc9225873f200a15c0e26078941c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
833bc94c40f1b8424339c933ef4979a9

SHA1
582dd9b80fa4d393c8754dc0aeeb4ceb3f14aecf

SHA256
ed71f38f552dc1b6cbd78e7b4304b98dbf10ec9d23e59dfb37592af59c0b8af5

SHA512
b059f5ca24e419e58a942bd2694c84ec05153e733c7f4602f6f464e2662799688c94e21def5a1e903cb2e823f93d3a0c8856c8047befa16033783b0597355c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\11.0.1[1].js

Filesize
106B

MD5
fdffada99a6e326385c9d6d22006b6c8

SHA1
f69101fdeeb5282659ebffa17ec82e89a0cd09f9

SHA256
c58c444af409b74761d5cb4a86fde4b48ee2d4701252b439834f01868c8cb955

SHA512
a7190172ebb6023d27a69629801b9b71cba77f7f4889aecb129ea8b8e84fef7bd1cc21ca3ee2fe327bd4d97f30bee5ed40927f2a54d45a13c66edca653a60f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ab77b6ea7f3fbf79[1].js

Filesize
478B

MD5
5dd27f8f2b042194c3cdabd62fd80110

SHA1
c035036a939799d4c29b9c0f7229ae1953d03109

SHA256
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a

SHA512
95c7b2dba57dd75e6120794c0ff14750258d8ca3c86e6efcf04790d347bda18e246e14d5fd8ce645e46e268f978132407bafa93ca97fa003103b59c6135334ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab15F3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16C5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit