e7f4caa48428fe32f17abd3f348b387e369eb05cfd8f1432e46514c4ee1a63dd

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693d7e4180e71d81416a12fa95c68434_JaffaCakes118.html
Size

29KB
MD5

693d7e4180e71d81416a12fa95c68434
SHA1

93f4ecbc5fc9e4e6c78d05e26577b2985557aea2
SHA256

e7f4caa48428fe32f17abd3f348b387e369eb05cfd8f1432e46514c4ee1a63dd
SHA512

6d18e081047a2c5a3210ce1a1f34e434f66cc8f6365f912798522a36bd567eeb29d4d5f857e590b1f0ebd5463a6a74673dc42364bda2cf31ad0083f0df2c86a5
SSDEEP

384:SpbKvBME1jjCJAHjjOe/p3KUrGpbSUNz0:SpOvCEdjCJAuex9rGpbS6z0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422588378"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7DBAE11-18A0-11EF-AF55-CE46FB5C4681} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1728 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1728 iexplore.exe
1728 iexplore.exe
2648 IEXPLORE.EXE
2648 IEXPLORE.EXE
2648 IEXPLORE.EXE
2648 IEXPLORE.EXE

pid	process
1728	iexplore.exe

pid	process
1728	iexplore.exe
1728	iexplore.exe
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1728 wrote to memory of 2648	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 2648	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 2648	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 2648	1728	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\693d7e4180e71d81416a12fa95c68434_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9da7360327549026224c7c1fd9e05afc

SHA1
428a388a8164b4bc91907d0970b2f64952074b33

SHA256
1a3c4579da7be4058294e95a2a54cbe5b31a4909235c9a330faadf4c3ad200a4

SHA512
ddfa8a25ec8c836aa244b35419ac0bbdad95842312ca2776d36d41df4253c185c589073742ccc773bf6b5a098cb10e9914c9da9eb7f80bbcb902f758f52c4542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da4179ba768e3ab6257d6a8908fb83e7

SHA1
deb982621d2111b686198917179771fa82fd6f58

SHA256
4b18d8c0114b087b4bf969bdbc59c638890246d6d5fd2b124419ee57eae72bd6

SHA512
97d7df4b65ce48db750c875983f07051da65127116d14eee31dee3fd303c6cbf8c77d0814047dce026295573247fc1cb5820e486e4ad13540a7e9ed34d215d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d919157a17429807b51f600ec264595

SHA1
9922fd07d8b6baaa0280905dfbcbaf315f8e1502

SHA256
e87bdfda7bff9ec566ce2a86ec8656aa1edaace262f13fee1e730d0ea571263f

SHA512
c91bcff77333863c6c51bd9c2d2546eb0686daa11eb609962280619d30fcfca4204b94c61202a433dbc399b4ead25d8263ec3445c74da0d28cb9200e0ccbadc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc69a4d6c316e37a06bb0dad4f36d44f

SHA1
9ccebabf1e2d4e0ae303122f809849698e222ae7

SHA256
91d2a007cc69956a4292671e8de32bca669c4f481dff9087e4ba90842a12c3bf

SHA512
2fdbf861d0f3431e7293e781ecf68ed4e3853bb167775c40045299cd0ddc26b2bd1f1dd0f67f082fa58e84a7b46bc5663fd3b04a2838ed1b070e705cb2beb07b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
962002f0cd03b506e89526030e7a5bda

SHA1
7e11a59e4fd25ab01866a26eed002c56beeb6f48

SHA256
ec3fa7582480009026d0d9aaabfb7ba3b79e2a10d084ddeb354613678bc11b93

SHA512
cffd57af7f71794ef9948c53083080636a16696f7986bcd6dcf3fd76103026d28a4e59207d1535839c77c766bab7577ad220007361d26acd48d9b6c65c8aa286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84f21ccf182fff2651840b8821c75347

SHA1
9a00b4b4ea383115705215f8a4c4e85f8c027261

SHA256
d3d756724c6a4f4249b00d06da41a63391fd9623ea55b96404ad9db9db7a231c

SHA512
f672a4ecfde837a916ec0a4912ffa0325341705d7615ae2a12c4e4983c266cdcdaae323011b0e4b5702411c2ac158c882147de41b33debb0888b9a3dbb6d13e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd313b4a55d2abdf4240a8e9b6cf0695

SHA1
ab0d6c61aee95343695ab9060f290f07dc1f5c02

SHA256
c706c2985fe51890e816a31336b4236953cf7e67169833808b0677d7b5c5d85b

SHA512
6b2588adba3e3418fc83372af5e96dc3bc49918ade9047e490f5fd5892bc82db75bf3c5eebe4c611db66c69ab89dbadd7bece731a70bc75bc02c1a0f311f0213

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2eb7bde34b079e7474b9a4686fa64845

SHA1
188a496af74a8c793e0ae514a4e11de0a28b86e4

SHA256
be5dfe587b6f90e4162d9dbf646b63618012cd310190f782714b092a40b35403

SHA512
84fea84a2fd177ef5dcafec05ec87cc3176ee63d3c21abd950f4e74030c9a2833522d4265771eca67d90057cfe706778275c35c258c86ab4766123ef98d908bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55dcded03241ec7f381d289f8a458c16

SHA1
9d4b54615c2c81f3245b9376d54b271dc49969e9

SHA256
9a3fd2f21d6e54c9c9735ace7a0fcbf788e38de872ae86771b465f82eac2fc0a

SHA512
4d758d5b059c8cf95733690e20b79811477b0d236271173e867fe2a836ef4310540b9fff0d1a4447d95e971e29febb02f77c01022866654dcfde6df1db467088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83e87f297f19df2c73cbc67ec48c9975

SHA1
920b0f303f4a0398fb200f9c98d49cd2397a432a

SHA256
6b803761c39bcbd139a3d8958600cd46abd77d3d109978d721ccd9341f84a65e

SHA512
3becf946492017af428da74efd3e3d38df2b7fa4e5e6482a2fd1fb7cb45144fcd5e48913a7b28b11910657c5f92b359e7e346dd5717b202fcb4d6aa0395cb3d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16606468a2a83afcbc9c53349e1a0dd1

SHA1
2bdc336863c17db9a00b92514170fa0859e1bda2

SHA256
f436c43fc41c729338727d706e6238a3c08e94d17619ecc0093e2c7520df9f73

SHA512
b0db32bce18adab4e6f34c01bb2df2c74eca7b964b255a77b753a5e6ab3ad25e4b1c668f91b9da5f34ff00c59842fe4060e8fe9a16f3dd3b5b420ee2ba39404c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3da7613a5c5ac3b945fea5c2fffa2a50

SHA1
8f693d193cc9a0b58fa1712d26b210945867d35b

SHA256
afad16942d36544beb46cce61dec6400ad3e522c90980e8bc1231b6375fac754

SHA512
7fc7a3b0f13280c07d9fb3da69df60f6f77e878bd98646b69e4d8617876da9687a4059322d2577c7e513c2e594ae66ecae4f12e38d386b28889359c907f2c3d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9d75dae03d77bcf5f2d98231277dccb

SHA1
31a43008fbf147a3d27fb6604df09b02b5dd3946

SHA256
b4677c49ccc3b24c3db1de565c467c39a23e94f6e4b99dfb4d398d7f96126bb0

SHA512
cd34f20efb4282016104ce3877681dd22f5cfd9c99d8158e513a6f8f26279c81e3245cae2769275d6dd66afe12f13bf900cf49fa84fce7efc4732a7b495c0df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7f1da72be2f8552c36e7b6039f70235

SHA1
b981c1a6e087644296f56e265267511dfd7df360

SHA256
daddb2547bf4ddac3eae3beada328b30e73bad55fecb67a677dd36423c1c4c04

SHA512
051e9485046aab5a49a888aa70f25a5d9056fa9ea9ce598388f21ea29078ef62a5dd0f65b6242668aa42770e05051ea7454a2e93deed32ef0b38256e0ca6c979

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f5eb3a6af511f739670ee374b4aece3

SHA1
aaaae614e9beda7f1e9bdf8f8eec7e9552d8f2b1

SHA256
48b10497584d329ef1c025591be166569fd69aa0ef22b2841e9468df9db3f877

SHA512
5dd362b0a00bac857bfa6355ad1af65051acaf98255ecbabbf833a1216352652d459364a7d0b7f52703143a713f9c6225ff979dbb4ae33df202b75cfb1837aed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5f11149b2241bb399055f4e562ee21e

SHA1
f4a69dde65962680a4c315ddd23907c0e3b2f150

SHA256
423282fe6759860328417ecbd520e96a0bd8a680f99d5d0cf03d0f30e416dfee

SHA512
f20902495339e10de761ba3794b752058e839af4b7f35b509619b8f1e908d056534933f9874e64ba446592c12333f07a5692b773b59647cb4120d40eedfd1bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4427a6039bd84c85638ae295135e3438

SHA1
f648e0b73c8bd26f390a486188718355e458fdf3

SHA256
53631f61e7d63a45cbe75d6597b03daab3b21e67a3d5bdf5242f5d246298c82f

SHA512
9e5b44d9ec4b3ed1f4f972181ecc5f3afc0949a164a058e745666b9c208125858b5498481d82beb572a546f16e35eb77c32fa67003640d267158ffe953821f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1392.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1474.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit