783aafa03d33a4f2dbd2a4f4c3255f17bd578154f7030d30c1d674a20c36b2e5

Analysis

max time kernel
132s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6971a20c05c00436a1995b89dab26884_JaffaCakes118.html
Size

213KB
MD5

6971a20c05c00436a1995b89dab26884
SHA1

4e7ee97d0cec4054c17da4175cdfeaf9242dde25
SHA256

783aafa03d33a4f2dbd2a4f4c3255f17bd578154f7030d30c1d674a20c36b2e5
SHA512

ada9e0c81076afcd05b187c69af79ac7668e2cdfa8dcf2c72821b9e9b774e1ceb717cdaff072fa9e24f124fd334fe263e374c03a1cbe8b4b24f185d783e77c70
SSDEEP

3072:SJ36/aoxNeBzyfkMY+BES09JXAnyrZalI+YQ:SJzgcWsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422593021"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C745D721-18AB-11EF-A0EE-F2EF6E19F123} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1680 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1680 iexplore.exe
1680 iexplore.exe
3020 IEXPLORE.EXE
3020 IEXPLORE.EXE
3020 IEXPLORE.EXE
3020 IEXPLORE.EXE

pid	process
1680	iexplore.exe

pid	process
1680	iexplore.exe
1680	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1680 wrote to memory of 3020	1680	iexplore.exe	IEXPLORE.EXE
PID 1680 wrote to memory of 3020	1680	iexplore.exe	IEXPLORE.EXE
PID 1680 wrote to memory of 3020	1680	iexplore.exe	IEXPLORE.EXE
PID 1680 wrote to memory of 3020	1680	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6971a20c05c00436a1995b89dab26884_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3020

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
02aa1d7462dc0ca66974fec4002989be

SHA1
672b1efeed20d15d3dad514aec423bd2cbabeadd

SHA256
cd4643f9dd22663f61ee061fb47470443a4ff56b7d89ddb87f8d985500716c83

SHA512
f8b2fbb7f626ad2ccdd35997e705a66c298caed493288465e7cac176b40f7b098ca5b34fe868ec2bbf44313c742514643fdc8a5738f3cea2066bfb6a1038de24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7d441281db95ad4734a039146770c5c0

SHA1
f41975d3deca3dfc95506611057c000a5a41877d

SHA256
5aab4019e35bc5036f414f3ceb6c87d680f420eb3364a3c7537dc70c67dc7705

SHA512
03fa75f437de4927cb03acefadbce21f94f5be692de7d705329b68aad77e77958a8fa6acc8bd95481a0e56fca8ccf849fe3bf49d3456993d1347434ebdcd402a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
757f7364c23d5accf527d3437a502ddb

SHA1
4c120b67f29b39bad0ffd50c699e77b7313615d0

SHA256
02c5cbc1de6091d1492464d66a732c55d24faaa7139e450341d29a73bd13b322

SHA512
bafb625130f4322b626f0faf6cae744160f774a910b592420cc087580fef222c64de8244c67209a7dbe71cfec541c41f5452e9ffe1645850e19991acb5bf80bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
88242d06c74782bf4a3f822d49510f79

SHA1
d278193cb2033621877fb8403af9635bb6b0b32b

SHA256
b7b0aca3b4faa6ff26ddb5ccd6670bc9e238c1d92ca458fc8ff6a07010c350e1

SHA512
9c2912b0b48221c55ce23175e9c5541d2208617d266f5ee9a69ef4dfcb819b11dd4b5ee24c4f3f43bdc04bcbd92479de09ec039beecd7b9f5bc7f5fe890af03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8ddfa9e4d13b0ef589b8b93d5a5194a2

SHA1
361c5b6bd15f8a13743b0930a11b0572d16eaa5a

SHA256
a376f281d95c24f82e322f316d1070c628f9e8ee137c4bf22efa7439c97cf394

SHA512
ff37b26757eb3969bfbdeb3f6a421a0cb1f2c88bba201e4d0b9b201b4cd65195938b7f7d16fca71c9c73f382f440abb78fa2e8ee9e0ec189f8a6e63125e07616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
92f4dd2e02664df9fa7d9e9ed1d49f9a

SHA1
87a8c6abca31d16aea0850c343310c99967dfca2

SHA256
255f3e4df72e920e9980d07d76bef785edfc751afc9ad002fd66dce50a6dc176

SHA512
d7f662490ffaf4871c08679a79e9d89b792c9191eda3a8ebca1d36d4262cd949552474b3a4e4546e87b304bf9a6f64ab7e4b81f935ae4c6c909e447e154656c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3b7c0dd7976f1ea3b90f82b5077a87dc

SHA1
733a8902db60493d01b8b4106af7393e10016d76

SHA256
6ef65589becf59bf0378708611318fda3b50214bbe8f3a317db61726a6e87d74

SHA512
afe24b38abee7e0b2de8518496fbb741d3047ce2360f3ab35d6ca87e6c464abdba7aba479b67ad33197d027e430255e3f0b3eaed22f24fb8256d7974c8fd13f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
495e03516d87ab80af6f7f772c4325c3

SHA1
47132dd87176f84614b7ee5d7602787a8f01e775

SHA256
2ccb173d251d52040939406fd8dcb5f37a363cb2a550928bec9a0bb5a5c69e6d

SHA512
07a975c0fabce10484afaa20d9a39ec758ce48b8691ec06c4d583710430ed7c7340523677915e9ab581c71e081e57b1eadc0adedb93604d81fb726941f49203c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b6f4d6c33f082d41acf191c802e5d201

SHA1
21a8768f9f29e33ef285562ad5c47d72c933aedf

SHA256
ced139ca15e52eb44698f6a5bfb731b3396af71a68e9c682786d7442b6d71c4b

SHA512
9b25f7a227efb62bec7265dc9d02d280938f98a6bf2894fb9a54a635aab27bcc7229f71bcb75c8df04a7db98f69fe0a10ba20ef357d2da9b0a7f7a6f927715c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6493a5f371006ab91610d79df5ac1c00

SHA1
024f8fb565fbd23a6f742dee389f10522ccaa1bc

SHA256
587d4ea861615194a9e9d2b400340e5d9e777538db923d0c11243c3d9bc566af

SHA512
5e7e4564bf7302c05676bb771f212d26caae2c1fa8161d2c0c2471199369db5683df280e51593d2ac6e0f53c1bccfd61a12445b5be4db36183afa9cec4499d66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d51d0cf9ebab371b469f32d8616cb5e8

SHA1
e66d218921340f163f96b8fa75086ad49e224b66

SHA256
92f1d870478b59a030dafc34c90591ca02f29d758b1362b4ab837957836b0e03

SHA512
50d966b4b290b0bf6e875b23fb263b96a63338e932504a1087b37d48f5bafc5eee04d8d41d8df0dd2a8121c57aaabed6481f064f737de160214a42ef419e5ff1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
388b93e0346ffe46e7a814dfb617901b

SHA1
1e04cd78249d23e80e6270a93b31f92e86558110

SHA256
fbbc938ac24480f1459875a7619afc967a62b8a2a3472f0bf143e1f03dbdecfa

SHA512
b99f4c1c148b6c1ae2604101a7c1ed77fd5c72d8106b0be8cda20036b1102d233a4445451804d065c84a87d42a3cb9cf8cde3bdcbdeadfdd89f3ecf4c55b3adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0a18add35f245d7b6945dccf103fb62e

SHA1
499d270f915f35958e417dfe1daea4016be3c7f7

SHA256
da1f6ac4f7dbc7f4a503c5486da85af0b2d9411bc6add9a19f2347bfdbf7b512

SHA512
41ad57b680ddb62a4048ddd9199bee4176dbdf60f73e2f719b53db39f06fba31f4064799d4d1a32a504fc7a655281199eb94a4397f1cf7de02413ec2a89d5561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
17976256954c27ed5ef6e9524d71744d

SHA1
b4415f17de8c3d77eeacf70ec98082fd14603059

SHA256
152aa8ffb9baeceaf1ae6f8abe612de5f638f9fab7383c882e8374dc925194d6

SHA512
6af74b8801047c256ace83e2be3d79f5fa2cf4d3474753ce10b41d99dbf1153cecfa1911db894d490fa32991bd6d3da8e568274fa6dc9c619c50d65daae734fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9eea64cc5a4e80e5f44604f726ef8d60

SHA1
7b697d95c0f0bc266a9e519e99abe22358a41d0f

SHA256
447d32cc4248b390cf275e0917b2bbda69a8e740e46f35cb22b961b626b4d61c

SHA512
20ab740eddb38a68a5449633e2d01bce4f46e9289b05068f022c079e9993da8f112542dd3e83321384f760fae623c86220aaed67fb8cd8125e3d983809033c4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1d7bf1cf63a1b10ee7ef0ad09c4376f0

SHA1
2980fc3d597d6161cd0cfea4144d47e9fbb22f72

SHA256
95d117f366614e13f0c02479c6c294de585c343f6be8a6113faf99026f39f060

SHA512
53f9f735e48063301cdd36d6749d361389da472151bf7bc7b68254bff62e55f67abe6236b873c37f0b188dd16c0048aa46bb3c1725befdd3559f3b02bec36945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
232a963df9c46a3800cff779d6b55f50

SHA1
7be597dd84dc0d533363d4d60586842dd9ed62b3

SHA256
7e6c1c19cdd96c8a1e4188cad9cf4307c3e78ec21579fa4db9022e4ffb15d345

SHA512
a08d128c6c9e29f17ebb7592cf46bc9a3754ae82bd7c040366c2bdc3725d51d520e7e15e4c60bf22316d1fa15987e2a9746efe59352814ea9abb4796838b7b13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
29ef89fef11cbb47c6974f857bd347fe

SHA1
c226da3f62c67d390cc286593d468f7ad12fea90

SHA256
16c4f224889cdebd8f7ca536be13278e86b71e606d6dc367c48dd2f7c6f961f8

SHA512
8c80a7af0f8a7a5db3b2f27c904a20745eb42a5b5efdba24ec903009244ef5866ba0c46aab7a7d4420856918750ea968ce268d8b27ba7477b23d786d90f4dc58

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFD72.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE45.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit