b0f82421a78749e70a4f63395ccfc754cd4917a7f2c3779b7cb2e86722908a53

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6974e082b174ba2db8de298fda42172b_JaffaCakes118.html
Size

509KB
MD5

6974e082b174ba2db8de298fda42172b
SHA1

fd27138cb5e3f4ab38566b1c37f454067ed5f111
SHA256

b0f82421a78749e70a4f63395ccfc754cd4917a7f2c3779b7cb2e86722908a53
SHA512

71533d96838230ed5ca6f1d89ded19f43c35b6881c8edfce3928b8e439fcebc3a58dc58f4c572917daa19a57e40d1bb09044180b9a7eb9a7e506ab6c8920dd55
SSDEEP

3072:wn+IpBxYUVG9zfs49PwVfL5AmPTmBcM2mq+1y:wn+IpBxj4qLTF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0405961-18AC-11EF-B02E-F637117826CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422593385"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3016 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3016 iexplore.exe
3016 iexplore.exe
2704 IEXPLORE.EXE
2704 IEXPLORE.EXE
2704 IEXPLORE.EXE
2704 IEXPLORE.EXE

pid	process
3016	iexplore.exe

pid	process
3016	iexplore.exe
3016	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3016 wrote to memory of 2704	3016	iexplore.exe	IEXPLORE.EXE
PID 3016 wrote to memory of 2704	3016	iexplore.exe	IEXPLORE.EXE
PID 3016 wrote to memory of 2704	3016	iexplore.exe	IEXPLORE.EXE
PID 3016 wrote to memory of 2704	3016	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6974e082b174ba2db8de298fda42172b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
7575c39a544943a68ce6e709c586005a

SHA1
4874b30bd1d455b28a95c4e21c5aecd1ea043d7a

SHA256
4737de49245ace1ca1fdeaacd5feee9bbda88bc6f42c84a1ea7d316383792cf8

SHA512
abf3d85393725113e720cbe8980b369236511e3984e8cbfa795f19bb5d6e39822e80a835caeb498581797a74b349765ba1a27f26586a17a66ae1c88bd066a3d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
Filesize
472B

MD5
7fee6cd7d5cd9dee325a9d11fcd4d54a

SHA1
aaf8ac6ab8195ea7984ea4d1a7710539ce91a1ef

SHA256
267c2fdf328defd803fd201955bdf61cb2fbafbe63d12caafc453a6ceb5d460b

SHA512
697b740ed6741ca7c38f5669b1f3cc8a3f638f11452a2e09ae8ad66428e89c1ccad10d00d5cac92733c9cd52c45d3565c64d5afb607ec78568ff390e2beb1258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
7f6a31e6afbf10206053002a33eb1e5c

SHA1
ea8cefeb434eb307e63675da938a8db791ac01bb

SHA256
4128ca6ce8a57510e5c28a2cbdcebd8d183b78ac9c2c377af6e916cf6071a31b

SHA512
d35fcdca3c37010bad1a98a39f5778b4c2f63f6759e7582e16d74dbe9a0ba66a887d5b01599a4ec93eab5fa831bf9a72ecb2df758cce4085321e50023764b313

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
61f102f079c9fa4da50cb5522d6f6163

SHA1
bac585636d404ea9a468e9b178ed67d91f8ef55e

SHA256
cddc14d220acc962ec3b78b47120c627dc0da382e0f6eff602df33f5334f2653

SHA512
e600cadb90f76113e17c537a70eafcf8d3bb50339f1f450bb25a5a7688a33d134bae27c077c9901d736a9e6f9a4f3d23c60ad84b15c9dc69cdf2fd1f0317efb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
864ea9b52b0bafc8c8ec2b0ef7d61e1e

SHA1
84efffad9856be2b4e26baf9bdc6dedc24e06541

SHA256
6278fb7293d772719e80ad2d751b73adef70ce0c083783b4ebfbb9540556ca9b

SHA512
69039cd722814021600a4e5768b1e3021947f5b1e18868d99729539dff877885c396e3385d3d2d4fc60cc42f1be2171f131cba56a97978bbe1a60d7c803e390a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
754f205514b7767054ed258e212f3e03

SHA1
28e242e7381c612617210a069de33682ee3d32b6

SHA256
f1ebe8e7fd9496d32a4a81b21a44fc44af96e6fe7b5a63190c006729007dc36c

SHA512
2b75a2365c0674870172acdc910144b35dec13c12d756472c25a4f439c4a6eebb8ed4c68113233bc1f2aba7fc108fa12cc64b49463a725afd919bf3fe9b6379b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
87ab05533483ec5577a7c05cdf971cd7

SHA1
8b11c21839d08fdd9f2beab21c0b9b3c634617bf

SHA256
c047e9cb7cc48294f8c5c8fee5c2675ffbbe1bed51e3aaded2d06df3af50ba8e

SHA512
906b203e7fc41c60fae82df07875252af318a0173b12ae322999356d5b7ae61639340ec5b362bd29513ec1bd8040bc751ed8230914205c5ab0dbc8a19fe0875f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f2995ab188c456b8264f497bbd8a8fab

SHA1
4fd1aa1087626a0bb5062306f1fd80827e26014c

SHA256
3429421a83d291516ae76b2165c20451ba263e8844973b27d51becce2f2ee155

SHA512
ff0fd3df65ba2665a02bade35d917cd23555267c193149c764f61d21feda49ee624b710534f3f2f1791447aaa90e0a0da6e49a31b3fa95cf67f2b965c693470e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
31d414b088474be218706d09c8129588

SHA1
9ec95c0d54168bb56ae1ad6b25fc3cef8be87d00

SHA256
8a941c762c6a04d2c23583e19f2cc023daf7f9a286eae3f988c5727ecafbe281

SHA512
db12ab8c18ddecc82822ddda367e67e6861b8f3d645e6b1e21505c472cbb154b59b4fddf2d82a1389b898e5333819b4f893b9427c9d407bc02de00b9d3fcfb1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
15681f6f4d3ccf82860404110cf34114

SHA1
5e9294d29395e5bf4c5f09eb844bf75fee26b6a8

SHA256
1b0458924e9b91db65978b14664fbb159fcb7fa50a06cbc12860cc0e2e754445

SHA512
17c176028514421b298ae4009ea21ca082d2394a7c61ca53914892077149decc29cce8fa9b54f4f18ff4f0f97d51d402cbfd00d437903f6f277c305ad0eaa951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
022adc880e7ffcd3d237f37d28a4c19f

SHA1
8951f82eb6a9d04b034b8aad5b3bca475eb074dc

SHA256
6e7dc4be49b7c9b6c1091e4f9aab993f6fbcd4583b86960f754e085a6883a71e

SHA512
e2e7cd05ec00086fc07d3aae7bf82555ba7b578b242ab5c67436d4beb002498275e39137f4ddbcc67559c5365c93660ab3b14737a890eb2cecfbb922c4a8a2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
493715314b80a244fb29bbe08b75841c

SHA1
b65f05e8be30389594c7666b09a79a3e9893d124

SHA256
270975fb12d4c34ecacea37f892c5735d95630b1c859947b42fe703268d94b85

SHA512
c1619a8a9b957a92af17423b8cce73ebcb4c41b80a166d2c952beac2347f6a0ea1628a955f91a9a354a22c617541ecf01c708da1927ee458dd7010bde2ec17cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0fc4411500b9b1db0f093dd76419c021

SHA1
c3751dc5e98e5d1a7e62bddf8a5d05f3fb7e3839

SHA256
a3d27be4ec3bc062c52f9906ef1b536485660deed223ee7e2afb6b0c990cbad4

SHA512
c303c7927105e440e455daaa4d14bf6880f8bdbfb2c56d7ab21a4b7cf0531aae2316b7e1fc2a03886908dea388581f9a6988d2b4a538a7f143c3d28bea302410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e449db7c500edd943f428fe3b3c23044

SHA1
a00b2f9f87b96ccfc530addb0a72239fb17566ab

SHA256
1b09d129cd99b9f081ecc459362a338aaf3707aa836e747e2f101ef215ddbddf

SHA512
b28c582f556625e95b1868e3c19833f0fbb933deacefcf73b04239e97032db2b3ad1226dd5ab450ac9d556a7131bb00d04d18501f5107e3cfa71c25cdda052b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
Filesize
406B

MD5
a69ac12c113ef201dab9f429bc59fef9

SHA1
47a862b102d4fe90a1c80653d703c034ca9d1dab

SHA256
1b77282bd1e98b700300bd63d0c2a13318ed3fcbb518566341dca03c691a1707

SHA512
c34b0eeb2f29dee8a756670297293012e71dad19e785d54547f1043fcfedb62a99fc37b754f4b63dc0565c6b3b3ad9ed35a242ef773ffabe798a21840420db06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\platform_gapi.iframes.style.common[1].js
Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\cb=gapi[1].js
Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1383.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13C4.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit