da6aacace0a387024c9139a95af17e59ceca5a317f9bef17e34d3a5c20e24dc2

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69b7394c34546b7c8ed90ab19decce42_JaffaCakes118.html
Size

213KB
MD5

69b7394c34546b7c8ed90ab19decce42
SHA1

fe7ee14459e4b2fc81895822a7f049e888d12947
SHA256

da6aacace0a387024c9139a95af17e59ceca5a317f9bef17e34d3a5c20e24dc2
SHA512

80925548b211d7b9a5255f33121f531ebc1456660268f9bab25a0cabd83b0965e989f98cec12ba871de8d0e287a19fd3dd4f47b28424a26edb8b629d13f71445
SSDEEP

3072:SL7EVP1okFOyfkMY+BES09JXAnyrZalI+YQ:SLK7rsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422600107"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46E12061-18BC-11EF-9F86-7EEA931DE775} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2168	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2168	iexplore.exe
2168	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 3012	2168	iexplore.exe	28
PID 2168 wrote to memory of 3012	2168	iexplore.exe	28
PID 2168 wrote to memory of 3012	2168	iexplore.exe	28
PID 2168 wrote to memory of 3012	2168	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69b7394c34546b7c8ed90ab19decce42_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2eda2bf3d73748a6e9e3d00629bc9a5e

SHA1
453242b0a5a80c708def52cc8c02389657053310

SHA256
72e2a400f89792d7dd2fa8d09c3ac6890562f84f0e78ae2153fddfb355375e7d

SHA512
1ce1d3c3340139e075e8dc05210ac1bb2fc0f26fca8721c5ebf091e64691e843a3e3310cf8a391eb0309d20e970ae865b716f3341e7680dc1b64ee97a2ef31c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6db667cebb9b8e809dd1ba055f47d04

SHA1
7b88735bf8704d3dce4b578be044ee0278ea3f42

SHA256
7b1b6d0819f6efb32519adfd682c8ffd1f4abccdeff7cb9afc7dcdc3e84e9490

SHA512
a419ff30928a1ad9730e7fc67f3517c844db2d514f3ffa1677b46aa0b20239dc117efcab2bfd1c6c782c26b4eb009b0375248f8ac1dee5fb84670e945c91109a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
987e6bccf815f124a3d244591b79a758

SHA1
9c08c8616f99634d1308dd90c7b08ea9eaf512d4

SHA256
cc82a9edafa63aadd21ad4e1df459b6e66fde36f262fea9a1219448351f01ec4

SHA512
9b768c67d809f5ec15271f10636e60c4968c651479df651bbc531c1e7a95eccd44f645272068e767490f5dc0e17b8d6bba99434991997e678bb0d94f11f36764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61e1c52e448455575e27a3b685ae9363

SHA1
0a507209813e4a8cd369b165bdb5d2c9a6a62fc8

SHA256
9001dde23b09d26015833790f3370bc5604942fcb7aef82cdf9e3f01a67aa730

SHA512
1d019b31e4f3743c39710eaec5785c63cd751c77774450ab74c6634b87f7818a6e345348dec98111f6dbac21bc2c7bfa352724e231e53c77d5b0c4fdb8928691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56391b24e5cb856f8b58dff557a0a62f

SHA1
116e2b5a4f879c04b39c79c511845631ff4fa43a

SHA256
9d532573e5edf1172429a4799d876097eeef60ac6a00d51967f1aca5e9881950

SHA512
ca9f1d0a40ed14c00b1b32ff96294fb20140c1c97cf8cdbd06ea083eca35aa2697e3ecd5535733336a18a7eaf56bc07e5f23354b7d099238899bdb6f7ea09bc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bda661594dc4cab01fda3de15306ba0a

SHA1
0ed450f0a2a33e86942652997a4203ae4b7b42c1

SHA256
2f65b37e718caeee148fc6a4695c1f2ee2313ebfde89ae6cdd3349f187793d46

SHA512
4bddfc56163b357611f4ff8587b70abe3bd6031970fb311a4728913e90149136ec7b6de2aa75867a82002d91420b46f5ec620e8d98c294024a041ee8d4004812

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5f0540bbddea620531f65529e24c254

SHA1
2406e3334529a2d057c846e497075dc7a51daf11

SHA256
119a839e79e7c5eea6f374d8316caf5427d3490bbce30bc92e2a87fcb0edd7f5

SHA512
4fae129704ffda92728e7e988d63221a4ee568772700b59717b40d799ef91d8e8156e9bd0bbf7cbb32bb17fc677b49d4f0cb3fc49d90ae0a03e31fa73c1fb31d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e0079d59edb34a0c83a23436ded94d3

SHA1
d6bef53619808d78a54651a0fc74d4e0444e4484

SHA256
f117107faad92bf4892af5601e11fcf60c626a2e07e39a049841cf350eb99955

SHA512
9a93f9ff0a343bf104a17901334a7ac14cad22e8b3535165809744aade84c7f50efe21294f8e69d1f431f4fe16f3ff85476355b16e43330882ffda09c927905f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4b36b8a6e5cd6efbfff67809400f118

SHA1
b9e11235fa458ddec9ee03d907b8e5757abec654

SHA256
f102da37f5fda9a6d0494344a5401e68cc4a39978394416655ba0fc49701b82a

SHA512
738bba16e2fe911119d73514005648d87ba147b3be507736253cbce2099868f94faab2d93f6e3ee03f60c8cec86de15f6af3f5a814b40bcc66a6477d75bb2b56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b2d5d695fd3947c2e70295f9f144886

SHA1
1dc06fd80741b0deb8217f38956af33ecfb2b007

SHA256
33691c3d79e02662e495b893d3aae3e87538595ec1f7f7fa98e04cb7a8106292

SHA512
2c2f144bd31b1f651ae8f896a7c979815add8f7815dc698b692e963ad67c7263b2a0120bf480d8b0f47bafb65b91421e20f30306eee599e92cd307d08d9a869d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4ff758e2724fbef54f40168881d7d8e

SHA1
0b3567ae6894021967b446abd9693b7a365e8f59

SHA256
eaf7d33b2cd503ed6442e9a0fb942da246c6762a27cadf13e08b06db621fd67d

SHA512
b3540d31eaec19fb3d187f17ee3cb74b60eb43764e3cacd25548272c409b42e186daa89162ef0c06426035ebb4b427aa7aa6d6c45a6cf8f24f5f22d606467457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
591fd99bc13fdfd19e5aa42c1ab39a03

SHA1
7c04519b9f4b2e6c9010f5ab3ae5c0872de2edc6

SHA256
faddbc2092f0aed3d3886c52fe8d85322112cc288da10ceaeed9ce045635df3d

SHA512
b8b54db0890c0d42a1bfaf66d010c51ecfa4039229687b3c6928d23502af2432859948b52912233a3820ff211c633fe40ee8b357c6c81de9e4b4ccbad13a3ddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a2a324593cd62f272b23f63c0d6d7cb

SHA1
5e560ceede8a0997bb58aa5d93256d3d40afa3d2

SHA256
1fdab7fb212b57960854ed650b8ba7c2a7a64671898706c08aca429523c2d46c

SHA512
6b0915a4c5ee7b9d9da611ced17c15492e2e4b235972685d13bef593eadfa1e749a4af5eb1124c598553fa71e03386eac14a70d2ef40fa4fed23c61cea47990d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e601381d3bb9df567db302225963f3bc

SHA1
1e4c2c1d2bc0c4bfb02245ce46a1a5b7012e6587

SHA256
721bf22af1d4dcf07109236d8c47352d7d2e237896fa28078ede3d7344055637

SHA512
d2139dbae66521731cb5accb8cb33529a5b650be8563be1b91c25c09d330feb470a81054ed57977029d92be0f9f5c472be53e58b11c535c3b9f3811762c5b0b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83da9d9878af8d2da78bed2373426a81

SHA1
f5036d1e7abcd5fed6865b72dd75202d016978b3

SHA256
725cca9aa4df4b325de983c50980935d41b4546e06088d3c106f710308d60533

SHA512
df6993ef25507d7bc0f96ab53edec54e5855ce8d882c555609aeebf03621e466aa9aea2415f121c685083f73b6fd2735d647c686c27321008632c13364adf9f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df3126e357042a7432ef834d21b9d41a

SHA1
0c55196d95a97b34771056ecb814976bd0225680

SHA256
a391ddf53d347744031c6aa9f93981a1c1d2ab6048c7af9ec31a20658820ab8d

SHA512
8aafc0dd081dc7bfdf714a03df1aca816ec363ec0adcefcb8eaa59e690d297c8dfbc1ccba9d99c76b92f9ef3b447b63b5109bc97d6bf23a6a3261cd869ce0f91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09633f5557469c8f4e638d94fabf3dce

SHA1
1c1563561c187d7868798874069e27e3035706b6

SHA256
42ec06b2382c60887870a32f0a6bc1995fd283f00b41e046e413f5f000a34acd

SHA512
a21c4a0d50de25f3c06069943f4e9709180e62021f1ed2508942bb0ee31be3abbbf32c6bafb898343eda4844ac664a986e9448d9e7604f4cefbefbf865f50c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
315a52e7d814cc156d41d8472c352a49

SHA1
89bb2cc038920968042e5a276d8750c28e073a33

SHA256
5a9e78577783e42f74b2cd51878f1327b561f73091d1f6a13df9dc56bf14e025

SHA512
b11bfa2952577f15862824cf3f7550861363185975632559a27a3cd689d95264af6336aecfd4f8d0220b2b2fdad6a844f36b6caacc9777d86dc2e58a4818e616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fd726a6fc89abad27209ccf538be480

SHA1
bd7389bdd59aa84dd7fc5263e724cf0b3663407f

SHA256
ab5b8c882278be5bbb4ebb0ce125852f5fe7b41850a2c659763beabbc6e9b06c

SHA512
327d236b0d1fd0f2703f6059f6b2f2b0228dfcce2f11cce58762c28a202c5fac573fb0a77073acf2804fa2f9051179215b4ae7f16f94460610a411c1fac94dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2BE3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2CB0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2CF4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit