3e5deddacecba3543ff7b6a2628dd9927bdd2d1beb43503cc600d6b3ce28b28f

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69b94ddb63b868768d58618f112a08e5_JaffaCakes118.html
Size

139KB
MD5

69b94ddb63b868768d58618f112a08e5
SHA1

ea908dc075c38d5d1772cbbcd761e10a87a5ecd8
SHA256

3e5deddacecba3543ff7b6a2628dd9927bdd2d1beb43503cc600d6b3ce28b28f
SHA512

d45692dab8527e0081442955501c789b21643acc513dc7d6e8c7af0536d52b4d8fc6b2d39c21f9b2398d80eb4796b9f347c4c325ed9ac5c141fba9e0fe2085f9
SSDEEP

1536:SPOTfL4Slw4cWbx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:S04Szx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422600398"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F46838E1-18BC-11EF-87AA-FA8378BF1C4A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1984	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1984	iexplore.exe
1984	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2732	1984	iexplore.exe	28
PID 1984 wrote to memory of 2732	1984	iexplore.exe	28
PID 1984 wrote to memory of 2732	1984	iexplore.exe	28
PID 1984 wrote to memory of 2732	1984	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69b94ddb63b868768d58618f112a08e5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf01ac1e818feaf4e4d43232af084908

SHA1
f9085a291defafcabe23272184dfdbfa78d6f3c4

SHA256
fccb75b21a6ae2b83eb03f6b9eda635344cfd2685a918606cd49d0379999a6f0

SHA512
770d7cc9df3b3e14ac7a952aa693023f7cc4e98f0a7e479a448a27cbb0eafa50353e9fd92e39e63def86322d325fb02ae874149122141725305f3ba263dd53d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc4f4294d141634f6e5c851777c6c8c7

SHA1
8b0075c80dec56819dd59836bf985c7e242ef929

SHA256
259c3add82335589cb735de2f94027f64688dd6f9a6070caf292d44ef76454d4

SHA512
da08a8f6af2f20e964238ef2d80c633251585d2394d729986b7fd2a0d02b81295bed19edcba4df2ad5500aa858ca46a374500453c6315cce3662b9ac63ec50f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3107f38d042af87030fcb85449eceadb

SHA1
105cbc62481f8cc369a1dfe73db37a60c5822367

SHA256
072045bbcb5c36598ae6ad487eb25ccc5584652b390200b65bc8420f6e32fb7f

SHA512
4b3168b43f36c5a6a82d36d0f20de2e495460d60b112276311304fefed8cf0c4453ae83299b8d63aa47f382ea19a8c99f75e6396373eef27bb9cbbdfc7941b75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d6ddd3692ee338824dc49ce99c4cd11

SHA1
be1e436cabc2f02362607374cc2e29e1ca392212

SHA256
31cd24c71b0e9ad2812c8737e5dfc4583f3bd2ae0487b8301909754231bb7c42

SHA512
b3ac65c8e117c906babe625e6107bf68d14023bdd4eb4d56925e500c4654cfaf7f1b589a05d691db4cd1091b803c83e6483ec2ccc5c0a98951890fcc52be9da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f67721adb2b73a6a61b8868718f31436

SHA1
d8ed068cda4119af3b755855a9057ffba35fae7e

SHA256
6480247fffe76a4b5d2dc336c8436bd8ad562bd935ab7e21bd5fff73a474c376

SHA512
beb5b3588e59559eec9061f0cf292380efaae8bbfd9e1f256066c9afe3fccef00164699f96ddc28317bdc03f9528d29164626893f53859f4001798edfca9245f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a3ee72e3678a2d59a81e2633b1a80a7

SHA1
5c31245d2cd90dceea7f81df832d1ca0ec15a6d5

SHA256
82d416b0482961eca163fc8c97a75f3fee9a2da1ed6239fc80444b8a1ed34d43

SHA512
8c35c52fe107e94d45d0cfef70e7a0b39c08ec92d3683432c0e1058c4d7252270f9d6d9c60c62ad683221779410762e67553fd88c71ef565eb82c54a8c4af6b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be75545a2ab24a53b7faa9c61e26d283

SHA1
180ef1076a7e7ceda53db532554ed2eee9b66c3f

SHA256
1eb78f2e30c0840051eca2ca4ba7918c5850b346982ed7b4e61c8b7f316a811a

SHA512
e28ed3597f7a4b923fbdb36edd135d9e26ec069d6539bd73e61909cc92a69c9fe74a541ded2bdfde6d27c61db6d4ca016c0302b481712cb68dc8b79d28c53876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bddf91b2d0c97a8fb4b32fbfb6ab23c

SHA1
798d89a6a70e55aa20b50501b387be2d6e4b28a8

SHA256
6ed511835a588c1b2610ed704f2815b895a957ee3cc75ca0ec08f1fcc6fc4baf

SHA512
9fb951bb6745bbe3bebf5b6f574bce07ff9b229890cccb85ba8a99f5b2fff8d8f67ce1633dfafafdcbf881deba5099b0849315e48960bee27d1ce30c469f5b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c8dfe49a8641270be4591de139440fe

SHA1
7892dab9407b13eba16b2d8b8b91f427e33618fe

SHA256
159dc42d22e6110362187887f12d8fac7fb1d9e352117f5006ef7f93c4eafebf

SHA512
66bdf8df61f15e18d3003331556d0898f9ebb85f75a4a9f537506f8ed4cd0ba1a9b14f45b2d8c6715be198c23f971772bc83e2011f8d5e0e9849d49c33a5c485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6efa6ad8887b052cfca8d1ea1f30801b

SHA1
bdcfdfd9d71cd394a85a041d8eaf5734a7acbedb

SHA256
71deaa9b4684d1c44fc90ee24e6be4207aae6509330172da4077af010374a1ea

SHA512
b039c90a51e1bb58a665c5466e93bca60bd2559e8d93c0850d98e8774543507c20752b8f0df0f420f11435ee26e7972a3ce1aa4b252efe7ac8c26375bd06436b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
083839b4f522505fab80716bb7ab4d54

SHA1
b34994ce5c773f5ceaecbd466963f7ad082240b3

SHA256
9f80f42f8cba20e22e69c5ac7166304c9353231d43cccb0346ecf1f5211a7670

SHA512
4041c9835d7cb968afe661aa99fd7cdcb1b590c33e46741c6a1f93d3f2f7926ad848f4ee9018cb53b0740defef151ab573aaba5f2f8152948014edd15eec2365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab991e79cf7616595709ea7aac81b70c

SHA1
c732dbab4b812f8e98c62e54de24a6be90e76fd6

SHA256
176a97fa9264f442069ecd62a6590fe4f73e9f95dfba6cbaba10576682f10784

SHA512
98331326208e401d296c89389181d61a46a659200ee724d684a4452dffa51a0c64ad8cca2caa266bf2ad7bf574098356d97ca7dc6cede15d905347b7cff0e14d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee5e2761fd79374135f323f77e385f5a

SHA1
3f25f0477ac36c8f80c15aa2220780eff180c88d

SHA256
82818f4ba93c5b44c2ef93cef96ca9f310d021e775d6deba0413c7653f88e033

SHA512
3c015fa11a1732e789c433dece0598e79b5019ed95147a56879111107965f2ec3add8e315bb704c7a465fddf9aec088b341c9294e8c82e35f9b571f1cd0c2163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4c996a068a93867d45157a8ecf3bd13

SHA1
f6dbbc141533db68c5f8b9b097ca2f26d6ff2db1

SHA256
45a715a759b819ddf15a6e72c1e4a48c367525be740d6e21ff8bf3640dfdb20c

SHA512
f4780948141b0a8728061ca903df85e424bc4607881c5130b0c37d42999822508d58cba73e3c4158a26e447eb4fd6fd0950d764c23812131f83dc3af5fea59f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab1d91bc0aa024ca2a13ff838689b0ad

SHA1
6f4928b97706598907bb5fd7c783b403d63e1a7f

SHA256
796611dd0316309a675e42025378a51728b79cbe8793b18ea76f3c03be548f69

SHA512
e9f6e62f381728a316400c2fa9baee1c6601bfcf1568f27ff1263451bd7614a81ab66787698638da38a5ad529d02cd62c64d44c66cc0ad9b6a3366f6c2b85421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2a9187fe7363b82d4aea94b07215421

SHA1
6fbd1ac332f51caebf50d0ebf34d78045b9957ca

SHA256
9acee500e7a02bacc698fb18044472076054033b48b3d058fb45f49a17acb9d9

SHA512
f718faa59d2710918b1c5e111c9b65951ed3eacbd728496311cd68f8e58fce6b8f52837b40888c4238ab656dc614a7a66d9a986a7e12f5e0b5b7748f25d6cd53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75f1974a348c7504f69c05d5d79b235c

SHA1
7774f5c51994a43d5ad1b1e127c9d9bdaf5d3d83

SHA256
502890026ff6e20ac2dc6f52170aaa50448558df4514f79a36b57b612da45dea

SHA512
433712930df547581b535e8c350988d8bfad06f20263757915b20a6369bb63173110b63e220cbfdec5081938a49954b7d996f6e61e88871cd9f20c4823cc76c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2a4693c833ecd2b73b7b7e4a125e528

SHA1
9399187782d97383d08ec8fb55bc67f501ddeab2

SHA256
82e7abd72fdddd2c665ec7212859cf2b0c8b6c2fe5db3f06e4ea7a2bfabf1fb5

SHA512
b7c0e2ad8b138bd3ac56c4eb0494237cfb60d1fef3fdcc4814b2b8a37c710dff4210f0ff029601dd70e29519634d107df944fe07504619cc86bbaa943cc78520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E2D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F0C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit