948d56e653714db6971dab9866bfdfe3bca6e120c0f73ca4dde1ba341e65b1fc

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69d062b65c50b6dd72157ed0170ec4e2_JaffaCakes118.html
Size

142KB
MD5

69d062b65c50b6dd72157ed0170ec4e2
SHA1

acb04050817043bec5bd510d4907317d69cd238c
SHA256

948d56e653714db6971dab9866bfdfe3bca6e120c0f73ca4dde1ba341e65b1fc
SHA512

3a4da14ab40663049de5443804360224923b508a950862049abaa9a836b16ea0d77dfb938d5835a489f708d8730505445cc62a4da811897c05d71bdb4624f32b
SSDEEP

1536:SU6fNtQiZWWx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:ShlJx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80F75BC1-18C1-11EF-9542-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422602352"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2932	iexplore.exe
2932	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69d062b65c50b6dd72157ed0170ec4e2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01c4e53722babde27374170f03d39c57

SHA1
4abcbbaebaeb6deeb64d2c4c33b450c639e0bd46

SHA256
985166f6edbbdad9fd9c546fc2ad1405fd443a5a93dbd72a1d87c3380eac1337

SHA512
7e03306b0f44e2fecea997eb0941bd325f7e235ebcf13562e4b56dc105d262a47e7bfbae87edb94ea2a8148f8da37487846093653fb2686a96c5e4e32630b155

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23af01d8a65beaa1f29a7d357ef54ad3

SHA1
7e2b3023f7ff971f8a8a7efa291191ea57ddc266

SHA256
e830cc4c5a21db148722dcf48a25e5cb40e92f5c4c511f022d06f82a742619c1

SHA512
23d8689ea671c383d49e45005a7b995baedc96ac284a75e2cb59761efd3db9d1ef5b836e7ee9313a41e6aac2b48fccdee46a47c479d3baf6b333f39b01ac00cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec1e926634f3c3d6e4f0b9caf8525484

SHA1
63530d1e51ec9eb56e9381f87a8303dc67ae9093

SHA256
3eec6f8fdd09a6b2bcb1802bff9aea03551cb8322aa50020dced104e4b0178c5

SHA512
2f449747d1dcb9e6d9b55adcb4c2b1f96119010ee98d3dd0204957e61dcc7834ef1d7dfc6c9e522026529dbdc3a757413630e596fd7169fa93462f8ff0b01b8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
741b057a42b7bdc8b2d669d64e45ab63

SHA1
0ccdb7ded424997d6e2c4517241a54119f58f318

SHA256
590623f2dd44ef407c086f9d5175cd5fde97e6af7c996d59de49616a26d86308

SHA512
d17c54e316b94f8f6d050da38f72b0e12adbce444a85c3dfbd88d9e88ce9631c71ca438f2503a0077238e1214c4cebf42f3bb0c87c039026867d7be1806d0de1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec26a34c057362d6882dd07f179ffb18

SHA1
d2ec38c08980175d505745db81252e98f021473b

SHA256
f4ba557e315167bd1e1d48658494472338c07544d5a99a342a9f1d1d0190d3fa

SHA512
9f9e6f024d95c66208ec37ed3b21a9941d352e8b493bc83838126e58c9287370cd2250bffbe536e931fd49dee042ba0942cbdbaac28a9bbb2761138583b0ff14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
887a46d59c6d486efbb3fb4d184087dd

SHA1
b9cfe30a2ebf1cf7b31dfaf4b5e4a512e1271864

SHA256
a86785c845f9cc6e20e3f55061ea818c765fce3efc504286613170c3e5874872

SHA512
34970a77b90a34c852851ce902a4df1b2a82d3fee9df9450d18858acc766eea63b4cff26006f8f81adfe3ab9507a15c9be93ebdee6a264c6634b2f01ad59d8f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d58594b4e20ea5f85a82324ce750d16b

SHA1
54ff5e60ca57bc15a8c6a3df8daa6f84609a638a

SHA256
f7411d1dea961397300bca5404517e5cc9e3b366b55078f98e88261988245ff3

SHA512
461a946cf085ca3eb80972370ca7e3aa4580f8d2bc0434787678ad2feb4a98b900b898bf52f0d6e412be477c1f31a7970d0d744370ef5be28c6902022091c24a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d6127a7d8a7ed77186d1b9bcb65da6a

SHA1
f064a81789ff2c2c1802bb083097ea5b7beb96e9

SHA256
e480189e1f61778dbb37430559e139520ca07a3f34176d9a288749ed0d24c0e6

SHA512
131d0be9e45de21fb9602538a5ede72e2b08e132b0d939ce20057f1e6367bfd0f14662560493a3d0edc84f7d0c56e3e43c76cf4255e70ec4b5bc04540e15de18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
429323484890b35d8834a925283eac1d

SHA1
798ceee77d98399338ba7127c75d5253f4775c8d

SHA256
79f80383dd1784e762600cc5bf93cf0ca882bca208c511411c57c4c540c21642

SHA512
652dde4c3a16ae85606b69028dc3abaaf1a5128d6afc8cf013885eb46e5ce17a557c78d812b5228f830b46df70148d465e441cb91530cee12f6d64ac181b8c08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f97ba2e51a692c5d1d45f09893801885

SHA1
1f0ca9036b9ce6e22403aac3fb773157970ac28b

SHA256
e38a9f7b23e50b463f6aa2c1d8c3d032003d234751ebae1cc7fa716c487537f9

SHA512
81e280e0416dfd4c9e8e13c6390086895c1ece888be5d5032c6612505ac2f2058cece79449f906782eb016bf61b651cc69e3751093e2add11782b3b3e836e068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4350a8a6342ad643bc2dc432809b643

SHA1
8c451e806f56da49791f3e0853eee47c6b9040f5

SHA256
c97ef386348c2d6109a773313d8b1cf05ac81baa53d59431f2180dfebd3bddfa

SHA512
5b64c2a555b9dadaf01b8079c9d2a13f6d7f26e571949cadcfbeea5ad0b292c9a7b685578ec78c05e78e8982750318efa78d0a749df7747f72f93ae7818e5ded

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47a52e4a83957fb7b3e5cf2849e24685

SHA1
a2763a5d509a8832efb6b5299df5a52c1ef0c080

SHA256
ec326a6dfaf519ef8a6926091f21bc11d33a7b7bd095da0141cd1e3fc1f1b4be

SHA512
d1f1207d4829a7c6c3d3b1a14147ded7f72b6cbe6e861e5b533159b7cd4d5cf572941cdf8174b31b1efce24fa1e59d00ce1de1834e243e265c8646c70c8fc8f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c945d88269364af3759ceb584ced4d1

SHA1
64db13313291ddb7257ef8207e86da29971fac00

SHA256
a8a22778615b9e11fb95c4cade6f022887f6bbd1691ff806edb34c230b91c199

SHA512
69eb1d72b460c8901fc8f9ab46fbee74e4afbeeb23e4dd551683b0166bc76da57ba875c15980559d646f2f8990dfcf33e0dcf919e3dcecff1891858f6f2fd0de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f863198bcf39418efe2ff609618e298a

SHA1
b9ec474ac97b4024420c07ad611e4732bd01c21a

SHA256
3767323ed043c7aa34f3c247f2d583b926e3e50a2ef5a65894b89e06ce06540a

SHA512
564c001b90640b45a4133bce138e1ed482b12bdb175538b5ec47a29c4316a8576946cea8c56fa5ffe6952af0f10163e8d04ad51dee780e15df4fe3b207ba3825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a557d925228f4ccaf7b897c36d5e889

SHA1
d4368e3b967fad44be4349126f21d142066b8b96

SHA256
3a1587f4239b4c96eb8ae57d472944e7bd8517528e34685d6956b9ee994b828b

SHA512
a3edb4451d92bc219d333faadfa988fd94af9294ea5d72c7d2d0c40df2b3df9700e65705f1d8d4e63c8970b62cc70669d90f8441e0adcb4a13ef60deda862e4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d90426b098dab9ab319923e32ab43d22

SHA1
e72be39db5ce95b07e82397d34b4885fbb9e2d22

SHA256
ff56cfcb910549c1d260bbcb2eb6df6513335250edec47614fd2e0921c107770

SHA512
26cffe7123910893f0f0bfc84df5953b3e8479a3e99f4db010a2ef2dc113ad9a14b11629986d0af0740bd35246c3075a61b13eb62aab2160f0702af05eed17a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
176c3874a99d19404f8a845fa0217711

SHA1
8aef1de8be3366bc8351ae002191967a4457a9c2

SHA256
87c2eb04d8f7097cbffb2873fe1a052af8873a0b660d8792f6d353545487d4c9

SHA512
9fe002f5564db420fe4fd6e9e9f98bf94e6bff7d40e3dbdbf2d52092ad5ad3206fb7c9c838d5d4515ff8a592ece16919bb1231ac7c0f8a5b46b5a2bd0b121c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bab268183cf5c23fbb07fc030da8f05c

SHA1
2d5328115d28e05845701000ec92ce74208e56f0

SHA256
298fb3eca0663555db06da0dfc53ae0bef7988b462b1293901a806496f386520

SHA512
8f457a5341497dbfd9692c0d31fddf33a022c5e3577e0cfc16cc271148362086a7a8c7b866c8218b474865a240b5f330d11c5f5b37927bba5ba8306706720904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab146C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar155E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit