0b0aa8df8791c58db28fe1b4e5d1fac739d5718994b2fbe4032dde1fb9bd8ea7

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b01e4d7bc07c32cc488b61ee9d3d988_JaffaCakes118.html
Size

213KB
MD5

6b01e4d7bc07c32cc488b61ee9d3d988
SHA1

53b3932d12f6c6a435a1743e751ff71b9f69dee1
SHA256

0b0aa8df8791c58db28fe1b4e5d1fac739d5718994b2fbe4032dde1fb9bd8ea7
SHA512

a4dc4f054c8ff5bf716c74d68e4b127c09b82afab424ca8c24c6dd7fd080a2f52de1d2f57a5d0b502736dea9d52119a347bb700fc454c3cd791a28458b4e445a
SSDEEP

3072:SeLkruuGklGyfkMY+BES09JXAnyrZalI+YQ:SeNQDsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422630762"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6A237E1-1903-11EF-805C-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2280	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2280	iexplore.exe
2280	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2804	2280	iexplore.exe	28
PID 2280 wrote to memory of 2804	2280	iexplore.exe	28
PID 2280 wrote to memory of 2804	2280	iexplore.exe	28
PID 2280 wrote to memory of 2804	2280	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b01e4d7bc07c32cc488b61ee9d3d988_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8041fb19002bdcb7ec39a44ba37dc42d

SHA1
b0ac4ba58295bb842f7a66a0139cdebf27a3c940

SHA256
481efb5f820db6d6370e3c0382322f3ac0dd83be5f1fa8a80af7aab999bb90c7

SHA512
6aeeba7a96b163943bf9ece93109d12895773190cf080d46588b244c8f5e71d0f051306e0943f562e86f48132e65d845024fa7db339b2a28f7b5678d1dc8d107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf6a42fb4285acac8cae9c5b2d4b9345

SHA1
783bb7bee94c855765e19ef6a182fd84f2899457

SHA256
e3751b3cadd7133e574b32742e239cfe6f0c52d683335e679873ee0451bf89a5

SHA512
c1fd0143a0b26cc82a7c9aff9352ebb72e65c3c510822932bce30b487cfc4b85c5935793e8bc9b328210ccdcd76fb1583ce0965613b825dc5b5163c4d7d5fe5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f653052a95e680c5543562048da38604

SHA1
436ff1f655df85f938bde7fd78fd4a809b675086

SHA256
ae5dd78e9409a797d2a2e1753bfde7014c05a0316e6b0109966472e3df553550

SHA512
d245dd243ed495494caf4e690621d53522876dd23dda8ebf90414b094d54fd78e81bfd9b56cab771228334307cacdac5210f1a4173ed624d0a2f8e3b05166616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7feb8105e5ace7a875812f7c632357fc

SHA1
4d78b8fd23afd8aa90dc564f4aaf85c301048534

SHA256
f8867c5107903b8e5cb3dbb6a0363e52fd3e32eee875b44c70ee15598e645f86

SHA512
07ca2110374144220c550423fc123ebc4c1a1ef29bbf1d4dae99b12ff330014528989885a2399cd9cb8d0eae225fb6a18239161519ad9fb5ad2c6c9754068cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
606c0963086ce4521ec48dd304e10e9d

SHA1
418e4892629fd94f3768e7e4b16eebb2061fce4e

SHA256
a358f9121c450e2cad5a06315c7858585826287e7cf1ac88353c7c63b578b526

SHA512
d0ad88133ee4a21ede571da95f9e5eff9b138a7d1eeb2c5627ed353c3a797cdc9fd2df71000ba821bc3f457dcdeb8a7b7b70b68c7802d7e4589f020eebebbeec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fd1ba50b27de6cfd040875c7b10f2fd

SHA1
8bf268fb5f9de411e9bad110167bbf53d902d6f6

SHA256
896ec7a54174b793d8d1deff7dfac9d469f61bb314236c8b6906cfe6afd53b6c

SHA512
ab186216450d465352809d3fe383dea16a8d01d06c5890a8a110e9f0d6a1cba376aaa592a54f6a60621550f535e6ec09b25b6a590e06e4cb943457b6a0709ff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdcfef8ca19c2f7b899c64018d565a25

SHA1
387006dc92035cd268eb7925a18d18087b5c0217

SHA256
9e3ace50eee8fd882c331d0c12169db51d012373df53578d4be0885a1504b5b8

SHA512
01b98c174a60c3759858410386cabcb19b9f7fb15ac7fb97ec54b94d2e180ef0a4f813dd78056c4125b58f621e3ddd6b2527d7fcac3a7e2d58864da2eacefb5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db7020eda27098692a6abe8a4a4a423c

SHA1
1f459a6f8b254b60b49134badf0c4f7897f01782

SHA256
fc11645b3f0a477a447f04c93df0ed56631475405fb402b29caa4f80ffc60781

SHA512
135b8f780dd335a604da1fafb3d6e021cbc90a24877d7b685c5ac7aa5e86f603c2bd4e2bed2ad54c8551ea35d6eaab6a47fc0105548ac9d5f9fb88c85944411c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68837dffdbbfb84b2b26c7c516c6853a

SHA1
b496a1755b00dd464ece11f8c275079f41be5f56

SHA256
ba03e005dcccdc8da98a1136cf598e3ff9cb05ddedd0f5ff1eb540cba553f53a

SHA512
977d2a8906ff1b3beca2e170d32d9a229c925598e3c70d23034b5f00ff6428cf8dbaad676f2a5f079120c4e9cd250b848c9fd9417252af17d61ba63d1f5e65b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
035d293eae40ee533d457b3a09f42d31

SHA1
3558f80a4075eb9eae54656b6cb41fe88cb0aa2e

SHA256
5815f6ce7e1efa69a1ce5fba417e1288001fff09449b08b1d83befc2f2d8ebcc

SHA512
61226fad1573a29c67f1c954fbc943556e2c6b0cdb05ce91caf5b84bc7efc9c6df7921bc31c4d24491184aa5e3ebafeda4ccbb49381c6b75a839ba14f1990093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fee53cbb9fcc65f4ea07ebd6dfecf62

SHA1
2688cf76882c162a53ad55af7a6758221e2d9eae

SHA256
b12937b42f69e0c3f31232447bef40f7d55427867bcdb0b83b5213f665791bb3

SHA512
8dc4621561ddf64656099a52f93a4f85f07a67f15779babb4cc4a65f566af1daa8486b09c29137df8b3137ad489c507bafd4d147718d284211ffd909b329c718

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75a866333082595deb6133c6c2e3485e

SHA1
1639b5b3ba056355ebf8880eed0368e1207f7722

SHA256
d3a276338d4f11da7ed04d0f99e4772d6a7102853259e956ac3e4242b7f14906

SHA512
0f597c3d3570c57d165bd5fd6b16191a1b04ca97b01aefe611246760191bebec32cce76dd23cf1041acaf34f8eaa00def489ebf0905e016a2fd8436076a07509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b181e75e1561ad08127227db0354e81

SHA1
c43c55eac6c3fdcd4f31ddf7ab1edae30404bed1

SHA256
89d23d1f40bd9072c103b35d0808e5b489b228aec4a732d9b960325baac9c2b5

SHA512
70bcb9364b97fbdc3cad482a6f741771d1e241172a8469a9acfb4c1ba78326c9e664afdf5853277a76c827fcaddd10c798fa406bb01055bfe4ff3e29e45c2e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
417cb3f796d8c57fa6f987e32b948693

SHA1
1d397a7d815266d1dc7cc7eaa9e5221000a0d487

SHA256
bde488c11cc760b2952f01cee80db6b99014aea791843f422a9d34cdc2fc5f6c

SHA512
0c72a05a1f52915fd2c58729a133bb4938b0ed55a2700a0653cb04e57d591d6b47ef183537e5b06881c6e3a406f59d5ffecf7617334b5a6067394be836596d99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca14617d6e0b0e32cf7053bf5005036e

SHA1
f0e4f13f298654b57190312f451a72c5aa48b2d1

SHA256
74c09e9c9528b52de4488b4466c6a6cd7bd6e8b59d777c63cb371cb74d61de1d

SHA512
62c4fd5c8d65091fbf9ef05263c8905eb388842045e0516234136ec1d9913b093144e9701354d183465c606f2cdf9d833323d2d5e76b37f5462b2a4672a9ec44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6650a09683b7554d307ef8af5ff746a7

SHA1
74b75e64c14686be8784d6ccedeb563601fb24aa

SHA256
a7688574d213fafee5dc5b22223e832735b08c8df46773154df73befda3bfd3a

SHA512
b70b12132fb2322402c18326dcd5b071d731c576a75d47435949632d964edd3ac6c45a32f28b2655582e5e86ce010ff098198598cf119f0b76d11542fb8b7433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7b2f508a118c3900f5a6cf367cf2252

SHA1
42ab70d785282115e206061c2588416d01d1565c

SHA256
44b30b85074c72b8f22b7215ee5ad1fb24c4e01cacdbeb5a3688c4bc5b9249d4

SHA512
db3b04b93e38ecf7f46ccaf3226b5e02f0aa6adae0ba69f2b80aa6c4b7ee06f4306af237667e3638cab0fddf9e06a126f1f31dc6959014413ea907ef3352e6c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36aab44e3dba6155c5e4c6c6b63bcf83

SHA1
6a8a3a6ecd17d448d88c917c12cc0298152e8ed4

SHA256
fce40cb2f8bdaf4be7106d1ac88d46356a8bce65a4cae9c7131ccc25a570efce

SHA512
7e7f6d500d2405dd00a9bf1e6cbbe2e670f06ed47ea67f760002ef04bf1b7a365672f6b90ee3f5372b0037b40813edc5941504e6d31b182067f9aa396bba3cb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
244834ece70d4b5e32dfa6ea199e8e3d

SHA1
45cc0077bd96de0de919bda8119b91796d7833a3

SHA256
b7e043eb5f9e3f7ed548d8d11e28c3dcb660ecb69cd33091a64900f8a0c10ba3

SHA512
f96e6302ab5da9a47de890d9c8c1ceea690c1dbdd79ece208df6c695b38fb1fb40d23669930c9e7ce5b096baedc3e7d30e675a56fe4e4fb3d7257fcab697ec10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab406.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab504.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar51B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit