12f38b6b3afff3c564861b310dddc96bbbbe6ea75f7271593cb92e967cab3a87

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b1ff2584bc0784ed1b1c5a4141b52ec_JaffaCakes118.html
Size

213KB
MD5

6b1ff2584bc0784ed1b1c5a4141b52ec
SHA1

e6d70c693bb4131c2a26293c8df3c3373cb13444
SHA256

12f38b6b3afff3c564861b310dddc96bbbbe6ea75f7271593cb92e967cab3a87
SHA512

2840290592d53d4a074155a75157b5504775f58a0722bd9bf82f2bbe3d4d0f5b55f0d0c7517c128376b3b66986999710ffa1b49ade70515871a27bf87b1de487
SSDEEP

3072:S4L5OBECoCP0KyfkMY+BES09JXAnyrZalI+YQ:S4MkvsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D7584F1-190A-11EF-8C92-6A2211F10352} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422633591"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1960	iexplore.exe
1960	iexplore.exe
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2592	1960	iexplore.exe	28
PID 1960 wrote to memory of 2592	1960	iexplore.exe	28
PID 1960 wrote to memory of 2592	1960	iexplore.exe	28
PID 1960 wrote to memory of 2592	1960	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b1ff2584bc0784ed1b1c5a4141b52ec_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84f54a856583b132ea7db1023d752c92

SHA1
bfb30e421e49dece8d1d4d23e9206c0a273b2f42

SHA256
277b0fa9442d79e18295d197efef5fc0bd13a1c1adbcf6ab334a36c17e1865a7

SHA512
72d6ba1aebcbea0e22ffaa6750cf8299caf04f23077771d4a64510a94ae9c366be580b638c0de97e42fdbb5a9923f5e2755f2cf70e1f4fc41726a37e5304a131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3382b591a60d86591a8bc7fdf117f6c6

SHA1
88bd6315dcbf301a6ef5df58c7931c296653f696

SHA256
027a61ed089ae85657c7a6d49208b585fbe7ca624a37306c1466798a8fd634b1

SHA512
aa2a9df1764426d2224d3ad52bac09f217af58ceba845a7f3c91dec38d456e0974d798ae6279748e24bb9c5bd8953cd381f544c2f239ef84b1b4cb09669e5db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2e4952992305569031c68e8f5a8b31d

SHA1
5b0159a32011df39db17d96e75f9ad67b4935bcb

SHA256
8483c9c91c53a5c2af379270ed5776fd844f662627028c450641d1ca717163b7

SHA512
3d326f59b77337976116f6dd6639bb28da939a3eb97312f0ccc582edf267b01909ef1d168c862021f75632f7ef9986dffb383391f7459388a2c49194ef6fb528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d47e49d9d2d0739aea43011cd8f3628

SHA1
15ba404cadea29232a448bf69c8a4d7ad0eaa79c

SHA256
8536029d693af89d40c207e9cd6cd4d85f3b765acad5c10d13937f980ab5e6b8

SHA512
d78d4d2378f0f26b1b21115b874b818326eb2c290848fb41566c6307039f9edfedbfb875ac3f4bd9d9dc65ce8f3d5cb829624f0fb39119c361b8b67078bed6f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea2e3ea554f7e576f8ac792b6f759487

SHA1
bacb87e2bad71672164701a49d0d171954feabbd

SHA256
3b45c1686f477c3c318b218aba145935c228017bdebe503b46566b6a2c6598dc

SHA512
a8b0a2785d7658e8a861a46f94af8b7e828ae39c68ae843d2f00ed90fdfc5e7c2d11593140a5c42865a49c6fc3c70a8840ce70ea83dced558d15d64e58d627ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5df2af7b33f1adb6245928dc464aa934

SHA1
2791b96820a198a20d671436d60d85d54dcd6839

SHA256
49f4696d25b5a77e7a2832db078ef98f408dce073e0a975ae57fc73e10f44a3d

SHA512
49a962678f0dbf1c01754d0998c3fd1693f2d2d1cd50e3af57b5a719957662ff1afbb1f42f6399df32ea78fc0edf94def70da8f63f03d0d4f8c9a0fff2ec7149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
839d11a6035f7c64b02d1b393b582cac

SHA1
c26d95b16fc5d6d013856394dd29fbe2018a5292

SHA256
d99dc377e5ed2bdfd434ce2ac067fe964dd6fe7892675ed9f9e0c9ca661519e8

SHA512
b2fc02c73ec3f5e1f34589460689523db3303416c41b0712ddc7ef42ae66ab7217f28839be19825463927b6812de9ea9a70f1f5b28dfdbe2311516d4fb74b0d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b626a48228c94438499cae8fd9d841f0

SHA1
669f588130675f559282b3d3566814518c58caad

SHA256
38d1a8ddc1d36772cedca8c69c3759a0f54b11a25f9932c8a633218180afa0a7

SHA512
99a85d0b071015691d138389614072ee324232142c6a18f1851cc5895e7e505c8ea829d0b7394413d004854f533285d21faa15d6f7dae9323026eacd90a7eb87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53accc1ab64c0dbd1aff9034bd5b388e

SHA1
6c23f00e6a09e5f5c24fc0a4118df8d853c8a267

SHA256
8ce2598bacf64cd69a489cfff42b854d1b89fe50acb4d17079e9be86fe22b42c

SHA512
a7a67ec8dd5b829d122554e2e000f3c17f1f81027679383cc8bced6f7e15de79bf25f20f135d0ad7267c105dc70e6ff03124b6571db0160ed66fe2ebd3c03867

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d100eb1e6d50e464f940c944954cb0fd

SHA1
1d95c035bb0d87f7f9f51fd59433dd8e8683686d

SHA256
cfd660b7900a3436dc4526c07bc24a2b09a787b58a01c1b726567fd98b866d4e

SHA512
92131b92f564542c6754f577db1131d81204feb793b925f5b1b6bd4ff39a78176f466f81307809b33ffd3ed0a190521402e29c6fc5945e1681a4818a49f82eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eefce4477dff464dddd8e8f4150b809f

SHA1
e0caa2648a2763f87099b231b6859997900d4f82

SHA256
fa9fe3ba8a13b8e8c2099ef972adfd8c6e2b018a3c9255894b25b34b8cf68b26

SHA512
fbf91c11e66a63e7f6a7f77a7f5a97418bdf2a42d28ae270d1e930a892aaa5e1fb59600a75137e77f642039b80dfad2dedc6cb4cd6b80c97696c539442074a4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1d6c02fdd575538e80d9d84362936fe

SHA1
e7807d7e8d3a93987cd2088f2a74da4a3269ea61

SHA256
cf4ec4635a50269176ca9f04d094c2f318fc5486b2b8b3b089432d73626e428a

SHA512
3e3a2f00d9d7c7b214cd6ac802cc4be58a8b370974d99527c4f3d4e7c636bcfb317b00dd8b90924c0c809ba52d608c9b42162829e4c2b8dcaa9ef5e6877c0501

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d34b8ba1c5b966a0561560a17a3b337b

SHA1
54cf49ff07944c51fd3c7c7c583adca2b127588f

SHA256
d583e4981af4e011c1037a63355e10e025c6834f8add509e0cff6dc008be531f

SHA512
08f6be438c7fcaef29244473c7b8ceffef448fb53d91fcf80908a4b7d4ad12f3f8cee9c5154a38ad9246f8ad93d7ac737d9fe37ee4ca8916481a31b7c9dbc1f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc57cfd02db292218080c70f4a816105

SHA1
417d9374e4bbd759d4d6a2780dfea79a9f249d1f

SHA256
b51b7ca12cb73aa28f1523c8f673761f6bd697ac5d8d4eff4a9d1efafefc5c90

SHA512
133f209912ae1943975772b4b6eca69c74681417ca1b93332630fdd69cdf5d352b5cd726884c0ecee12da95e8a76ed25750125dc6866f57f8416e8c86cd52850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3772d6a99b58d06d8288e7ae1aa89b

SHA1
0b88c0dfedbbca4d3fbbb9024789e86f4e40b952

SHA256
84a3a9c7dca2e9fdf056dc5d2152c7d04768c977369c65ed41155219a1e3d27e

SHA512
854cc2cf5b4cd8825cb01d5986cd5229b504aed72b4fa45dd1ba2d60eaa96c2a78cbc74a37f8ebc86b0c7ce2fe1eddeee86873279a735408c404b9018c2d4fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2358daef0c339254140e9e1a2babc42

SHA1
ac790571ef052e7861b6088dfba288a79d0b0f21

SHA256
0f1885a71f960c64fef97b32a93ff213bc8600a9af823764b9eec03d65303e27

SHA512
5dfea0ccf05726c60ab4367c382e170ea8caaf35a73b32a3a3218d674fefd4080affaebd39f48f8fd85cc38069c24a4334ef5efd0d33846219c986f418e04cef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9974e430acc1e1268c10a97bd431cb2e

SHA1
c0eefd2f7a4ab38074f69f525fdacf0e6e0cc5e6

SHA256
0501b9aaae56e6f35e2aef1f502f230e388e2d25310ea9bc66d5b602df30d0b1

SHA512
f19d5c30d4be6f02fc7aac5c85492b3400d35890bf562f1e4c75f0ee63ac6030edd0956c88aad862f1b86ca1befcbc0fec3de25da3ef9ce9b533bd9e7d7c1df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e14c92f825924072afd22c9f4c7a034b

SHA1
e589c564cce9e7f05cdb482e65f680f517abbc0a

SHA256
6311e15c52535c50f0f89626cf74e5c144aa111a68d9ea24ac20c0b97820307d

SHA512
99e55233a4e8f1df46f05cfbf8041b494505c4d6281c8557089c986a8a7e7a3bad014b9959bbb048a8a305a3d327fba738bd11934d72e2ef73f6c77a70d01f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1fd6a7912428bffe1560bce13307c76

SHA1
0b0221b1a294a1d4edcb239f7ab2709d1938bed0

SHA256
e0d12c9c8051ed92cf912c9ff68a5c46905da7d10e089969fa418f2f9a27c03d

SHA512
d343792ded0f22e6f9bdb73894b36d4398bc3b888427473a6df70f9e79c3d42c19e9d39457e6427c9ddb4e39f522e57fa1f9fcbf5dcaf4540cdce50d46e8176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2223.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar22A3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit