7bcf9287c6018b478fe940abe68f33f6bc0e11e5c5383988f7d4f9679814ed5c

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cef3ace3edba768aeb21e6d0555c34e_JaffaCakes118.html
Size

36KB
MD5

6cef3ace3edba768aeb21e6d0555c34e
SHA1

f6e2d2c46f3eec6949ad7a3980de54da165d43aa
SHA256

7bcf9287c6018b478fe940abe68f33f6bc0e11e5c5383988f7d4f9679814ed5c
SHA512

3fff14b7fecfd99dca77144f78393bd6dee8f3f8aa395ca8df294c5e572571050aff3d9be123735fdba6dca1056a12980ac5447effee2eea5d952fa736cfa3ba
SSDEEP

768:SYix7sB6HtkD1YI4Erki+KxT26FXZP+mz0GbmVeh:SYixrkZYI4mki+KxT26FXZPjbmVeh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422676370"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D690EB31-196D-11EF-9DC0-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6cef3ace3edba768aeb21e6d0555c34e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
60ecb91fcf1c4b63889191a60bf1e150

SHA1
f27876ddd33cda9cf477417d77cca68a505ab3b7

SHA256
b49aee58195f4cfb52f2e12f78a21c3ddb71b224532d8a5de29bd1991e6be1e0

SHA512
9db43c2ae6c4faa8eb50e620bd772e2d8f50f133951d1096a8a73ed69e9807a7325958eb284808044b82258137041fbe1fbf553b77e15b4c82b5c424707b6ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d362e23ff10f950145f6d287c6c914a6

SHA1
4693c5a1c1703cf63f7a9aa2fee066b789070e12

SHA256
ea56ec1583158df7df760e376553f69590e37d96e2ab7bd70189ab4d260eeee4

SHA512
f152e29c53d69539d8367ea5e3c6bc95d4f430807c5ad6e56e0ea2a074aa1b1b16d52ad246128715a16a75353c6cc5b00df666e15246ebc09558c326b815de35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b8f9ff191e0f97bede2332f6d63fb5b

SHA1
8101b45cd2f5f6cf8cea56433d0870ad116ad179

SHA256
f6af6a15a3fb45fe0be5473f54c1db7f74b60d4b451f266be1c9770ca02ec480

SHA512
6c704879aec68c94dc588af9a195f2b91afbebb319608671d02c11e7f8d4f41061049263fe8e3806a909bdc78724cfaf2c1e35eebb87f87c91854e68d1588218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30efee80d9c0dd3493717c3335a5c35e

SHA1
959e53efb8e7ee99104a6e47c88757653d33d84f

SHA256
e21e2e976fcbd664585ac5f29e534b4d14f03079864a2906b10d7a091fc6b67a

SHA512
c5fd8d9532c3c4699f342755dbb6170097c8ce9b67e6fb9b94733a9eaeac55b3438611824e6ebc185d2eaeabe92c934ee651b352b9a2210e7883bdb4a1053ba3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50a892b1adf590fe70e6ba897b9a8e3c

SHA1
785e1c4fb3fe395a6b92fb16b5f6270958110928

SHA256
70b7bd566b6b76eaa821d9ea67c0f1ed4b143dc781784047e130f0bf8c21dfbe

SHA512
485379b38c5be5e5654899acc353357a5085dbc1edde492e4a7d162dc5ea3bc081861ecd9e5b46a1736113935a5033b11d5842eb8b35ea7ef762db8b32d7eae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43f6616b725081261c6dde42ea6bd123

SHA1
e6b657884a31d4cc814350eba5905dab4afd0ef8

SHA256
1b50d4bdfd1d08e7346d08067598a7026f0d6c5553751e8a1cce4fdb5c5cb433

SHA512
04b01514fda266a654aa33a1473cafc72c2be2793200a9d13d5f56c907615c9c933a921d801be66500738a76e95ddfb93ed192d9472d7a493fe282bfd608fb08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30f2a302ccda24e7541a9b9ccf472f86

SHA1
866d6e607e4928625ca1a34402126b625be48ba6

SHA256
2a2c858a29afab3d51e6c0bd436edd166a6491c7021ae44ee96759310763175e

SHA512
00feeadcd1ddfb4b3a5db8e4734be57dedd79d29b725172c4b410fac3470c10c2e86be0f285010b2db2fb6415aac861e97dfaa9904fed148041d4abbc20b9d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89c196cff481e5b667f6acb5f2c10fcb

SHA1
b1ee46b7378f2fcf54cfd1843d1e99ca6e6176fe

SHA256
d84eec7434ab313e6839b31fb364bcde218678a1e94be8e8560169c5aec5796b

SHA512
1d6f3f8ebae8e7d5791a75afe2b26da281e44e29e1214f6563aac916dceb0f6790c4575ea66ca1607d32183b6eab13e044c4cf9469f3c93b272e1ff447b766b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bc1508ae44b45c94f0d9705d6fddf19

SHA1
d8604c5bb140efea459809a7ef7da406c6dc3f0c

SHA256
52dfe4a0a01397f477243b0878785d519d71812889ae7118e53e8a562c1dbc75

SHA512
587d2413f5fd0723ed344112d3cea8ff7e2e64b24347f39a16ce5894a9fe88ef9e864c0cab2953e3b739331ffb9e874245768d7705f5a074173f7f19709a9d4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
266538a76ec96e5ae1df10167c45abe3

SHA1
5f728658b2f0f89afe67da2e16eda8186abd62d5

SHA256
20a5c37d16bb3bd56c4b345c8bbcbb91db6408af7532841531984520b58a783d

SHA512
7adf0a33a129871d4a4804ca1bea3328bf18975774ad6ba536530df578fc0614d45d88d8018f15f1d2fa92aed98a4c3a60483c77e45352735f31ce2be8b288fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59d07a2acae55cf18cea38d45a19b056

SHA1
8cc216ce7293e7226727fec6ccea2cacc6cc6f1b

SHA256
9f7a33a3d4f4c146672cf322391774178d97960085ad86f81f515ec1b915b787

SHA512
1ae09607fd12afd121522f76eb489783f9e0d01241e6110fe270e9124fe3771656fea00d965dc5f45056d762a821a42969a895e9f983579860b19bc03933f8e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
78dce555bc43eb881bcf8ed07a080b1c

SHA1
202fb0e165d7f467ae0e1b9d90a5d28cf3af5622

SHA256
0559afe2d91fd1b3fb066aaad29444e8b0e01d5a37c89f4f3eccb5abda76d326

SHA512
5dfd853e097316d6ef69467300a997f192ea66ec728e2b61ab7a4335ce24dbfa1d820573f51b1c4a381055da3715526c671f237854b3dabaa89ccc31a2e4f891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34DD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit