e21aadbe0ec644652cd54311265dbd1619a22181d1b44d87b2ccc66e3508e9dc

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 03:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6d3996007aa66da06b0f0627724d0f8d_JaffaCakes118.html
Size

125KB
MD5

6d3996007aa66da06b0f0627724d0f8d
SHA1

e4e31c9e022ed1a73cf80e54eaf87a5dc6476ae6
SHA256

e21aadbe0ec644652cd54311265dbd1619a22181d1b44d87b2ccc66e3508e9dc
SHA512

7c9a52df006f2b36700cccf59c3b5a794970da49446e0d5d656dcc1732396193ae45ae61de36398671ac04f3e20a705dfa9f5b569d32ff6599877a931e6f7ca3
SSDEEP

1536:SsSNdgJO0jKXT4pgfUuL++fuCdqObd95s1Le+ZFw:SNf2xjKXT4pd6ulObdI1C+ZFw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{097DA181-197F-11EF-9680-DA96D1126947} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422683756"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2748	2604	iexplore.exe	28
PID 2604 wrote to memory of 2748	2604	iexplore.exe	28
PID 2604 wrote to memory of 2748	2604	iexplore.exe	28
PID 2604 wrote to memory of 2748	2604	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d3996007aa66da06b0f0627724d0f8d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
967c74b70027553257149fe16000197a

SHA1
30e93fe0f896c71eae56c902c4a100475a6db2f2

SHA256
bca022c3c2009a7ea66fb2c3a0f96d3b670d211a9827cc16f228e1f7e2961bcf

SHA512
30bc3f49a142a31d12dfc80aab44341c8a4b5653f8e741740ed8c312a60a7526e165c3d7077af5f4b47be0a1cac6a1605cc271fa8f4ef22744915ddad8a0c0de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac4cc33aea2793af7a8ae47c8f8bf9de

SHA1
b2c2b64cddf99b69cc74f08334d378626cc71a81

SHA256
c2a2e895643c1c0174a341ac20b53a9403456b3b3ff83792b7a330f6f529e82a

SHA512
6c67569f6d8eb9c97beded06322620e50e4d33d945f133e393a00c0a7d205db3af0a1ec151d64947d1b87f8b5101c0b11021ccf92de323c9a86e178fe2c21e9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c480ff4bf09f14c5c91cbd0d85993a05

SHA1
aa7c4305fe3ef04235f3810f62becb31d625e9bf

SHA256
0491d926f757c66c96d3f84bfa822c41469fd4a6efd452c220b5274c939b730e

SHA512
d57b02572ea7a8f6970cd147f8be6746acc3e4fe5c03cc004f1761a7640982b51bf9cc92c43ccdc4415d1bf372be8da9ee7c9531ed34f1eca661d641b3aed4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0782a4900df86c4738ad78e79fbe7c4f

SHA1
0151c2782c01f92860d35018be50578260b4f133

SHA256
dec08c2c6ede9c206b65a5eae684bcb6f8d72ee419d41aa40e35e802b3d34126

SHA512
f286e0d8f99e3dc12112af2f55e4b1beaef8db300ff4299f5b56f21f33f751fbd560f059b2471b18b04af93116df442c85e37c8d8d4c969e81733056dcab9dbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7f4333e6147088c8749afcd7c69ba5a

SHA1
2a4a7f7f162a2aced7562bc5907da106fb01527a

SHA256
19e9e4c9817a68215e97b3bc657b17899bcd81176b40820cf93c56e93dd77ccf

SHA512
f1fd342439b8548e3e19183704f9458c43419674cd352f7e3b1d40ba49c574eaf7c3ee16d9f6bc499eba383cfa1a402889e3360bae6517c97687bc83111f598c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e367f28b3c6a7427ab9404bb3e241be8

SHA1
85ed7eab61aa50afb0cee7f7b32d25039693c73c

SHA256
949f58aa8a9a791e77918c011d2223d238a829ca9aec1c77ef93ee04b7ebd88b

SHA512
54c054ee8ea379277e56390b890715708d0c80459ea134f6c102d55f77eda99a431a4aff6487ec8cda050a70969efa8dcb3f679c88d8b753b55126f642448042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
811ea22b619027c0fe2c127df0a28163

SHA1
05830a3d537d740b35af95ee22c021c94eaa5567

SHA256
54488f1f2fb3a33a40d2eb61cc85e8b123a69c42dc6ca0fabe29e3574ab8b90c

SHA512
7494bbf7c35302fc874deb405d0de38da97c3cfd6ae3da0d3e25e3983f46ad2e4738ce0dcdd2f493b375e838c2ed37944713d4f647882041088d6889295c8799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
825bdf8bd9c0622e4a6f3de8f81b6ac3

SHA1
4008a1693b48bdc6d70a4ba7e780589751bcbb49

SHA256
4b2d3428eb34729bd742af5c3445122996b9dd1af7a70a4a7e88804757413e12

SHA512
4cbf736adfc03aac38210da3808be474be0e22b55652fbb93fd829a1b29db9e3e63dcdc31947ce3ca9234b08f72239e555ca30522c9de3e56980f3c8d1d9ee59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4c55c51daacc6279c24431270a25f5a

SHA1
11c4a9a72c41cd8b3f1f1130c9709170f0eb2cd3

SHA256
838dbef95ab6df1a270365c003f754eb51c49859ef0730ec748be4c1fd9032b7

SHA512
2f75edb2e43d2164572abe3723e8e863f36b590f49a3c171777105be2c6741fa770682d52a610f73b83ad3bb4d176c4f8c6ecedf5b28edcf5a1ae5673055d412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7782a8b227e5fa97a9c1bb9f9747132d

SHA1
af5443b6033f3e8e93eebe0512068ae0b4469e6c

SHA256
b65a997956cf2d15413b0be19ecdee5765f0375d990132ce87078c253e55e1e6

SHA512
2b05787e38b091906c1a0764f49ebe70a7d4241bb55d4e77f6a915b67da5361db7a1412b46d4c97303249bef6dd8c7835a134968dec1456b9261252ea47f0fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84018962ef37e4366b80bf58ec334426

SHA1
b1b353aaa29d0a55fc32f1a6cecfe97384aeae8a

SHA256
53443ac745545b12a13dd29eeba014eca90c44509c01465cf28e6904f9f9c028

SHA512
d50c4ecec764ac9a41b44782e2401c5a23cd6e09b9031ba12fca600fb874a8e8d3b659433d028734f78e17404d98369da2f30593ca5a3b909c0fda19fd4192a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
831022c20f30c15fff3bf716405f2dee

SHA1
edef083ec92202ba4770282186af03ef6fe39c60

SHA256
f61ce80d3080043d930a524ea6c4902be52362f2f738f9f20a282aeeb7410696

SHA512
f623e25106018cc3b4b2908371555a498f3b1e817b964b6c9d89c6400b03c6a4533e30a0fca0921307d4683e60d4a6af746a533b7d51b33405f7ceca02f70058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cac68dfc9204b50fd112f5085434c5de

SHA1
d402a0821b43e12e4ee1c1b4b0d16ab341ff610c

SHA256
4933582e06e6f2ead2cff00b5dbbb11272262d2e5d108a156e498e90446828f2

SHA512
05d2c0d5a81a5bd5ab6610ebd70a6e7654957a2cc64f768afac1490f564828608ff16c53e37b7092644d9db4ee28fcdb8214a1b851d160a82eb59c64c90da3d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
83c69ec35f91453f21c3b9e8d3028ff7

SHA1
fcf401be161245de030913eafb5018d09e2846de

SHA256
fe9afea29e6f23f26eda01ba81ac54afece7fc9d25f0d5a1d50016292f6d0155

SHA512
a8518a90a7a90297b7c748c6f358e203cefb4576b88cb68323212951cced808d17ce9fe5cdcd6c554859087aaee7d696ccd3b455a82acfc147dff742977ff142

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab29DF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar29E3.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2AE3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit