d5abe52af61edd3faae520b8c6e875f5cfdd1598db15d122ae516df69d8791d3

Analysis

max time kernel
138s
max time network
138s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73695c37d0d1c0b74818a4e335a46565_JaffaCakes118.html
Size

597KB
MD5

73695c37d0d1c0b74818a4e335a46565
SHA1

2f2cd35781810b7fcef539a837b211e9a0f10924
SHA256

d5abe52af61edd3faae520b8c6e875f5cfdd1598db15d122ae516df69d8791d3
SHA512

162cee384c09bca5a38ae0474a4ab07b3663e02924a3def5f25ce4e7cb1069569dab38847ec3d4b1a65c11837f86df17da899eb9acc5155f94668b37205fcac6
SSDEEP

6144:NnsMYod+X3oI+YfvsMYod+X3oI+YOsMYod+X3oI+YVsMYod+X3oI+YLsMYod+X3+:15d+X3pz5d+X3G5d+X3X5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422836953"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA123AF1-1AE3-11EF-A48B-4635F953E0C8} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2884	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2884	iexplore.exe
2884	iexplore.exe
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2924	2884	iexplore.exe	28
PID 2884 wrote to memory of 2924	2884	iexplore.exe	28
PID 2884 wrote to memory of 2924	2884	iexplore.exe	28
PID 2884 wrote to memory of 2924	2884	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\73695c37d0d1c0b74818a4e335a46565_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16a24ea07228a1fb372d35caeb71c921

SHA1
6046815707d3e7194fc906e22fdda783cb26ac04

SHA256
cadc9f31176889beadcec777e2e17aca66af1e211ceb8f95302fa5e92843ea49

SHA512
b0f5ad6327b250ec7a528f2ccd10061724f104311b24b55d20f186f2490de7fba2d0dae81e3611b6971c518b27ad4856bdcdb7799cd9eec1a00dc06b0f8f3b6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee30789867fd6368d3ad74ebf85c0b2c

SHA1
ab15583dde5f82cb3b7c816dae3102f667a515c5

SHA256
d2cf0c3e51a0cfa2c51d832c2f3855dd8a8ba6d9f3a4a0cc5daa81deb6161ac5

SHA512
2500066e7d2d036620d910d6db27a6e06f21d2f7574a3cfa4c61a33f927fa6a9cea2bcc8223a896fdc9f311e54e0b1fa2456af6d8cd441d37963c84c2eb3ecb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97f86959e93aeeb3013596ecbb68407d

SHA1
81ebba0d1a7712270e795577c7ee99b2ba983f19

SHA256
5a096e178a41fc53813ec2a225b03f0564594fd0e85e1c2f4faf7ed8ca323965

SHA512
8bf2c33163c66679b4f51f5ec0afdfe40ddf0e961b5ea739ebfe3d3027b8ebd9a02e53e4df1dbe8a5bbb2890f2b6faaf367f348b736b667d442af096415a9ead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4159154d74a27678ffa436f39f52ca6

SHA1
6c4b28f647d75ac32ec81fbd210522df13420c7a

SHA256
27ac849daa78404fb77f99c50f969cc1f242e6c42bf234d1b591ea3034de0fc4

SHA512
16a225d79fc7c3f03fbb353ff13fbcbb87155a9eaa66b708670709fbc8410219b29f91e4d0de0f9473ba64fdc859a832db31851653d7d742632302a5b0118daa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0139eede8dd696a09182cff565caab2f

SHA1
6395bc14f26551fefe8f932e4f021f24e23d8458

SHA256
5e3a15ef94d5b12b9c7df55a9e3663aec764c64e8d1b232059dec2c64964cd60

SHA512
d754e94f3b8daddfda2fa564f3956dbb6a57c7298c0a04d5a243b83f5d558646788b0c4ddcd67c1b49058a3d18f0dfac1cd166b255699362593c249706807c18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab02853a1a8cfa2df53d7763946a5d16

SHA1
18335d8d18104e4e301bf942401edd039fa81cd7

SHA256
cb179dc1bef5adf98f6c45925fdd6a8f16c2030a91755f286cd0a55bfaf21557

SHA512
738c6e92b4557dcf898975a3c10d22bb228f152966744c26e3436264597dbafa46c69cb1ccc737fa7aa727cf3adb5ff20150e8378434d0dabd17c2fb334e82cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3335f6a69f0a89aaab6534ca69a7bb9

SHA1
62ebfc28f68fe31cfe988af395c5371c7ad101b3

SHA256
42aba86d5220f56829e6c0656f25bda8609620280f2a44c545bfd16f247b193c

SHA512
4f642a9cde63f24cc534aa68de3c8971e47d485d899c90499d9a4e9747cef9f2db46a947f1fd2eee0d2e37dd658d73da83389a8617226f5542b433fb4560a6d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e80fa44b67531062962f4773310c6203

SHA1
b66ea7e2eaa10f163c8121ab1d54ef4d2afd2b13

SHA256
a2f9055bc55e75b0ec826dd22ed3e39c0c66ec2027635aac0df15b4fa4af1805

SHA512
a9d0102e40f7c77e0dc6a2784fd5c3b3e6d5758e7ade3323b4bb1d9444095a060ae015d6b8d16ed5bec6354c7b180f8b4935d88774a309bedf87db9febf2f480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d1fdb3770d0d05f25a7c3edabfec993

SHA1
ae1ec0136499b10bd79e6c2d2f08120034dc86d9

SHA256
eee33a9f8c43aaff5329dbdad165f4e4f04c4182af915c180d1531eaa6ffaa83

SHA512
c903b04b8c3d162dde1b00777a3cb4453ab3823601de8c6b860f5ada8bffb71bd0a61d1e1e674604ae319691017c49c7f0de1254741d7a5fc0764b037cf74310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3998fe2d96b3851d5eb58d463f09924a

SHA1
9bf65b560960f1bc38eb728306172f25d206855f

SHA256
ee48af901cf85f87214587761f1e1f291caa521c59ee98c336c94688b5b644c9

SHA512
1a817ddb4aab97caeec1247418b33ff5af42e6fc00f9e288d1a10c9103be31915f3f9db5da55be0b76fd7e9edb7294bfeca6836042860b4dc6bd42f3db485359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d7a7b864c7946935a7815b21958d1e6

SHA1
ccbdc3e802b0c003750ded583fd1dc788fd74f9e

SHA256
24e04c178fe4172f5638680334b9693816db7bd2bb437fbc0a5b32ce2dc4121f

SHA512
c28ab422c824e1119fbfeced4dd1521f6838c0af8f2fba326790b67ee448310a80d49f509956723fee5aca5ba9cbd209ff8c832a4ff574584fbcba8be0c6d3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d413b771fd7aaa20bae3e7aaf43feb32

SHA1
411443ae52480e7a879f0be263f99d9705753dce

SHA256
43ca1faf7f0d714e7d697857ffcc9d0f69dfd198b61afa712b7c782cde029e58

SHA512
72569a80f95dd3dce9f752d564e8858da989aa680a54b228e5141e6216e97e7891efc82d4db5571e6f5eb93cf701f3a2e9db8c944b40cbca6b5bf797f09acac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e39d2b21ca6a6d45afe96968d19845c

SHA1
6cd5259723d78e37f009dbe44d8f2e0a6bf14265

SHA256
7a51fdfd14efd871c6d60cf5933d37bfcb168fda723e97168fc175d99a2373fa

SHA512
6aacaacbe38a95080be83cf02e369d2280300f7004c9eb72a21e59f45cfdf53224114080c3c4c3982dbf402bb295cc500c4b9cff1c168b4856d993d7f95e62da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2929da44a1e235f591e5558b3890273c

SHA1
3da0bb9e53d33ab2f586c37ef21fe363c56e2942

SHA256
5e20b26baf6d3aa15f644fd528808c1b91a586e2ad58c024475b1eced5555cae

SHA512
f4747be15559bc6e67a9d04d04e660ea5e17dd97634326813abcf95431275bd3f297eeda6610b525468ff126ce4c9ed1764c2a054c8f7f0f80846ea8b8eaa249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfed47650e33d99daecadbad578525d3

SHA1
578cfe246c7969833c6e460143c234f9b467ecee

SHA256
af5fdef6f5e5204554e30780fd5328fa877c33bf199fc2f54831413c6a6bf3c0

SHA512
2048d5879f2e088503390379da22570e4403a01f1093a6eeab56a3a6257fe7c2e1477fb9031a5193a4134f0507f7b1b240398e288e4f3cfed6b3b2b2d98bc08e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b77f51e3a7fef4a642cc9be7e677fb

SHA1
ca61a62823d9000dfa5bd6edb62bab453c58b722

SHA256
57a5208b672d087246fe83bc06d2c6fd0ea958b2c667506061cbb03e9113253e

SHA512
22d3679f0e0b1db0c356ca48415f900ddced1208a4df3f423ca2010ac133c74770f40d17cf90be659d27a6f7cfb1a47a7425a7d8c0311365ce960a6f040a4a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
274512a0732e8af3a671216587ca7bea

SHA1
b2b78c0ce5dc757c4545533a7e8b54fa3d9b19e1

SHA256
5678fc9492d77b0fd0324ad6df24b99f10c551dc93e6d6ff717b2b73777d6c15

SHA512
6c3647e755e85f4658329cf7392b7411f9444ee89d35c64ba73e46b952a04e4d6069d9216c3a5d26a24e6afb47fc41a955716c3ff2741ba28cd708c5d52f786c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF3F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF90.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit