6d8ea3c536df12e60d78d19f8ba305dc39371fff74eca9ae6771a3f0a12d1576

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 22:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73782ec1dfed63d16329e54dd23e95de_JaffaCakes118.html
Size

26KB
MD5

73782ec1dfed63d16329e54dd23e95de
SHA1

ccdf42f4cdf512e6f3e33d7ac33cc8bf0e0ab081
SHA256

6d8ea3c536df12e60d78d19f8ba305dc39371fff74eca9ae6771a3f0a12d1576
SHA512

1889ee74a57d1c651778d2b7611b5b0801fda6ab3b78fd179419f87a1b43012726ccfa0fe67d03cb7586c36e6c58b2167068a1abbfe25072c101465a78de37b8
SSDEEP

192:1c2uoSmvb5ncnQjLntQ/fnQieXnOnQOkrntNunQTbnCnQOkRo7St4o+EwrnvMlnB:1buoP5Q/oq60i

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FBF1C21-1AE7-11EF-8F92-565622222C98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422838439"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2868	iexplore.exe
2868	iexplore.exe
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2956	2868	iexplore.exe	28
PID 2868 wrote to memory of 2956	2868	iexplore.exe	28
PID 2868 wrote to memory of 2956	2868	iexplore.exe	28
PID 2868 wrote to memory of 2956	2868	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\73782ec1dfed63d16329e54dd23e95de_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91abf18a652dea9777a370e3d92883fc

SHA1
a83a1adeb2f2e7a477b667cbf012b9688a12d303

SHA256
6ee6dce36f427ba486734c5fdd0fb848f5cfd461776c8595796c06aa4142d526

SHA512
2f287e285a9f1ac9c9528db3774037dd2aaaf090903b3a48cfc4458f2bbb5f0c6cfc761832b481eac1f6ad718a1a23d0574150c0f87e9e1aa1567cec6960997b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1413563892bc763f5c4fbccda03df02

SHA1
3f867f7128f76794050e9fb3bc27e997c8c8a7e1

SHA256
c3f5c96ee0d6fc8b51950fe2b6e3f8e126c0192dab24d9a49059fd51f71019b4

SHA512
cfccc013ddcf71e200b82ec2119e5faac41763a7a56e2ab61bc90c903e82708845e50f8b6a945edf63e7df269a8859869a98d2540e156d724dddb03a22f33e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ade86d835a12b7ea7fb05565b1002e7

SHA1
41c3e1b85e055f64fbc22d6dab900d1ca01d2f02

SHA256
d02652c8749627fcff3d95ebe5cc97af3dd061f931de2ea93ba5682771fe9aa0

SHA512
25e902717ab91a039022d276d6700da6e4270e6dd64959874d9f81579461f08f5df6149bea2311cdc994fe8037fe39e3b9aa9d6ffb10b2aa390cc7ed7482721a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a561cf1ba02cc4341e85c243d823d90

SHA1
c8a529b0b6ff0693a5e3151a06605afaa857bf2e

SHA256
cf3c5e20e151fe9935d420a76374d28b7dd5e263d63908f657393d0d397e4d91

SHA512
33ec338f6116aff6674de468ef4c53008e204226b63dbea2a8a120a55d09ecce1d1c3da767e64b73788a3255dcf5a495f50ab25a8793b462a5bd62bec404a7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21d02de48a9dab71f8f1f8d616262c94

SHA1
e8efb9b224650ea1d4dfa1e1d8593fbc569c8f74

SHA256
b510979ce5db26c31a8a5176aa994ce91596c2728aaf5ee51de1693a91e559eb

SHA512
d7dc7aff13f519bda1a5f3a30d4dec8265c15da30b228232ceed896b4d759b53fd4bcd923bb43196f5ab25ba100f1e6fcafa86e5acee4750b7377be9fc892221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0537acf63fccbfd8ff5a27f2b32258cf

SHA1
35d6e083e684065974e76b9f2d276c8d1b79b461

SHA256
cd2371f2c94c2fa71811e346d16cafc688bef70d419e219725ea5f3530dc012d

SHA512
088c7fe6cdadb8c3a91c8914eea82c6b533e45e761229bd9cbad6110766d356b486e247fd7cde9433299a5484786d17d69b3a83b6f7410bbd53032e672d2c947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b7664bd6c6de9849c1b3ebf120ea945

SHA1
6068b670a8f4e5ee2585b403855187ef394d3294

SHA256
a807a1a02e34342856b7733acc297bf1eb7e6e1cc900d3295ff0ad464913f9e6

SHA512
36010a2ae51753e7739a39ba2717b43f222a62ce146ea098def6e26f13a8f5aabc69d238d946a27876495679cf4fcebae47ac3c7a090356b609c329eb36cbb38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff09904cf8cfbeae23ae503a005b4a5c

SHA1
d204109168cb49ac12001531c0fb4f5a3a7ce7ea

SHA256
327f31c63b26db66bfa341659af0f01005a6357601fa8930928db66afa42d15b

SHA512
252e6f54ea0c589c955493c1d5a8d0ada4e2769071592ecfd8c4618c0abd63fa88de21dda732fe345963fbb23c7ae36c98b5520f51106bbe42a7e50b96c60aa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
840a5db65269386c31cc6f0ae7e39a8b

SHA1
bc3278f66e4f906b93e78dd8d20942265326eb8f

SHA256
40f91e03e427429486d2831862ed0025d5ef49be9abf4bae09ffd8f9a2c5e375

SHA512
f64fcfc9399a5f5987aa12ebe3f727da903123c000b462099933d27d9d7ff9979948f00bbdeab14ca7a7086bdbddfef0d036cc0314669ec8a24cce9dc3b8734b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1e3cac051e037c92719b25990a5508c

SHA1
03580ca52c090b3d33f4e10a66e19ac48c4ff27f

SHA256
b8ad8d6026cefe0582e480074d7df20049dd51d51807950294afb4d327e2abdd

SHA512
cd00fdbf6948ea9a7468391a06422273811f69902fb7c2688bfaaf4225d094d4cf15c2c9ab0633cbfef59fb0697e769a05a4f0533c231418a0dead4aa372f17b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acb84cb32a7d69b9fd1deb3724d77c50

SHA1
fb5e90ea2e1c800bf84fa7ada0621a45255050fd

SHA256
ac1f5942dd74f7b19ef7b0665297d1f67b6ca8abd7c7ebb36b4779b791f477d7

SHA512
e33c76f0b868320a62d56823733822629d3776945ddce27b6f1f6110916d6785e19d467b4d6c12c7138a4f663e28c609ad451c3d483f46d9435c0afe388d91fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2921049aa7cd786675e9c733175b8279

SHA1
99e4092be4e1ece5b0d67ec59a13bfc02907b337

SHA256
b9b0ad07d0a0d54179be09d738a19e43b55ae73a40ead1babc0dfbf3df7c47e3

SHA512
2659e1d7ea4cd1b5dbc65b939f726f362d4380b03ed13a96b0c2ab4dc485e1ab6ae616cb9e3c8b9350179dfe47f23f7c7c9e7c2f94871a0bb8e920d953211cca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3edf18ef2c30c4b0df9decd655b7fcd

SHA1
ad5cb7245e69a3fbea0eedd117a8b1169fb8f196

SHA256
a802746ef8fae9aaae5532cee9e4077f3b543861a75a982574aba421a4f0a6b6

SHA512
332bd1573af0121f4feb0ef1f60d1e3ffe575a36124fb3e0a3b269da7d5d449c93c51717671ba915df72bef446d7282b53849fe68fa7253a92fbcbceba441b0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af9210a1e9526e2402ab5c24f8f807f9

SHA1
a19fe5317337e68cbc31b9ecfef4406787297c91

SHA256
dbff74c04589ab6eac006610035f263458a149ce168676de5bdaa01759e27cda

SHA512
004b37f7366bdeae1804120a3eca18b8744a5a8aadb9f231768ef0978ef799757b4cd798b80ac23ce53f828c75f5b54db0b25af87f7efc7f45da1e3f7c5ce859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
444a808189fc672635fb3d2e4f23c70c

SHA1
c4cc7046baeae71964c3ff0cc95565da39b76267

SHA256
65e7105ea25b968bd130ffb9a5ac0d21cc499e20ae5e1cce7ddbd20e5b743e09

SHA512
bd699badb647b8df44fbec06bf66e321135288089d74f6288e6fa4c8dd59ae656498c7b0b129104eca11e0f7d7cfffe20f14dd623a1286161fd26af87e695054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d86ad4c71cb953a107dc01efbc8666ee

SHA1
dd53ea558e2e8e38fa64a7b209fea6c481928972

SHA256
54ce3ed82290b02ccf7b392c552205d9e6d02eb0f0f58de79c5d6278a9927201

SHA512
272ff9fc1322b36b3270b700483cbe627a5f17ea04dc46d7fc5592d834c9dda4e41d43c67246897fe47918c31e93c520ae8891b6b6c09f66ed187bb9768bd5eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb68af1e4c2ea61a3101ed03617e09b9

SHA1
5a1646479f7cc81e8d896a3cd023b9c358801e18

SHA256
4b90a320c734e534c9cf9dad8cda159be73513f9953336ae8e0eae1eb8faaec6

SHA512
aa56ba8ac23a1dee631fcca16ec465286affaf488e00ed1e0bbb64b0e2ce387bb1baf8e84a17f3727164658210ee42f1c87bb6477fcf4f63e2b69d4a682245c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8776d342fecd34cada2cd8f7b88115bb

SHA1
597f80fed6a25ab2028be55c47de2ec14d81e990

SHA256
a76e9bfdae2418ee6ed7e08549ec74edf04bf0a697d67d4acdf1067c88604e7a

SHA512
fde312ec33c64918d971866a5c736d1024999da1e564d5c23f004225b533c38eae8fa272c216b3644c8d5cdda5e88fe947ec6013b4819f5b8a9518ad0a2f2dd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5c04e10a4da306e32161a76879c9339

SHA1
bc77b076c5c15d76e8c4af09bbc6f0cc4614e465

SHA256
8874342b66951677d1f042637cbbded125478ab0a7cfd4cbaba02a766472313e

SHA512
d9e9e51e3c9a9c0626eb33699f5bc9c1d595233325bfbe2a6abfc24fabf235bd2507d2f87b2f283c61470f6790413a44c4c5a7cba6546a5ec526c1e0ed345125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab121C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12EE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit