4fdcfadc259ba5246780c76037ac104b5e84591e2ab44282b40e682fa9413bf3

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 06:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71247b1c7f970089f6721899c7bec55b_JaffaCakes118.html
Size

400KB
MD5

71247b1c7f970089f6721899c7bec55b
SHA1

0b851348624c91daa4f492892fcbc0e8868d3f4b
SHA256

4fdcfadc259ba5246780c76037ac104b5e84591e2ab44282b40e682fa9413bf3
SHA512

a8c3c3b82b071992e5fb7acf7843c7df942bcb5a898d20da53197cf7b54b7caaaabf9a9c1f187e5200f19fa321d66a6a39cf70828e87da037aa36a53877f22ec
SSDEEP

12288:5hz0URApGAcQijPEqttNybgeTVAcHcWyLAkcFGup3+Sr+zOLvIW6w4kch:Wrq4vIW6H

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E096A81-1A61-11EF-99EB-F2F7F00EEB0D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422780964"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3056	iexplore.exe
3056	iexplore.exe
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\71247b1c7f970089f6721899c7bec55b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6f6e3fca3096a0e7e7eb59d51f4a5350

SHA1
c978fa12d9045c593d5e7e097037ee465e09c3b2

SHA256
d27a9ba9c11dbd9c2b2bcb61a4128f457e7d15a3db20fad170588821e4003d78

SHA512
c45004cb6359a32eb55f1f2ff762ab948d79991ec890ceaf988d513ff9cd4dc0168deb2235b391b43ca8d69d960ba302fde0ed13a2b0e1dddbd63135f27cb546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
470283d75f4fc520994959763f1c0a23

SHA1
e94f9f88be4de9abf65cf1c8b7a5baa51d865486

SHA256
baed104facc0f8395eee1ce131e116d68e6818ebafea655e3f109e8a7975dece

SHA512
2dc408fc00d7665fb754994493c374db800bbc85fd5c580cd55a7482f92cc3cbb7be013852f4b029c69e7631f7d1e83536b1434a8c306523bf6ac62307273b6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
8258fb6c5264b6fb0981c7a94adc78f8

SHA1
29ecc98cfe4e086972c5725386f2f68dfdd1924c

SHA256
25611564770bd523cd1ef63c4a2fc5447d4f5ea80213b893d676a369317173c2

SHA512
a2a8c3b4f2ad6cbc5e34ce1f1cd5efdadf5d16ec7f8adf3fa9afabcb767dc3a98922709ea6716d746a58506d6bb1504d4b8c2bb1e45e460fc1b1c04e826dab62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0afcee5102f06587481d30d0bfec545

SHA1
fafb77b256085a104da3748116c55dfbedfc1d0d

SHA256
e0156ecd10364c9fed345194bc07849dd8d530eed2dba7c8176c8287e96324f2

SHA512
e301df3a8189d0b686245f5e3f4b15334ae0a849ae70e3997952a6659c6fb899baa2f047d49daa541e6b3a60016e9b54d4977125ecbf316deaaf046b9eb56933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd46df6b8529db7f13f07f94222fd13b

SHA1
414af40f4bf802d893eca44a58555c308cc90f55

SHA256
088e5a1caf222f334b0010e3105430ad57d6faccd924ce2449e9e2330a28f436

SHA512
f8e4849f5b8b86844160a80f3a1856a3e4b8ba9cfd12f8030fd1bab873cab2e556ba7bf9a1b58f460f38bed9c1fed88f1ecd15edca4ac035de1630c141dbf9ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf0cc6ffa25c771f3470db267d2e0a8f

SHA1
71ea608167d0388fc362f4d7dfb42ed41f7ce6e5

SHA256
ed279148d438fd4448d5c0c3ebe5387957c5bdb56908efa19ca73127a7823852

SHA512
a6af883f1c130f83a5403b4456a03162a33afe301261705c998d782ef3d07b03c5c6c0ede8f79be515b90bd01016849ef09af5c36382bee462accc39123a0237

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b6b77d4533365250700b9c89ccade33

SHA1
f333a7d19147d82724f149eab71063f2b9a92d9f

SHA256
7051b7121ace4e7681e0d1de4e944d92e0845fa2e07bce6038bcb696df830b7a

SHA512
9c3f5503a83e0f10a764de7d83f241846a963fe51bd0361aa762e8e8de47afe85c66d3de9560ea6f404aac71495a90479083d7c5e1d1ec248c7620e5b5c4e546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b486f4dea351e708dced81d5df6ce680

SHA1
f0cf0ddee8cbd31f14a5ab2ad94915819930a030

SHA256
1b862d698181d9742d0cf258a4bcdf4ecac356dc78b75925f813aa00c4bd36de

SHA512
35f51e58243aa53d541ae8f15e6fdd9375ed01f91812618d605e6f594302a6f90d76b2a5f3660247739bc6087226b80376da9dda74072d0aaa33876767c4f5aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98eef5268cf7611924e15455e94e35da

SHA1
2db885dfcd0ebd9c85529678fd5408acf16f2a76

SHA256
08a8d4a574168908bedc7147b119ff27bfbcb3613787bbcf4b49330e17cfcd5b

SHA512
d4d9571dacac9a0e4d8b3a0f5db3caac28ad7dd503e8858f9e38cd59e86a4920ab2c0f85d2a4aa02633effec6d0cca188f9d3ebe55160057d7366541ebb03079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dae814a88bca8069d862aa956d5063f2

SHA1
8e9ed40ea28a5153179ab617d0d275a164a5964b

SHA256
ef37583c70084b539053605e28ef7c3eb76cbd3c6cf460900e70f42192500497

SHA512
4f1aca729cafe3a5c85737bb8d6cfed6cb51c2d34fa07f523da1748747dfbd97dce8527594ec4e8b0061a2bec9a568979a5032aa5e20adc730f9b914cb0a22b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5043e02dd1dab644c85e47443d90e750

SHA1
576128c75a30ba93b4dc72ac3c049ca97aaee114

SHA256
c756ded92620f152e13b151f63a39409152c831dfb82cb1ceaa5c24205cae019

SHA512
3071ab07d85c9bf3b53fb51d256851bdee02def516622022dd46745c4af5b9f8ee6ffe1d2589a1c486ff49f14ee4ebda0969cb99fbec1b368b5e6786b538aabe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc9466762bb5f5ac5a3ee9bf6848485d

SHA1
48bc25b7e817d79f1ef4a6950981e0cdde1d07cc

SHA256
97d07a5b1624198f48c4f93511b1ca68724675419a6dca0d5450ffaa024a34be

SHA512
6598a15570b2c164841511f337ff28507ef25b274a431946db7d795e7f53cca155cd7965cec7e3ad643d02cf5ba86e90613f869883c377ad0e27180e655529a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c768bf370bfd1b07524f588dddae50b

SHA1
ac86b12b09717d4bedb2f8cb825876a6c6835b9e

SHA256
cf78a8b771e373f1f2482061ab0700d6a876b817d2cbb7be0e56597d0944dba8

SHA512
8c8a275f04bebb78b4b458331891de9bf6effa90d2c423fe9dc1b7a04a3c9aa206636bfca514018e3f77e4a2060d2d002d1efac82b920d92ea973b298918cc01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
9d7fecc08f1037d1d5e625e747b22abe

SHA1
65292a4150ac687be9025116d9f387e2667e3341

SHA256
3ae0da9548db7caaf84c369a3762a33ad7047577825e4bf3fc344bb79dc30b01

SHA512
ddd3286407bb6afab56f6085d3438cb333b0451292bd9a8e109acde2318f9e64f898d6966f5723c088a8a465764d3fae392ec0d2e738feec2bcee71862aab4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\hangain-3[2].jpg

Filesize
14KB

MD5
dd69e42db9dfe39810b8d27ffdd42a5c

SHA1
118f407e0b43139d0df7277de544f77d5e82ed00

SHA256
6c9d588a19b75217bad83fe5d1258b46c3e5e6bc7c7fb968bd0ac0519efd15d5

SHA512
4efba36df35f25b5bee925eb29fd3398f0da156ff22cfde84b0f80ff2300f5873aaf218d6fbc61d1e5a1ce2240ef2688044e089343b08f5d573484d5bd907085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\12 Perbedaan Kenapa Jepang Maju dan Indonesia Titik Titik... 7[1].jpeg

Filesize
13KB

MD5
ad26f21eac7bfc5189ae942f7d140a9e

SHA1
4cffba1626461a4347259d87136b6107b1e40276

SHA256
fd58246d8696759212dafd66785ad0bcbd665c09ef97ee080a207daf5448ccb6

SHA512
2c1474f16642e5c9118339f1d7af6971a7a156bc2971d85b4553544e0440cc5549a13a0bacf2a68cd02df145a7cf0265d956bb490def0f276aac45c4c38e6947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\12 Perbedaan Kenapa Jepang Maju dan Indonesia Titik Titik... copy[1].jpg

Filesize
22KB

MD5
eed46c57b824e86123afe6877e3d31b4

SHA1
93754a5811c32ccf32a0f5465425a991911a8fe9

SHA256
57884bfe53bbd917deb6d0520a0b051e5e0bc3fa8965b59a4f36f208962289e9

SHA512
7835fe020aa3a69b745298ecd8fe4b2c04908106911d2ede6f076b7b3bd0501d82e4c38dd55fcc81e200482ce58f545104c5f8750a86672d464f0b21da48b317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\12 Perbedaan Kenapa Jepang Maju dan Indonesia Titik Titik...7[1].jpg

Filesize
16KB

MD5
fad9b9f319911e40977680fba57085a9

SHA1
bacef915cc31cfc507442db0ea4e0239926fc597

SHA256
cf396a2885c956d0c2956ba6d3a731d3ec04d900cddbd931d25dc6ff154821cf

SHA512
7e5cec94fef52c7fda05dfd7fe6634c9ca41883bf543cfdc1c497016cc1527bf9a68bd1340665d83cc7811be439d0a7f62442b49f30cbe2bdf3b82677ee64723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2414.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2417.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit