0bfdbbec83a5985973628b3ee143df36a38166319ffe04215be620883eaf3bbf

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72811dd19857f7a5c9d23bb98e8a88f9_JaffaCakes118.html
Size

204KB
MD5

72811dd19857f7a5c9d23bb98e8a88f9
SHA1

7f878381af4ab4d96319fdb707d41f5261fd7b6e
SHA256

0bfdbbec83a5985973628b3ee143df36a38166319ffe04215be620883eaf3bbf
SHA512

386c87132a1c7469940d6e266a431812165c1cdbbf5e4d6c33244a7486b005f9927e76eee8ade781d969f704f8928c13061707187e33040d4f2e498972134dcf
SSDEEP

3072:eVapmymeWWBBypvzeeGPr+gGmxnYppRyR8meKEBK1:RmyPWWBBypynARyR8E1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{528653E1-1AB0-11EF-B195-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422814875"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1832	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1832	iexplore.exe
1832	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 3056	1832	iexplore.exe	28
PID 1832 wrote to memory of 3056	1832	iexplore.exe	28
PID 1832 wrote to memory of 3056	1832	iexplore.exe	28
PID 1832 wrote to memory of 3056	1832	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\72811dd19857f7a5c9d23bb98e8a88f9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8df6dedd4dd10eb8211463f82b129e29

SHA1
ffc6e51cf829b481d789d8e3e61f6c7096fbde3e

SHA256
a8400cc21263f2c44ccb301a3a1ef66a1ff009fd4d301362fd778e7b23a386d8

SHA512
25fd6d8684ff8db3d40a8fe33267fd01d6456a84f81c7e579f7508c36558cf731a0ec8a2999a539aa5c1985dc45f7bd20d2a14a343b2326030941858f24c57f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54A67440506C68A6EB378D31F6EADB06

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_146E1E094E96F2D77E1CDA597BE74F14

Filesize
471B

MD5
47413da70573f2745926b4d183521cdf

SHA1
9606cfe8454495277bb57a6fc84bf28a0a6edf55

SHA256
12c7f739f80f9f89ff3a33c4ad4d4e15914518473fe943213f871abf40672c69

SHA512
aa427e7e4b72f6cd6391c27d87d7b13c38f937cc49d2b1b152ecc4907b89e1d1a34eb5a5c1b075bf9a54f57ba83d96d826616f1eedb612e273967a3f85fd7cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
470283d75f4fc520994959763f1c0a23

SHA1
e94f9f88be4de9abf65cf1c8b7a5baa51d865486

SHA256
baed104facc0f8395eee1ce131e116d68e6818ebafea655e3f109e8a7975dece

SHA512
2dc408fc00d7665fb754994493c374db800bbc85fd5c580cd55a7482f92cc3cbb7be013852f4b029c69e7631f7d1e83536b1434a8c306523bf6ac62307273b6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
179adeb277b0e0c0b09bc9b2e1a81a87

SHA1
f8acd204fdfcbf9baf1ec16817f0613bb44fb9a6

SHA256
1c9e9c77644734c02458aef2ddb8564b997e9ef74f1703d05ab1386cc9571a8d

SHA512
f04d333f3135c5e3612e750677a3eda7c949e700741c6b274ad966544645ee9f2587dc1bdc9a9d8e1e02c33850fa0003ec51b2f7f2eb086c96287609bef062d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa39b5ee613a210b420963238c6c0f4d

SHA1
ec725573dc80395935bb7e044b77e5e96d8b95ce

SHA256
a1ee48c7e7afcfd696c19110ba7be2a13329669d6b24d6bf06f558bd4171a386

SHA512
e5e07bafecc6e44ad7fb5034464bd41a8973c0f6ccdd1e77cb7e90893a4c2187ada2fbf078f7bd2974a5e8ce69ca0940a32b3ac0f91a750be0a4aa6562466bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce8b80380b76135bf9541bf3289850ab

SHA1
eb47fd944a0fe690c095862b7845565b99f4781f

SHA256
7f0fa8b4054824a3921fc6c6e316eda5078a0b794a75b779160bf94cbf77bcb9

SHA512
6023624b50e73c46f5e89d45004c3d0a0477183bafa9e58f90cbee7ec1f37afef55b396041ff764b0b844c139a34f1ead90171772c560591cce4f89f34c30b3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a70152dfd795df43081b1113e976101

SHA1
522f8dfdd7c998a08b75da23f846c80bec0ad673

SHA256
525d1b775532ada2e4e445f1a30aa4d5fdf34922caf0d364317219cd237e5eb2

SHA512
9aa21140c9156b4f8e39f5cc9f5cc343da62f726501f5a9707a8ebd0d7b832d5c428720857bc02d3836bd1ce26cb992e91714b748652f6d576c23f5a65a4f136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
333d51f33a22ca6627d427102ac78c17

SHA1
fde8375678f00a4224bc1e4f4f88d7f5622f967e

SHA256
af50a0103744309918497253bd255156111e75bb55642bb497055e7535531fe4

SHA512
a00dc017c4b8024ce1450a9bce8a89161d5848e6629a10d9454fb4174cd291bea66dc0bd8998db39e050e450b2834c30f748f830ee2c7155323baaf4bb63cd28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba3e3e9b44bf18f4364d6a64499f0d8e

SHA1
0027db796bddd07c26f486183708a759fbcc7b83

SHA256
4778dea9922c6205db50e2afd7ff8d541d07aaac3128416aa255c01b3de1f6fa

SHA512
2deb003ccdc649e1282fecd16ee5fd99b06f6d50df9babc77dc341e09eed953066a64c789fc77240d3e698ac618846f8615333cb7acb1202ddd9644fe38d50a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6dca3e3b968e5b0e70ab9190abb87b3

SHA1
021e18b58b69d52827cb181bd5d902acf55f08ad

SHA256
9283599b05ab2435c7d33c3281d5b0a08997427ab40aec38f212c6cdc7d93479

SHA512
7c0427aa12ee54e81efa7fd66116488a1ad80eea0578e24fbfe2554553574bc01a14b2902024dbaa27bdfb468a2b3da7797fc0014de0009ef4110c4bd6171aa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75096b8421a956e95f466a9662c52541

SHA1
6d9bbd4b8e35059072ba8107d888e3bf20ec36ec

SHA256
7ee6854c61ce69b64b7be37acb67c78489ebebafd14fc8c81f433571147f5c45

SHA512
63a2f1251fb719cb086790c36cae1e0324af1237b38e015a62b41bb3ee06b91eca30275f6516c08e35cd7b4e3719e8db44b852bd468a9828254818f2a9d96214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3811f48b1baf56dfd59e205412960876

SHA1
3e3f9726b0ca03c33782877d22d3d97101eaa340

SHA256
f571580ceac968949bfd2bdeb7954af5bf2a9084921a2ad352f34272df1285b5

SHA512
3588658d9217a54069cdda1840b5236d40106e439b8679c6b6d26cdf8182db36105ae17e823f004146b42ca1a0a5751e53d19d2b848f71f49cbc2ada4db41eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21c700fcd8010aa9e4b45f806f2fc205

SHA1
835024f32d84635f8ff485683414409312fd0d68

SHA256
3bc291b73a75c0d6432c59d3f4be29b4e1c4f0412eb3dc87fa756f9441717f0e

SHA512
32f342a013935fc911a7d33bf6b3785ecb041c902f7a1e5eb8495162caf84ab431820dad07fd7e67eccf82a00783127b5add59fc5a9f39d70ed60c432f1f464d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cede7f15d7259d93953a108b1a83f9e

SHA1
ceb8d01f71a8e4b7b64a8852637dd8bb73e347ab

SHA256
da13a3a673b33eca3a53d33a8bcd0800d227414c35b6343de424cc5e58d589f8

SHA512
ba5919e38cce081b9090d91267d549d4dff594991f166951a91603f49199da49004ea9762804f0d1162390e2e1a4713028041717eb9d4983b51641e69a55efdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_146E1E094E96F2D77E1CDA597BE74F14

Filesize
410B

MD5
46331510fb9db2ec8e531e31174b7582

SHA1
7b9143b68e7afe031720924ea372be31d5534338

SHA256
a2e27e5e439d08073a8ec1f265fae67aeb9d6c2e1989ab8e374ab4283dbe1fb0

SHA512
b160ae1cd74809cfa24e42d1aafc46036890c3226724f08dc2288e486ebfff126f713a104ba5d871d5bfe774312f5172052a9a75fa16c8714847e1b9d48d4a58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
dcab1c159237db6ab67cd0be6c93990d

SHA1
6714bef74d0d031a1af6092e7a8a15882d93727f

SHA256
d5ea79f0893bbb7e9f579343496d622b69ea0d615a506b755f3065eead6a3f69

SHA512
fbc68f827f90a0184eb63965b96aa4c828724f2b2f81d0331ffbf61678786d0cda8db018787b4ceed75b07cb650c6e4098369128b91bcb0cd139ce2199bfad6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
5018f3a42298c3278093a69e79620b7e

SHA1
93f534f71ad42543d9c0383005154d7c39e46771

SHA256
4b0d5fee4639695a90b457eba2022c579d505db43811e35648d4ddf84e59803e

SHA512
0b8f8d3c23290fca92f17907a96b6b14dc8b457b299a67df4f00ae60b71815e13c7ac34aff23f5aa83c3b92963210667fb0ef23efdc86ea55e9baa4a3c695a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
406B

MD5
88fb5e06f348021399accc3d75394d0f

SHA1
b4907642182e2fa7b13bd7042c053aa4931b39bc

SHA256
03f06690efb52ad5157f0cc86dec1c04a7739bfa83b14a901d9994bcc9fe0881

SHA512
3a2f78fdb58e711fe0c9dc37ad3c75f1530a9afec2a1e697855410f6ec1185755ca5e0bb79ec22995fd4ef41c2b0a3eb3d1df7b2b8fe4a550ae6c9eee49588d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2609.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar263B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit