956ced19f7d3896da8c21b15d1e93bd6f298b349083e045e657caed5aa7270b9

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

740621b84e44de320e6a9f2bb9f36205_JaffaCakes118.html
Size

40KB
MD5

740621b84e44de320e6a9f2bb9f36205
SHA1

21986acb440e7b6201291fa02f5ec1d22c7ce2aa
SHA256

956ced19f7d3896da8c21b15d1e93bd6f298b349083e045e657caed5aa7270b9
SHA512

2f3a0571e0c53235e3ec5da4bd7b162570825ad28991a82b8c498054656a63487a05b5a8420371b8478b83c8bc452664fad95c55646750b43b63f7e99ab449b1
SSDEEP

768:t4h47POJud0W686f34tVqvdlqY5B0XQkPpL3k20XVEuFV0XV45qS:Ch4Tyud568rqv7zgQnrVEAmV45qS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98C65581-1B05-11EF-9449-6200E4292AD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422851499"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2128	iexplore.exe
2128	iexplore.exe
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2112	2128	iexplore.exe	28
PID 2128 wrote to memory of 2112	2128	iexplore.exe	28
PID 2128 wrote to memory of 2112	2128	iexplore.exe	28
PID 2128 wrote to memory of 2112	2128	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\740621b84e44de320e6a9f2bb9f36205_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
dd3850d9ce5a33ba453ba4d1dfb4ba51

SHA1
df05b044dd14e7d009aad0398686bbfd6fff1491

SHA256
e9e041a83d7f3dbd6adfeda50b7ff9d3fd1abfcfb4fc5906d481c33db7072b85

SHA512
ec27ccc61d0133a76a612d5ddde2c6193f96302e17f66a75da8e1ad18ee871fe6b307e535317726449dc724331d4f48376d03201ad8d9dc2985aa0420d45b8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\432DAB2DDEF4C07EB519D7A03DC057A3

Filesize
503B

MD5
128f084a1db03557c243f5d0c2e0984c

SHA1
7d4bf7bcf065ee6df956b1d15d69f85629373a55

SHA256
fd434f029793e7d21d01036f9ac90caab77ddbbe75ea9dac7bda328e3aaf2134

SHA512
50b2745f8978d842f82355a21575bd9005c60b0e4d32017e33f56d29b11c8608c666ec63c5feb118e4a51c77edeac08a0bc2009aae307b30314f5e0cefd63040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
fa6d45d305e10c6f15e61cb61820964d

SHA1
7ae33f1fd4263d3bfb3c6d22c1ecd3ecf4577427

SHA256
53ef18c8cc3e683e54c58e6a970b94c78d345b14ca1998287ca066d587bced68

SHA512
836f29472f697bef0b6ab1a68b452076a3576343f97a6ab13779d56bd99c0a011fdf7484ef8daabb3e02937db48476975ba3d1e74de762c6d6e54b4f1f47828b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
448b687cd20306b5eef738cadb4de228

SHA1
122b07b03ad55a42306cc9a86ef824ae134e3071

SHA256
cf5b4f270dc36b3622b615a0dbce75bda00a0f9f2bc431591cb1a6fac88e9b47

SHA512
4019fec3e430b5da88fbf029686abc66e4c84fd03603eeab9635aa1d9e9e57bb3da541f7d435f0c829803a27ffb2fdcf7424b7e869cba2b60d3a195281dbc074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b286b5ba2b169c2ab55f923f05c6d319

SHA1
cf4b95414661e059ebc55e48da40bcbccfdb3134

SHA256
5c3bcad5c57d7b71d022e7a01987d6b11edc028164371719533ae5b0987ec239

SHA512
425067861e80c2206347dc36c1c90d0f112f88ef21404b5ef70f2746deeafb4dddc9a535e02f0291b9cb1eeabaabdf2cf844a81d8c2d8f6ca19d35315e677b20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6bdd8a8d318b185865fd8cbe4b21ea8

SHA1
92f335979b0f32f4ca3c5e4df9d1a2af1b975bbe

SHA256
54ebd3698a34bb9a2cf49f3c3df9fe785ecd1268b9c903a371e57bb3a118166c

SHA512
1ac792b25b3787a6bdda3a3d2779d1e3624019352824154d84c66173b44005e1a4de2912feda204e321f41a2b1943c697393272d6fa650931af30972ed72b6c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf01eb874f0de5eef6f8f9b3c891942b

SHA1
3b948258d9281e6966fc32f80ed0934c87824047

SHA256
96801426cd1c7e8420c31c1ffbf8d783aea7baa936b590c71b9858e11caad7d6

SHA512
1f16becf6239797be2ee2a8714ca67b0c422f0e3047f8fffb3c102e5641d9eafb1510e1d0eff287e2bd26b9137b8e31b750e7db870b47dceb69504cc62b61e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3aa991b307adc9f509c813b0c0df9c2d

SHA1
8693db0e1d5c3ccaba34fd91b1a6e1a23fceff5b

SHA256
b2b1c6c452df0e6ced9ea98bed916d7aa5169dff71ddc0b47a5cd66e8ddc2ae8

SHA512
a8793f74cabd2af5dd3e5eca40028f004b42c3059407110f4021c6c0aa5767c8cd65c6cf1af19db371c3e588d4be77e5e088844db3bf427f345b19fd36aaad8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7721c13e6dcc3af619ef4e56a3ce3166

SHA1
4ec301c812c92a91da254f6ee077e72f2d204683

SHA256
4397f270177bea0bd4a8ed2f74531f7622403987838895dd5ad3ec2d52c6f2f2

SHA512
bb84519c0f64d346c0241ce30cb56f710eac4db49624166724d1f93622d41810ec45c093e19ba625d10fca8554e58f40c3b37cf42785fef7aec5f107baa11ea1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99f9e8654d0b1329b87b06817900caf4

SHA1
1405e88c1c22ed8c625ab329d3a963a4d74d09dc

SHA256
33b6614d3d3872af9e178bbf13606bbaabf5bb569f6413f2bd8e45adef7e3b34

SHA512
25ce9f0d4c3cd3c7ee5563d3803f5dde452b5d98184cfe931d63cb9bd2e53f317f91bfbb0e97bf8ae82ce0a508ef3b9ccfedb4aea0423030bdec1e12b0425568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5739c8a3fda582004c7f36f5832f4a39

SHA1
4507cbb841d14e6cf9dd5e2363aacbdbe7bfd3c0

SHA256
1acec4651845f1f53638e0bb95269aa5ec0eb9469f1afdca95f5ebad9d809f16

SHA512
a8d994fedd0a3742a2cd56e03a51f227aa5f98f91c246cb7b0b20599eeb1607c26565b08d5c35934751eb9a40419116e45ddfd758d04f890f244554e53100f15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4e7639acebb1ac09a5e4856f796e605

SHA1
30b27f2526cacebedb0fe98694f2e4630db1467d

SHA256
446e127e29cdfce46bd995630e417751aae49d84a582e1ab5f83cfa854462847

SHA512
3ad9901a2e742a5477d98c55144f9509a2ecc23872520bfeeca25ed212e0afa28c1eab80df07d41e777eb9cc82619cb23c571964196fafb00d011b8a479ba634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16ecaacb14537ce8e5bed3a0106260a3

SHA1
7ce6d0789f1ca793390be16e43fc402c803e1ac4

SHA256
0556d880162da3c20abfc53bf9dbc1f11f6625221f92f71ad6d6f7ae74a9286d

SHA512
b17b2ba4e2012d6b1dff24885a696e9fc2bc3a9cadcb0a62b6cf0e3ae887ebd8e2b33cbbd1bd8ec2f9fc84809cd565707246e4f8c3c0cdd50b4c7d5871e46651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e263d20908efd5981a138af4f052b790

SHA1
f873280f5c9f4e771f68a4e583adcfa9256561b0

SHA256
3406c0792dabe24507d2b0b69673a86223bc72319efdec6500723bc29e6fb39b

SHA512
eb12081b4bf0000ef03bf4264a8f8b1f1b6fd278b856ab4301f818671499910103d62ca087b5d2d92ac1913fcc41399316fb1c2043a512683367a078bdc230c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\bootstrap.min[1].css

Filesize
118KB

MD5
ec3bb52a00e176a7181d454dffaea219

SHA1
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68

SHA256
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

SHA512
e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\bootstrap.min[1].js

Filesize
36KB

MD5
5869c96cc8f19086aee625d670d741f9

SHA1
430a443d74830fe9be26efca431f448c1b3740f9

SHA256
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

SHA512
8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\font-awesome.min[1].css

Filesize
30KB

MD5
269550530cc127b6aa5a35925a7de6ce

SHA1
512c7d79033e3028a9be61b540cf1a6870c896f8

SHA256
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

SHA512
49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F53.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F56.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit