b387e7a15e098d9c7c04b23d2dc6adbed420acd7f13cf130c22cbded8a892ca8

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 03:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

74280f534d586983831c89822914c192_JaffaCakes118.html
Size

59KB
MD5

74280f534d586983831c89822914c192
SHA1

9b205ae8955e115ef6eb022f95f1343995f15eec
SHA256

b387e7a15e098d9c7c04b23d2dc6adbed420acd7f13cf130c22cbded8a892ca8
SHA512

e947b84ac8ec076ba6a7c66a5a6fdaa958d652162fce0afde06783c8d18bbe4f0b10ac4097dca6536caa0f2c91ec5369eb3634ed7abddc24ce0c64455d59208f
SSDEEP

1536:eAROAYpD5HjFC5viGyQBnS7NBr3xHP5fJ1X5e7K8A1YVR0:eAROAYpD55C5a5QWvv1YVR0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422854979"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2666311-1B0D-11EF-A585-5A451966104F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1964	iexplore.exe
1964	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2572	1964	iexplore.exe	28
PID 1964 wrote to memory of 2572	1964	iexplore.exe	28
PID 1964 wrote to memory of 2572	1964	iexplore.exe	28
PID 1964 wrote to memory of 2572	1964	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\74280f534d586983831c89822914c192_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
dd3850d9ce5a33ba453ba4d1dfb4ba51

SHA1
df05b044dd14e7d009aad0398686bbfd6fff1491

SHA256
e9e041a83d7f3dbd6adfeda50b7ff9d3fd1abfcfb4fc5906d481c33db7072b85

SHA512
ec27ccc61d0133a76a612d5ddde2c6193f96302e17f66a75da8e1ad18ee871fe6b307e535317726449dc724331d4f48376d03201ad8d9dc2985aa0420d45b8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
bbd8a22bce8e235ff71c32a1c69268bb

SHA1
bf9d0b7346510ab10023a7432e1462dd8a314668

SHA256
1cb9f8b414abb33992f9db36b33cc6de31155449b134b719c1ebd38a90f3aee3

SHA512
31fd88f0a24bdc81ba3cd2a4a1ca61064bce259009f1ca10261adfb8ffa6ecb2c9776a136caff03670a4f8a3a6d87cb91e4f2409ca57be1a8deef80855f0e688

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b0da7e14d5e63b3f5f265ed335fbc36f

SHA1
3e3b6c4847fb91eab1d2f40ec4e415687279c25b

SHA256
5e94de76d889edd62f9b2bfc17c21e1bc3d475f27eeb531ea42cc131d69bac04

SHA512
fa4aa52ff64ac76d66415778dc45ca914f7774b1cf35c3791d6d5d932b7cd5dad63b673270ce9621b6d72c18293aca3c62c4c3a72d07c8dc8facf5ce5c9aa240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
204baf5c57553a3b1334f79e6032679d

SHA1
747d3067305b38ee0268062517a6de489dd4f4b4

SHA256
d457bfc271a497652417bfd6057b6d9931424b5ef2fd430c945eef0ca21f7b00

SHA512
5f5239a57ac3d2970f35318986e268a1e6f2dc5f7f0ad95dcae118e4b87c7bcef9b1db4a57363bf904a7fe6789b4f7a60c4329579563e774b27c8ca4b974e294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a5995e48cd4e9a3f20f4522f9bad9aa

SHA1
f1a00a4eaa6b3276a323b23bb5e15195b4577037

SHA256
b65b7ded5f8b716530d055c2c40c16bc5ccf7c241d3394d6aef775b1dd91e2ce

SHA512
81417e723669af0a7a776ff928acc28def0e652bccd921c825d97ab505806b56dd2996f51d65026bce1604cc0c8beafe02d7f7364d05a1fb81be7aec4b32db56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58308739d8f6b897d38a216d7333e7f7

SHA1
d1d91ceb886f71c95bea82286167de963d088893

SHA256
1f99cf5e0bdb8811fad2455794a4546260f6d389ff9f8e74941f11afd0c6fe0d

SHA512
732b724fb7c6e2d0af7537403975c34f64995b5be176f9de7ce8421ab53f495acc35b346917371b75497af6ea718b8305ddae859fe74bca957c08403ac7db353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5b04f1fa54ab62a665657d29e2888e9

SHA1
b5f155cb7bcc2beed8947d141d73377a546079c9

SHA256
380f75ac73799d83e27631592b73a065ae19067fd668c94360977f1711e1b46a

SHA512
d40304853e21352cb565a3874cf954a71d8cf584c969110aa32901fa78a8efc69cf46380472369cdd07c7ab603e75e2727fde87e771f15bd0554763097524a74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7f3985b24e6f00709dc8b94aaae9b3a

SHA1
b2f3fa6131cc321213e64a95b19ea52dd739c8e8

SHA256
9f8b6d4ed685d486ddbfd95221585b9045bc4743a6f778bc76fdccb834479720

SHA512
e0bea2786881238829877029853270496fd0e4a6cde017bd447269a66a7dbdb7247d815d44eff3fd8c6b5e78abcc03128a990b59f143fc033bd7108fcabf0619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fc6fbd4f3c05261386c732fcfd6ba65

SHA1
46da3cff5740e7a8c272c3c2cc19f7aeaf009726

SHA256
2380e296c5cd7382b6e7ef2ebb5c01da483d544c9ebf1ef2354201e25956985a

SHA512
3f44d355c0f5238e3e4138d56863b36da2211d9722c4e3a9cb12ea41c8db18757c9874696f96cce1091c86065036617e0df544793c739ec3275bbfbc10ef31dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98b9f7273619435e3eb01a9493c0a090

SHA1
af76b66528f8f7c841f367814c3c3454f10a3dee

SHA256
243cc690c4973d38424cd542d7fcb2288b42aa3fdc487fa5ae9bc6f45749bfee

SHA512
d5f28a8c311c87a626cb3b57f9b11b9940ef8b636d2ed98595aeb76a561985d39f3265a047644a305bbe681bcdb18d0fa5c87ead8051623f39db7a374ffaa031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba1b995245938d91f3c6a531fe97ab0a

SHA1
f4ae50dfc0da3a99691e7ed5ac9acebdcdf594e7

SHA256
e23f6cd8e99cea244d72c978e749aa121f56d8d7e474d17f33c69c8d3d278205

SHA512
c124b166e273e50a73a8e424b691a3660b3f918ac21e05ffdd57e1f9f06ab46d78f7655b6091690f06dff345deb220939287827e586499c0f86998deaf056dce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
789d3ac1215a9e27759ba53548896cb3

SHA1
6466aed9b92b5e96f4b7d2b1b7a30afc1e6e8bdc

SHA256
8467d407036c55df6a7b9feb4156e20deb2b29947d4e5fc6e9cc48a9b56630ca

SHA512
58d106d75431318c6031468cf6c2809a067a9d4aebb06ca9ea615790ac7a6de9bb752b32882a22141ea89b8c979c9a09a50e7c27e646cc26e65e3a330ccb8f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aac45e7dfade10bb8dbecb89a76afc1

SHA1
eaa42cff828fc3c860bdf2bb000af7cf7f4f70e2

SHA256
1875be5b94e6df02af398fc91056d8e26d20353d229bc908eb0adfbe90e46cf3

SHA512
666a407acf436754b46a1d9cc17d766a2a7e4f29f402ea0bfd9dc5d2d193bfe38aa948794097e8a98eafdf4cac5953f69e41c02d74d07759f5a1e83a0cb15239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03c0534cd5b23591cd4e238c2cc476d3

SHA1
2395152c39ffcee0407584944ee29085da7b9341

SHA256
f529cc4008d9687771dbbca460c8d8ff110ec94f9f3ead6d68fb8d4361faf5fd

SHA512
8c88848205f313d3a835188a0d2126741573a39afd6624ba7a2c92822c702425d1ac19b40606cfbd5eda494171b80d13b18c01b76b2c9fbba50b53cc8a041bab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ede32b714d5b79b2fda22fe0752ba0a

SHA1
c66c74b7eca3ab4695712b543e34c18979b95f1f

SHA256
5439c5cc8c4604c3d2ea26d87ff3d127ef59b15a236fe2885dcdb444744c1309

SHA512
738e974287f5354e76ae200716bc740ed0c060d242a2f8d831dad0ac4f23b713879f973a61f932adf0a3248adcd629f5b43401e927a25e48e0030c344cd3dcc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
3e4680bd2b32d42be24cd3eec6a21557

SHA1
34130c877211d71fb37ecd76d5d1c42f7bd6998f

SHA256
1cf5bc374a43929fb81374cf956ec8bf1d78848343e6eba171acc9715e016db3

SHA512
fdfb0f24727646cfe5efa7b2acdc59eabedef3a2bea6e3f37125ad75e55fc93756fae6fd52b893e620cb5d67faf85030136eae50965c51523cc91d4f2c49e4f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
406B

MD5
3bdc237b8e66e7fc15ac3723b7773daf

SHA1
ef7f1d4463ed5f6e120a6b3575abb3b4d8281da2

SHA256
c24babff5977f2b54ef6f770acf3c4666f7009db807bb11f85222bc9144f4303

SHA512
df653c253abb3517260b561654a1815952d5d39d95d0d514db26fbd095aa0d538d471ca3b96fd882b0791928f05b06212c8139bb8f620d0dc69721ddd135c91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\cb=gapi[1].js

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
7ef4bc18139bcdbdd14c5b58b0955a67

SHA1
afe44fd9a877f81a3c36f571c0fc934324c6cbd7

SHA256
192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

SHA512
6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab121C.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar125D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit