d816d1699ea023d10f3e492b6f5e359d2c58980cbf88e7a24fe97195423230c5

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75ff4bb8550617b8ffdcc41df167b1ef_JaffaCakes118.html
Size

60KB
MD5

75ff4bb8550617b8ffdcc41df167b1ef
SHA1

43a00f6e1a8bdfa13a1bd52d7d645bf7f107f36b
SHA256

d816d1699ea023d10f3e492b6f5e359d2c58980cbf88e7a24fe97195423230c5
SHA512

a782b40c75f84f5abbfc4434e4ed3d8f0d861637a0ea4f107810dd9bb929cd920a5b0a647bd60d934a0ef1ffdc1589002bfd1188912143004a0aa46d15a50404
SSDEEP

1536:UGfWY1DSpt0p6CkrcPRfJf6fNkHdhmUxMb08KFsT0MCRTagIDSgRdXRCyKPd5eSy:NfWY1DSptuxi+HTNMxaagIDSgRBRCyKq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422900693"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{215EE7A1-1B78-11EF-A6D5-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1640	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1640	iexplore.exe
1640	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2300	1640	iexplore.exe	28
PID 1640 wrote to memory of 2300	1640	iexplore.exe	28
PID 1640 wrote to memory of 2300	1640	iexplore.exe	28
PID 1640 wrote to memory of 2300	1640	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\75ff4bb8550617b8ffdcc41df167b1ef_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
089e9952b7e42899c431d991cf84b464

SHA1
4ff643870aa652098e004b94bed7a79a0ad57d97

SHA256
b50ca0f26232d0ba477ece3360bc75ebba391f8f8f65d4f320f12db6c62fee48

SHA512
5abc1e90c3ad36b327f73a7371dcab13390726c8cd00da27f03e35624c564416a1b8f0a153cc3643ae3e8a2c30c2a23aca8dfa12498d064f1e1a48fec155ec94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ab258a99f99067a8c2a20440553f6be

SHA1
c9c2926f642f64f5f393687c3d0dc6cf850c5615

SHA256
53d1592dcfcfaa07c40406dd33225880f49af3081e72ec7ad8ab3df8508be8a2

SHA512
4de845d9d93997ab794c32501664d0ef35c5af12856a0c0b356596376cac9e7cdf6f28ed8da2e59dede7ee17feec7e78dc7e8b4ab37a3e24fdac585c05573223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f93f32114aa650d3dc147a7554b4c13

SHA1
11c24e957cb5380bd57d12cd254a36d740cdfdb6

SHA256
ebf2d299eefe599825349d3e395f0f65a92f13ae50d8cc8325f24b1faa4c64e3

SHA512
6a8982ae88aeeef095f667a03c926f164aeededb8f03bbcef08c307f004974eed8693697443b7afa57b4eef6cd185c0fbc651cb867325f4210f9a72934423e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44dd5ef774eacf0f3a317b9a8da827e7

SHA1
8ed8ead7ace42fdc785055628ccd0e5d79f898d5

SHA256
d8a7bde9f64d32f605a62e1da244766988982141c9e9be34f500c9b982135f93

SHA512
9cc22ce7d8e0fa28359d4548059b19d8ff0e1f6e0b56e21d4607bb88996d2f2fce19ad6689603dd1193e8d517248e9ac3a8edcb8d4d02373e66b200e4a698460

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cdc3cf1ec9cec6a25b5adc69bd989b5

SHA1
087548004b4511fbc04ca1f367cc82815f12582a

SHA256
2cb306f17b2c0d15a1e4e72ebe52b561fb10a7ade3b3e351f981bd615e8bb24d

SHA512
47186784c02cf274c2d8794e7ac5d82579afeb97cb16e4bd2cc9da0b371e473efb753def99e2d40ddb480fc77440fa8667c00b10a7ff1febe0d15320d8ae44c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f0fd1551847bf3d607be504dd6f5a75

SHA1
a374459e723324ecf0a85128b3d4af61956ec93f

SHA256
e93a97fc9f9bfb6e1ee1252f7d64a3d55ed7f3ea798b297959dcc56230ab6c18

SHA512
1ea17b9f740f4620af9f2177338484579782063a66d5703215f4ec315005073159536f2330b63b8701020c9a34479ddbabf639aaddfd51d44a3da0222dece321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c80677d950e85882aecd1f30d4dd3414

SHA1
e1e2311f3f87e1923559abe1e68e9e80dccfc4bb

SHA256
f8f3fcc1cbf84f8e198c16abda14cce00b356436271bea9b13f1ed0ecce82960

SHA512
495853f45cc0a9b81a3aecbeab96661108a5c90ac45895ca95a7e14e25c9601f432b97d6ca3ffac04cbc0410a6cf9a09a3fa6467c44caf74e9cdf50a1e1df627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33068836fcfa259773706b38b2ea0cca

SHA1
4acca7c3c2603931d3c8e75cdd8eafba32ae3a74

SHA256
5afe37285a268fdfc203f9d3d04f977ebf99da98d8703a3752d08f4631f10ac0

SHA512
e0ea58862be478eacb835f9e7dcd2f9c0a09d48505ce3def2dd0538b821d2f8dda373eb9016a0dcda09d812857845592c0b570c11958e640df592a303e51a3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
527119091376ae803389d4fa7eb1f7e1

SHA1
eaff3de07696e39802aba8fc0041d41d85026290

SHA256
f241d268ac599fd2be4ebe90cd73fbb5ea5b8ffb4cc22c106e3852b42eee93e0

SHA512
fca111af1d77c574ed53ab6b178defb352c5ba8a2a51f71452c230373fb3cdd81514606ec67afb4999e2b21648883a8dc17aead2ff0476c6c008d34d6cbef081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28edce0eb9c7586ed7098cc03bad2b15

SHA1
89e96e5a9f4f43b15566c5787135e19d968b0a56

SHA256
992c166121dd73a7a087439e1d11edb68fab65f7568d726352b5a5092f934385

SHA512
fb4c5a80089060872d52eee23e3bc18132662f87b2912f7d1d95ce20b05fda599b623f79488a4573dbc1f5cf2348be2c0bc3cbec8fc5a05de4c5393ff3d3369e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
082354158a06c6dd2b55e37bbbfe3edb

SHA1
99792c5784d24c20f169992451c95919f885cb63

SHA256
91b01f46b0cccf377f67252c0d30ecffdf2d1e7c675f2478f8d69d1690cc2d9b

SHA512
f3532760d5cdbade38fc448f4ff1096db33d47eb219126568c42d5b24cfbbf6ccb038ad0002784454290b0031a10e47b763ddea993272c05cb77041bd7fd3163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de74632e5f8c4131dfc95f838c768b7e

SHA1
c581114fdb9607b7b0325893a1d118d478cc927a

SHA256
f8817d7ac430b87d8cebc98ed37375d474a8f478e3bcfd67b4749bac461f8577

SHA512
dae80f0c0b616cdade0f974d2103339c925100d18aa42cff08abf550a37b41c97ee62e663d3559a98368b7e59cb128b3d70acf75c127cddcab7bed5e445af25d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2c9eb22789a4ec2e2a2fb610d295093e

SHA1
d74fabf6db5acc57be229e187a1f5292339b2e4f

SHA256
12bfad99772ddd45b5af3a79169cb70d2069cb5b2bfd42af1242e47c22a54be9

SHA512
de8a626b52be108692a53b13299da96c300c5629bc205817977bf69ac6aabc2cf393bab8c6a98d99240a7329ed580dda89bcf58fee17b2726f43675038ac08cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB774.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit