bc5e24f0799f56c01e0fac19d775e9c88cbbd845af72e532121d0ca06f270d81

Analysis

max time kernel
139s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7691f0ab6a3ced2fd310a9e22702a3f9_JaffaCakes118.html
Size

220KB
MD5

7691f0ab6a3ced2fd310a9e22702a3f9
SHA1

9703b055babadb83060e6c1abe0b3da14fa812a2
SHA256

bc5e24f0799f56c01e0fac19d775e9c88cbbd845af72e532121d0ca06f270d81
SHA512

c3e775641ba73f2af2882c79102c12f7dfd73fbb1ddc6459b5dcd483205b8712a945e086b6d37ce17c7c7913ca16ee7f4886562c3436d986c515ae3c3d5ac317
SSDEEP

3072:SA3Sbou2GMnA2ryfkMY+BES09JXAnyrZalI+YQ:SAD2XsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422913581"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2320C041-1B96-11EF-9511-66DD11CD6629} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1968	iexplore.exe
1968	iexplore.exe
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2192	1968	iexplore.exe	28
PID 1968 wrote to memory of 2192	1968	iexplore.exe	28
PID 1968 wrote to memory of 2192	1968	iexplore.exe	28
PID 1968 wrote to memory of 2192	1968	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7691f0ab6a3ced2fd310a9e22702a3f9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
679adff37ab5e3a695cfd2255ad28b67

SHA1
1adc635af2e20067fb1115627e236d4150e1349e

SHA256
55a6bc86b55a35778bde6628484b839d55cac5e2ea5ced2e4ce6d195dbb2c3f0

SHA512
5c9289204710312b6135f44be4d5ed158750c2e5f730126ad329ad08b8cd70fd6a0b4bdceae3ae94dc5d1b126d667c10741cd49de87b17057430295960f8ccf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dba5e36b98119de156ed922807e9af15

SHA1
c5e7f65a36ded71a098a57b28ef1d4e314be0759

SHA256
bce6d873ad314c9e4352c18f60d6df869916ef03863440bfac090bac651e4cf3

SHA512
d6fe745134fdcab3d43dfc6f52687398f76ccd237e71a8f76080c11067ff6cdb505a1bf247a1332721b78104167e85f874c0da7afb4a60aaea5b0c58b8431298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3864b79e63aba2104720b78f70d65cb0

SHA1
90b7739836f58399295228ce8dd4cb557692c0ae

SHA256
57663a4c292d02651b0aa3730f9996e9fa8881a0e5f1612f6296e7cd3eb646f6

SHA512
21aed6406ac03407c81dba331588165c1a7fd87ccd4f0a4e76a38f5d44426186ba3f4f4c7f02cc4022be2a874545ef1d1319e9f36bacffe5162099cb1b1b3325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc64a282e24623cb41dc1728637b048e

SHA1
ec1b2649781362a3f31d1f75dc667f371818de06

SHA256
7f83d9947e61e1bd5b600de22cda68ec0439f2508dc4b82f8b029e2d161ced69

SHA512
7135170c598b9bc0e1b21edf293f21d576668c5eb205ca18c18cb738a0fd6676ca372c681ee78d43e1f105a67ec85d7001e8533de4088f61a15fcac296ddbaa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ffd51ee19e1e0f548d7cb412019fbaf

SHA1
95159e808f963a516609b3972d60f520db4bf862

SHA256
a862d1a0e54b8d304d78bb297053a2655beca106f6782414bdb2f43c1053c811

SHA512
b3ecc225b1409f065c93610add015cdc966f9dd092fe376d5a75ef42cb01b994623927f71ba999bf136c388ecc4ac7084114d26ac4f28596a77bd796544264e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
602d1ddc02d8a0e399f99e16b0127a94

SHA1
7be478f9b711cbfb240a7cb483549ec6e460f05e

SHA256
3f6731a8b0506be18022cd01d14e911642ff2e09efea1e05042008aee2a6bb50

SHA512
19f93161c3817f4385672e3e7384ff1615fa1d166dc501e079d808bb6aa8921d4f6a42c571882a6a0cd928b968592d26c061df114f49519de477a0916c653a28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be062ca42ec6ef189d06df023722444a

SHA1
153f3158f9bca9416a5610c7b5e1de90b5b17657

SHA256
368b33fcdd4e3d1e0abbe8b03c7a2641a6d5806e312ed3c30a6355480c21faf7

SHA512
18af70978562eaed7e2ebf6347575d7b87b4105ae04af66ac5bd792f087bfc8709122624c635066e94ba0e8a11a14a13722771cdb3d097cc7144db4db6a2e3bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cc9bd28972c168384e094826de57b17

SHA1
2cc2dc83940210aec1f8d7a9d184ae45f7a091c2

SHA256
a8d880d525f138ed4c2e8c139388f3b7c2f7a6464152d70fc54e382aaf156a52

SHA512
5959368c33e13d22296ebb27c8c2d1fccbd455b35259bb74cb1c252fc1fed62d4a48fe8cc16b5b44e134a66fe044db3d71d356d36f0964b56e931c2eaf9ce838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7748e3e7accc637fa91c0baf35c69c5

SHA1
a77dcaba22bf437dc140c111cf194fb62bd73d5b

SHA256
3d457dbfc430e64e9b08ca9633b974cc3a528d4eab01f07b21043dc046c4611c

SHA512
50f3a98dd9e95b2687551b80fe659fd88cf9f6b0693c7e0f2e6691f461f0e511a9e1bf1ce6580166b2ad205343f0c4f1708d3c2cfb024d6a5c71a3aecfea4cab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78557d4cec6c845bfe86355119f48b17

SHA1
3d24103a6f6920fd5f965d1811d93257f03361eb

SHA256
9d74a976820ea37ff01132fffc40f97fd2f751d7d3ae58b1d90985f99a367e02

SHA512
a9d770d6dec0edc54511b55f66cc316ba79dacaa50386382b76a73f1859f70cebec722903ce9eeb5e72eaeb9c042f5816a79d69fe3e3aab3c698d590b4a3512d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed1932f0105381181721b3640ad8be29

SHA1
4d7bfb42d8b5900e8e7009a756d0edd6a3f5fafd

SHA256
5b422d0d51cdefd6005d59c1ef808aa42a62af1b5dc5367198d0c968ec5e2c50

SHA512
3bf8f07ac3a131c2d784ce3f92cac14d99e86b9dfc347c49b637cc2fdcc36b6b3a23f6259642bd70fffef33571cbafcb40a61a21e32e13d6470eea6e70143fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29daca9c804f8fa0c5ff674bc1742481

SHA1
ee697059900abb01a2b2607ecf1988b7ad02ebdc

SHA256
24aceea86fca60f4711b7d2058a425338b393b17a550cff1cc9519c73abce16b

SHA512
7a6c4fee0e71c00d49bb5fdb895ae5bbb9826c55510e7ed8934c6ffd3e143bb6515927df0b60c47457fd1259df2d6c5bcecc5f04ea9469a8ef1257359aa8efac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30bf0742825e70d62a0a867c86554164

SHA1
2f72b27e9efd5263d1b4fe012069841f70947780

SHA256
5b06f8d9d014e3bda452e0fb53604fd47566091824c1602af3afb1521175b43e

SHA512
e184133bcd71345b24c78588479b21b0543423103a40788d975cfd63f85cf2beaeb96522d4fe1c57960a8c29c32071d2f418fedd068ebaa3bea2a6f6014a511a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f11581e1acd0a97e20ede6a843e946f

SHA1
3d58ccd87b965a15f7edb06d5c33bd3db0a64eb9

SHA256
5a26c7a9f11dd23f124d58f44628da003cdc3c19028334bf9b733ef7b742ae8e

SHA512
be79b2656bc06e39315be96c8cfd51f96b7d9675743c097a58901aab19b41e31e7080547db2a836fb8b7b239bc9a7193a0a020462dec8c9423ae95ae5c6a34b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
954d85bd357098071b5dcbbc87d11849

SHA1
ea8940cc91ed229cbb00b8fa5621b34a6885f859

SHA256
f599e0f5a241bb749924cdebce6a23a1a3d4b1eb7d80beaeba6cd04ec2f8d8ff

SHA512
ddec8bd3fd4361ffbb60c16510a060f4648c3b89464cb374bc963bb7e510623c7b51c107eeea9cb12b2285a03c47d2d51fd961dde4b3f50e78bd84c711c4508d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4c17abfb4da59e529ae1cdaab67dbc0

SHA1
e6450b6fdee919fbfbb4c761ce439f0f6300f69f

SHA256
271d9f3b655cc9783009304cacb36f1d3e1d51a10ec31c5e73805178cf90e710

SHA512
c5955e69034b2b3d764f11e94292093ed5c5e50e421ab13c80ab34fe377355ac7fc17d2336f617f91ceedfa78a319f84afa5a82c4e6f989d492a482c0e312cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e26216b9cc5cf2e0a7b4786b4cf57d81

SHA1
500786cebad8960c88a394e30474c67f19cdaab0

SHA256
02360cc264597498e28a9398e3f5b2577ba92c6bd2e5c911c457b1f1ab1165fa

SHA512
e67eeb38dd8501a46a90fb05a58e1a04790897c94adba3dd6b216d85fcf92136a694068e3f809884fa609884f94906a19cc1351843cdd925dbe414e462ac159a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5eaf8562953f30225fffa8aa135222d0

SHA1
cde89879baf556bdf4daafbc69e0098e712613de

SHA256
881aa70c4054633bb81fcbfc98b7c46c2097c838d2037fefe88ef3d9c594e7f4

SHA512
dfa2e9daa01d3086523ddd23e03b39481fc8d3c9adf8cd09ba0d10af176bac5cf22cfa132223c8f1b88cfabc3344961393ce221d95480667ec9c5b9147dde92f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
919b2f14079d4dcbf3ee872c8995abd5

SHA1
98f71df6866ad7c00be532f28ebcd1396db0355c

SHA256
6c54e95a44cc67fe9ef42a3537f8d87bd3d01019f2a7ed3212d1be90f7fdf868

SHA512
71bf9acb0f2908595414b9b0040ea7f5c48240a79709774c72245c4f1667338036befc9c9cab9d7035d8f6e0d0dc73f26940b0638111ab7a3caf60cf4a1b047c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA7F5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA9A3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit