9a6caf945d2500d5db19639baf321a668949ced541fbefb92e9c87d3e0519f49

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aafd3ac88ea507bd2ddf59336672c78_JaffaCakes118.html
Size

10KB
MD5

7aafd3ac88ea507bd2ddf59336672c78
SHA1

0fcdc7acdeab58fbad7fa086170fcacb25a10276
SHA256

9a6caf945d2500d5db19639baf321a668949ced541fbefb92e9c87d3e0519f49
SHA512

13938c0fd0e15f19fee90ca5e12455f34dc79f90d45db7e19573823c6fffa9dc41bc8e9806780095d7faa63b74ce7c415183a79bfff04b4661dbf26a926ccfe6
SSDEEP

192:qgvHCt3yq7pFahnvJ8We6BtE9eAAkZqyIaOA5AVaQVD:a7pARe4tEeAPqyIyWD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423009144"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3DFF411-1C74-11EF-B904-5A22F41CCA2C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2432	iexplore.exe
2432	iexplore.exe
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2416	2432	iexplore.exe	28
PID 2432 wrote to memory of 2416	2432	iexplore.exe	28
PID 2432 wrote to memory of 2416	2432	iexplore.exe	28
PID 2432 wrote to memory of 2416	2432	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7aafd3ac88ea507bd2ddf59336672c78_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4171dae5f8c7c15bf5685f7b8c34542a

SHA1
a3a5237b6591cc25af414bd374c84a4c803f8bd4

SHA256
8b492b9e71b3b4bc79c32d388e943b215cccec28d61df18477539610ea558c33

SHA512
de1c44c3bdeed7a46d1caa3fd3e247b317ce02ab94ed0d33fedfe3f3eae593dbec2c9eed1a73fcf50d54d933825b2b12949902f25059ccb1056bd367d70e698e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
092aac9f676cc16e8430d26e92fb954b

SHA1
380006cef4f753e1f356e69cff41ec0d8f77e7b8

SHA256
9ad29acd973b7d280aef3606598a73ac78b5df9428bae13a44b3bfac11e93710

SHA512
a8d270be74b976b8833cdeea357b12dab705373aef13dc7e3695b7b647d5c312daa808491603dfd1e1f4a8aebe4a0f888ffb1fb1ffe57174527775f8798e700c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e74f8c7037d4c9b004e3056e925f9b6

SHA1
d6e45c57adb5a821a17eee8ba9b901e4d34485a9

SHA256
a83b46c7097b6ca52fffa30477389dd7c212897c7e2acdfa0bd0bf0c8f2729cf

SHA512
d5860a8ddf472834d0893eae2f32895acfc21e3ebbe23c4723399acc3153a61baa8e6a53d383e3c59ab716b9a1e022169a21c2b54abbf967e7d2c4cdff1f214b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2b014a758a462e15722c5bb052434dd

SHA1
3d031ef6e8049e0a109ee5c19a7db88da8913d42

SHA256
d560a3548f3fe75fbf58e1e34344ae5149ebb943089a4e9893e736a29b1da32b

SHA512
b71509e2c6a2ec3d4c44308ebd9be67c5f8d8a5a48c6ab169958124f5125e89c213695857af8538062aeb98a01c13406e48b951fe9bde14c8b56b0fc3d683796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15b2bf05ea37c86156855cbf78d15575

SHA1
1979c9b06b76e2f5c235f5157bd7db6f8be91a4f

SHA256
a1c2851c40ed154e728aeb2dd0c420d020ac5651405641969096fd34e6afb54f

SHA512
8633324f961a0698f8e2b7147e538817aab2ccbc9f0bcece804b8a24919860c53f1942881af1e2543ed8fb1f20a235093dc18bb0bd988242d7528c806bf55413

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
706e2c9b903db21ffbe39216ee5cdce5

SHA1
932af200ffc0375460a4b681eca66bcfadee4fc7

SHA256
d41ade82387f873176da4cc4c2550d1a6b187776961a0d9797aadab4d158c156

SHA512
e4a9a8ba12f5e8b2d1f2425d276cb728d34156de3ef81dd21a3892272510192547c85cb27fac9f9afc3dc7031c13400f4f685d73dce18686e43cdc7bf2320627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
132a5d09131f93ce2ffc49d62e08423b

SHA1
fcf5e45f0de3b7d4f0f5daa629bebab90581ca20

SHA256
7d320d4adb2612c5931694b033ab3f72bc4c9842b6b7df41eb541b7bf84fdd57

SHA512
3e03581428416757c2b31834938a9af6c76bc980ead858ab3d648a10f1bd79d44e7a3b3d90a3fd2a3db568eca63620c6f2164125515a95fe300a7c208226dbe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fe7bafbad16b81f7a648bf670349eff

SHA1
184eb425774ecf4fd0b9dc0d60d270ea860bea31

SHA256
8e9d0755ea82fb28c2685c4d787bf01f993aa3ced0cc942ea21e137e53b6fbe0

SHA512
974cc3d5cdaffa4ec34be8bf6e0aa167fe564fc5f2668995bcd42005d56aa328ec17e5fd5134af081dcc93a369d0507bf03bf9a628c31d13cf2c8e302af1b22b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e807910a1597037003fb60870120ca04

SHA1
28465372fbd7e4dfa984232bc0a795bfd342c53f

SHA256
b15f7d4c7fef82556c10d5b5adf45d21e73ba763f05370de9b86615e7f2649a5

SHA512
010ef2a81adb44634a9bc320929b910a29440575e4e6a685aa9082bfb28f5bcc39914c44c3dbeb6c8a480a14557128d82e7dc9233ca2c138136ff9751e25562a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db7dbcf59de953a734a39dea97a07930

SHA1
d990cc46663331402ec0f458f09cac08367aca1f

SHA256
dc8ba72c51c032889cebf95c9cc9e3eef938d764bdcc0846737da056f9e7e2ff

SHA512
99f11b9ba64d2da330c8ad7ae17c4f7d7efd43e3d040aa15facc72c83c8899b9e3efce619b32a6035a2098bda63cfb1b765bd683459869c033883a4c809e95b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05f6be562809b44a87cfa3c8010a3708

SHA1
0d8923cde84707e1515f52e7c117d05e97dd582c

SHA256
34470a83243a73d9d544d9ea4162a2c2258699f75e1e7ea5ce7e46d74983c551

SHA512
e9590c7fee854a8ab89fe19e07e63c2ca6a9c9e20d619120ad23641bbf77aa47c6c593840a25058cc1d4e2822bf5a266c8108f0c1f2e0dff1ce8fd5a4626f7c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acf70ad84fe69b1e850d400d0f5a7361

SHA1
8cbf7af7b044cf7159e8fe4d85e12e53561afba4

SHA256
4a86179b53ac49542e3db588c9be47b458851c2846a9590a74027db81382f040

SHA512
74a28adb19c832ded542b4ac88f5d1f26931686c21c2b4cb5506ffa3564aa129f0320fd5eeff58863b406f2f0bd5d3b6107836970b4c0299bdd46fcc126b812c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
952383567809e4b52119a61c6e860da1

SHA1
9e53c62f5922336aa3714b8620cb9a83099dbbfb

SHA256
a3eda1a62c13be261a510a392cfd1994734a83d469ed98ee5bb7cec07b4df209

SHA512
8a646f6d7c2ea392a63f44c7f9c57806c8554e5e9f7ea1c1fa085c4be1bf89b5281db25b48c16c7e96d7ff8228054ec50e824ba2947078add7646181a7c1cdeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8810a7825bd3ed16fd71936aff81aff

SHA1
695a67df41ff01d0b44b1c7482ad65276e6b8ccb

SHA256
1700e4f1ed5746ca3d334582c7a376556192b011cea10f5a4ca84216619cf1c1

SHA512
dc26ccd87d02e5b89f07fceca13cd4497aaf74e00ad05815b557bb9f9323bab309c484f95207db344d2a44fd23cca276d90c95dd1eec74b996d930b1ec47a0e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cd5fa071ea30f6e1765ea0a7b108566

SHA1
6f18265b111a26bdda6d72d1db7e034c0266af10

SHA256
54acbfc902f1e7e1eb2771e60a41dcd1dd124de5ba323768e8c4c391e5a7b9b5

SHA512
8e9319daecfe3aeb25fc8799e26d9f987f31544f5e4c8126525b27a758c537fa323c800e7336100da35df659a109a20e02eea17f7665e37a7aa3e673578c62a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce7982c5f37b1ade55e8636aeed8ac84

SHA1
d3a573ed962b58140fe78aa75a837d6c82beecbb

SHA256
fd5195cc622ac2328502b34b029d4d33cf16bb33247cb023176a22e33ab4ac2e

SHA512
2fd04a90719d2c788eb2272b80092ecc842ea04a0064d9bafcdf6a928dccb62e0a009805aabbc7245698667957118e485a27a041946dc3cdb31b569c17c8397d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
732e8cbcd1b7e4305a174339fce38bad

SHA1
10c82a50d99ffc58b32d77932277f71fb34ba37b

SHA256
c2341aa837d6cc8aa7d6dd68b853dab0ba12ddc0e65429da03a63843181f0487

SHA512
eed716950d617b06e2014465caacd80bf0073199f97d67a9cf90b83c9210a811310040cb4c57f5b01367584c6ed87e9f0feae95e6d8d0c6c0304f9b0ad936b2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ecd97837dc9f8f4ca481d20ae8dd59a

SHA1
1c7cc8284b21b9b608d7caa897bb4732821ababe

SHA256
b63b142462976a6c633ed163cfcc7e6c687f380ecbe28f2fec62ccb17944f59d

SHA512
8ec2ac080f7e08f4b8da530d68ab1f0fb24c15bc9cf93bdb60e0be4d15ed7706d48cdbbdf424acdbe40988a81f8d13a12660289e7f5aa65846a1fa855e3fa8c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81f57bf8cf997cff6e5fe0a09506c1c4

SHA1
313a5dd682e54d79be3d5d0f054f7fa67dc1c71c

SHA256
a296af00f8856bf4f0a097dc9ba61d19acc2bd257756a47c620f638ce809478c

SHA512
181ca2e0db9e22f1fb6eacd8e858ae68760a81c551191a0d08bacc52d3d5c31a445ab07ce248df3a2bfa778201a02162d4d5e505497928126e5b6d37bfe2cd73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16b3b7c2e77f47119e45f68db78cee73

SHA1
e4339cfe2912c04402a808b510d4362062bb7518

SHA256
99870efcd68588d7950587baabf58e398d97a4386ce9e81ad640d16c7daf52aa

SHA512
b25d837336cffadccd84c0c46cf6a898352fa166089685bbef9fb535473f78ed7bf6838e1991bd0f78da500028671c9f1ab95b9de77d7d6094de09c1745f692f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC14.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC55.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit