6f3db40e0b30892212cbd0da365c3e1aad226d232097da05b1d9c90b2255a0a3

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ad247186e1173f34fd3eb85f5d3b425_JaffaCakes118.html
Size

9KB
MD5

7ad247186e1173f34fd3eb85f5d3b425
SHA1

210b5b231e0eeaaca839707d59fe098fd1df2d69
SHA256

6f3db40e0b30892212cbd0da365c3e1aad226d232097da05b1d9c90b2255a0a3
SHA512

3ef323f2e7e1905b33bc223c1eac60b2e04f73eff145598a941a9d86f34b315b1b12612e3341be6a60fbd96f98602fbf8a4c2e26715d199e43962b5c2e07fac0
SSDEEP

192:tFbYg128R4/Euq7EKQ213mAsvlFOWFb0cGG4w3vkiUM5/CD:rYg1nwEucQkfswHg9w

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423012160"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9986251-1C7B-11EF-AA6D-D62CE60191A1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2040	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2040	iexplore.exe
2040	iexplore.exe
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2992	2040	iexplore.exe	28
PID 2040 wrote to memory of 2992	2040	iexplore.exe	28
PID 2040 wrote to memory of 2992	2040	iexplore.exe	28
PID 2040 wrote to memory of 2992	2040	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ad247186e1173f34fd3eb85f5d3b425_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62900c00d5b4cc12371ec680ff444626

SHA1
0aab428e6f4cb4600686ecae9d6df1645b506b2e

SHA256
6bc09adc5a072482aeb5185aba3ff300f877d98c91965bf076c499214b148f03

SHA512
45671737d99edcabc3da9ead7506faad09264aa60f482ba5c319cf364b9428a86eab655d69c3d86ef222d27d86fcd9e2b2ca1e13f74d9da859ddc1b9505f30f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
176e2d957758d28fd72433410c9957fc

SHA1
4ecaca0ce7c90f36c6b60056eeb2f3a3b7fc0284

SHA256
6b87801591423f9f1ca60eb59a897d3d69365f9fc6628620b694cc4fcdfaf359

SHA512
49cb486a0b733556b37d1ea2e70cd8e28871bfcbb38570361e188dea0c2b4d13ef543c8dcff4343e3d77b4cd2d87a4d5dc6fe156c66edfb66c7a62a1dc40700f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65061c8c765546a88fe103bcc11a937b

SHA1
f88be157d00f505f468a2e2ca8f4d5952d1cc537

SHA256
8383a0f70d2857112448b0a784162b4053dd131c205e7b2265d491a797493fd6

SHA512
7c54d1977e9bdb57e7e33128f94242c6db2e9d3e30e548aee32521b19b2039495df456dac6f99dd3ccb3087545386b6cebf42583543105843b8415f324de4ed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27ab4da5557f721534e4d55859d8f4a8

SHA1
8f60552a5fd1af7b675cc1ba89bf790b648a4d0e

SHA256
a21104f9a01b3b530dc984facd45b7583256ca48433fda7a0fe319a45cd97c91

SHA512
e6888e157b4e529b06a4f9730cc1c22d061fecb9ad017198775f85a8af9a92287fa31c34b657c15476c3047ea31aa85d3f83063aa31cac30b9a8576c405d0946

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c035a7b9f7ee59fa762ade51afa68ad3

SHA1
337cd7941f860e4bfa9abe063aac0f3be90d7307

SHA256
8855c3b94f49fcbae4fed4ef8394fc5c093bd84d055100d64df5c841ed5352a6

SHA512
95c08e053bbeaabd5babb9c8061d26813b5c38e5504a2d608c3d00601faa165800ef148e2ed4430722f19fc3748b74f20dc1323f95099fcc9220abeff4daae84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60e21b13934eb9be45e2f50b532a9751

SHA1
4bf15f65be47695bd0aaadced9cfdb83144e85a3

SHA256
0172bbabe6be4a2629110b949ac0a3380d3ea9d26d2ddb96c61c7c9bea07e3cb

SHA512
74721070bb4f3023583ad7ac68187fb0fbb0fc122b1ef53ebbc12368bbdb4b7d781cf881f7ae70c4549ec096ee530a84999171ecd97a490bf792aac5261c1350

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a4e49624b11cd5165174d86a0305d54

SHA1
33ef6bb11da062b4481f4a4410bb69f331c73b55

SHA256
1f7ad0c8afae24fa3d47b3b93d91c8c68814f0d940d1c350993ffae05b14e932

SHA512
ea3c4ad4d50437ba83a209b8c69725e671020b685fd7c8391fbeca6c4eff847c8e9cfc7f1198f5752c54db102dab5d002d4f9ec2b9cffc57979ae7b47999d722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45526a06e16bc1a31a1cfceec4e5951e

SHA1
cc9769f76da1cc7055f04508a460525411cbe093

SHA256
172ee643556b81f8e1191070598710fe66fec44b0e623298ad80d2d4cf65c14c

SHA512
4955bc68692805e134caff543650a98bec68bfb27f018d0f380b8761eaefc30cef45235847ba249ef09dce8c61859dedef14ea2c84b5e672959df5269894097f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8717f35dfecfbf6b5e85482e4a3d784

SHA1
40d6cc4ab4faede6a86bdc9510abf94f70d7a443

SHA256
4c29dc68c9557ad09af7ad408e85cda8c5a758e64e3cd075e73f09a9839761fb

SHA512
b639fdb18840e41ffee581e89b78e366873d4220c744dc6943c674773c00f5f4446406f889bacde1885f8342a56447ead566f60cc2ce80a1444ab0b6bf723089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
839376f5498e4924ff4e299cc1b3641f

SHA1
a95b3bd52d89ac7c6b76c71701a396f4934be60a

SHA256
353bf150ad0c0f37f1e95cc3e7b2ea1de89ce060e2b7c014f98d4e7d3947510b

SHA512
f8d7b65ea3ae8f973b7875322a6137031974a18ba6e50b746f90a9fe8c703da4de4da3b1a8b3ca8c1060d81e0c96bade78ca5c207a670727615e7e7ca0dcbb1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26c6020e04cef586b5975180dd664dab

SHA1
29c38c296c302b98330831bbbcf286afbe0cbe55

SHA256
4e5bdf7f1b02285dd279cd8bee7984744acff45d8f823b0cdb53e7b880142762

SHA512
eeb5ec00e106ba171f1ce3d6483eb6d7b8453e41e9edb0757d35641c34277fde0fd5de0814e0836da4b8e58d1b26f92dcc1db8e743193fafebd3755692166f40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e72b7ae331368ed408c32bbabcd24866

SHA1
1f2f18bca4d6be10f552ad6df62c19d992c56c29

SHA256
ad991e12654fb6055b0806c9301a14e1eba8d34c393b91ed33f4642a8a343aab

SHA512
954cbef4052c2d0d8a70a63879e85e240c564e3b673f2bef23167175f9f9bbfb0aaa9ebf13a6eac1aadcaafe0cf2467f1a4dd7c806c6f8ee317864d53b6bb5ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce18bd80c635c3c334838e87dc7329fa

SHA1
85cd2dc60f999840eddbeb68bbde7ac3f6349d66

SHA256
c452cf04c9ccc1a634d25049040e0bfed73071e551277b7ec6c6f1f5f4a00757

SHA512
616e7e0099f6471dbc24f6919f084a8780acd90f57749ae4e6c81a6be94e5b62245fa258344a67837e144886cb8241d4a02e556fd876a69e643a17b8f073bd30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a29b9a6e007ce73bfdd2076a7ee8f067

SHA1
719c5dd4d05410d143426833f006ce2886b733d3

SHA256
ee8a9f727225993a34dceb1d4850dc8b8f6b8c47d38812ba12c88b8a708cd389

SHA512
417a97a540745e640fa3858b7b40c23266a36d19574fb38c5700aa368931fe73409afebc4d61608ca21bdc010b3498e513d56ed58c33676fa975ff1f30da02cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4655074400f0133da7608b2b935c7a6a

SHA1
87ae7b0b0b517c183fff93cc8112ab0fa962806e

SHA256
cf2d24589ff65d917f283c96963cde778595edeec65eda42a0d4c55defac71ab

SHA512
b4da49026472a5f802f064964cb3028c9a55d5a8bda42a09203f5fa3953efbb191b07da190e9603d5ff07d2172acadc3abae0c5fecc0a8835ce73534853d752d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a753b511b10cf6b0a8b179dbf58f1a9

SHA1
d7d99d04aea05ca5809707a82dcda78d7e34024a

SHA256
ecff54a887da9c4acce0abaaa5b6c7302bd90c383a5be8b97ffb180a279fb49c

SHA512
391a6e0f11bebc037fc6bf179fc1c805debd53193e28c5c4a9ee359e6a74486b592da0ae105335e70b8d4c8f54c411455556bb23cfdb26dfd63d60fecb80dc48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e73773e58ca6f967f39569fcc2c28e4

SHA1
d26286953bacddc19b0b9396ed578477c5dc8a87

SHA256
b18bec3b118a89b6fb034ca6e5eaf037eb0557442084176a9a840f1731324ec4

SHA512
0c26d45a492fc3684af01055a693532173baa80e9877089ae8ac238bfd8b9a9592ce067c61ba41883490ae0ef62f2e87c4ac1af2d83b2e3b6613d4ece4f66179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca8f917d4895c27cacc202bedb47e475

SHA1
846235031deb0b93c86e79abdac6b9f8a039dd55

SHA256
412f7e24474ccdf1304f474599b8b3adf05dfa3b2a88617d2060cc2554d8a823

SHA512
f6137ef0665a4af4189204e853c2ac396ebf963e3f5472515328af4acb6c8d9b3af8682494a63890fd88b64f4612ddfbd005d4d309d1bee51540b8533e205cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02c9dff32289894d11c0127a6285dfbc

SHA1
3cb4f378275115f45ed32e5be01468c8b3904901

SHA256
b3927e2e57b236e4e9bf70b0685492768fcbbfb71b82958e72646796424fcf59

SHA512
9f47407e43fac09becbbaf8afbb537c7486e1ed3bf3617105f4efd9adc60407f2bd7067977200bb316299df6e087fa4457c9e55507491dbd5fa1cad41749fd8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab364D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar372C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit