9cc8b94b97de1726b86966fb14157bca2eb7bcaa9365f67e9494e8f9881e160f

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78da5cb66287b7f1732ebedaf0efba8b_JaffaCakes118.html
Size

23KB
MD5

78da5cb66287b7f1732ebedaf0efba8b
SHA1

fc79cfb575cd587d041e231651481310a862f56d
SHA256

9cc8b94b97de1726b86966fb14157bca2eb7bcaa9365f67e9494e8f9881e160f
SHA512

b3be4cfdaa112a0385ef03cdfef572f873ce6a3e588d5f06625d617d84846caf83579b47c49d069127a31648e71009ceb2d72fe460d78bacbb84073179482424
SSDEEP

384:23llBMiHeFbNBj3FKTVZzb2lSkI5ecI58d7MyJe8mUO9vuFu8:clCtjTF0ilSb5ecI58tMyJZmUO9vw7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422967799"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6053E811-1C14-11EF-A0EE-F2EF6E19F123} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1680	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1680	iexplore.exe
1680	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2904	1680	iexplore.exe	28
PID 1680 wrote to memory of 2904	1680	iexplore.exe	28
PID 1680 wrote to memory of 2904	1680	iexplore.exe	28
PID 1680 wrote to memory of 2904	1680	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\78da5cb66287b7f1732ebedaf0efba8b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
946e765cf102e8cfa667312c8821e1d2

SHA1
556217c58af033c5346d386ade37992da9ac52fd

SHA256
fa3a5fbee4f82d23b8e0b95e2fdb37843dd189d1723f55f7a38aa0ecf21f1200

SHA512
688d74a8e670d33a5f6b44f076cdc5ba91c24d884e38da955389165eed9b0805eb674ae8ea4d6f39bb5bf43adbfa361c9ab319fcd33bcb1e08e82565097b35be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff27ae459a1870e8eb4be1dc3326a337

SHA1
886a2b00a65458335ebb65a536c2648dc0a9dc7c

SHA256
710cd78fa1d82da3b24e1227834ca8c2c29f4d546ee8a81aeb5006e031f4af9f

SHA512
1a6a0e1f7868534f48f0b31ddc28b0797019d13f135aa11d339c6cc028969628f477926657cc4cc8e194e490785829d8458493d5151fc4d348385655711265f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba982430065d3569d660be49308a1e57

SHA1
6610ac2a1cc7226f7323596d34ea442f42f59024

SHA256
b3eb81440c7b63e9c4c2e8eb368b57169100afde1305ea4dd93ad81d6434a65c

SHA512
7e30005f68c875dfc5a67d67ec4635cf4fc98e062c19205eee69af96728a47c6c26a114596f904edb3961162a5eb56f6321cd61e46071ee2fba4dffe4465d16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2e9a702cf9256efb3f6aa62508182fb

SHA1
3aa94a121238c2b19fd5c88f676bfdfe709524a2

SHA256
d41bec02784457d8aa554f3c2ea32601e252f5f483455a49e2c1db3a76fe3c5d

SHA512
1fe28c7fd73cc245c462584b73a7736323470be9fb73e44dce1f30408c7ad091f1b628eeb24b4fb1f10de7185d9dbae3581f6aaa44467621fee764c44d089429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9116d0fef7c0a9c368a271bde8144db

SHA1
a860f818ecdc6343a013d4b8979c79db7494ceb0

SHA256
c1e87c39bba678d15af462affd8c820a890e1f9430a280a4bfeb18341c4597f3

SHA512
0109180115461122e415e3a9dbd2141f62e386d519797022f62e1460f53d466c60bd8e5884f72674b3a9d77da5f69517d10d58fec05cf6b9364667d33159080c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94ce18937ccb10c43bc150c9227332f0

SHA1
2e9431f3284601e2e9383b3060fc27bd80797c13

SHA256
36068aa9954414672b1c49afa2ad0844b5b51109be97effc952b55fdb4f3485b

SHA512
7fbcaeaca39430348e449ef51bc3c3bb410f6ba269c14eb3da82048f2a56a9ab055c953369c7cd8981e2806cc7a6e2c9186c3157386c27ee93907f7b3784a99b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6da8af921eb1b7efdf49ceb55b68f178

SHA1
4a2d70abdf356c6ce4c46999373ff95d83c32bd4

SHA256
80064e1572e190b02d75e022ba135b50e161e27c0d29d24f7175d43b66d61210

SHA512
b39891662ee7382ae8458500ca2745cf6a5780189ec83df722db172035eab358fbf5b99307bcc5f7c10dc01aef6c781f47ad26229af44703470460bbcc50fcbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
007f7ff3d7092dde25abe5b1b83ccb3f

SHA1
8639743f96db0821a94e8cd063cafd5e528e759f

SHA256
29567d4e3cf9e822efff6f0ea3abbbfc3773334a76b6f1f17b5fb64c24c4eeee

SHA512
e673a59b894ea9c8e56b5c5f9115d30769cf870cfae28d2bd18fdd5e207c88626aed62c6493f5b989dce6c7aa0d187afeaf07ae29bfacef25170ad2df8f066f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75ec9e3a3396f37e9e3ab09ddce1a528

SHA1
96ae0776fce1e785f20d0e627e89aea519b6435d

SHA256
35cc8c4868d63d1be8904a0154176473729da9d4be1c07fab755410e1608a26a

SHA512
81de059f4227ad573c795eeab5c72abaa5655e272d96bc1922e6db0ae8f12ec11bf5438dc60b8fc2dfb1f58edc0e94d76644e9e64342cd8d8ed7d249d6507872

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
215088ed1155c8b1e789ecbe52f7d366

SHA1
98ec525ef73e114fe45544faa87251959af51f3f

SHA256
b640e3f81dd4e57b146a474855aa4c31455521d9a31e38e6c9edccfd76827dc5

SHA512
d630f3d55123a55e328007498dc43f23d61c262e84946337c8b6f4ce9c52bd807c8de6b3ad539753df6347a1cdb6dac01c3b51639084d81a0b411cc455f131ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
796f08faa4a7560d171842f54a0919e6

SHA1
00045ffd5b1fbede3adeac9e3713461d452bc955

SHA256
e7c837585d7bbc5e31e571b79acee5e7ad1a3fb51bd79e2362c8370af9db7967

SHA512
a4a352d5941eef1a0a8957c781c6b1d0d32a865f298e1663d4a72119e6075cb3c249c0fab94ee1ba857c978b07cce4773b5248c8654938da21725ced0844ce9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23dc55f6b15b577f5ee69c9949cff17f

SHA1
28ba6dd36bf1b0742c52d9d448369e60ead56c7e

SHA256
b2b75942ddac41c6a009036c10aa6a2c3a97d8d58243f23b4c075d6c6d91b36c

SHA512
7a3883e8cc83d22329a064725459fe74613dcaaa592054f24baa2c5643c36171dcc6112462dbb7cfde56debfee59533426086c712b01c23e08b4a6fb957f8842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a14a294a7eae6bc934dd8cf0e5814d65

SHA1
dc2784303ddfa898c7f8330f323f2ab8ff0d51e7

SHA256
2b74af47c40ed48616306b53b8b461ad793d66157148966ed81628fd087e51f6

SHA512
cf6d378810c904518010a0f1dcc6e44af4d6a652629a40312aeb2550c1ab73b6d9e78993fb3bae984d0d8e81f4449d1f7d772f98b2d2c38c3542f1fc8a505639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ed7d56309604552b6249b4e98355899

SHA1
385f141d61950400f41557fad18218783ce5e601

SHA256
313e58d0cae4d33e12622d70f57645036d79cbaf85627eb1243c4c112306695d

SHA512
4aee794ebad75de3216605b2931969d3952480c012e5a7e24a15d2e0e8ca0d8039a05e702f980ce9858db3c675bf33134985064855fcca8cb958ea1d23d6d6e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
340ba5ceba8503129bb613cd72c37037

SHA1
72f757d09ecd94bc1905e2e85d79450947e5bb62

SHA256
c6a871cff3f698128310beab3fd352a15bc20dc661205938ce46905438cee262

SHA512
dd12b36a4afcaf2757c31700a5fc0d2da634c94b09c029c38577369fa8f28c97e899234c93fab61e9326f3c3712ba20e2af72c906eabd854c3438e147e70902c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32c213b5e23101d512ee9bbdde108981

SHA1
bf0a945341c83cfdd28c2fce881bced3e74a4750

SHA256
47c14d8ab2cadadd5084e484b0abeb02e2cddd4114d75e11d5799c761567161b

SHA512
9eed7befafdbacceb74b2a9d5163d63b428a0e7ed772312b9ae13f14641b1795c79979e63a8621aff926810114bc3616c4ba8c277dded5dc332baa2cec0abbc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fed49ed476ada7bd88e4aed429d332f1

SHA1
ca6f01a5d29933dd5364e197007d7fecd6006b04

SHA256
fcae9d25fe7737bc993d161663a7612292314ec63fe55a88a734ddfd4a296062

SHA512
1dc4c82aa6316051fe131446ac85278302f2947f613adee211ef697799d5b6d2fd79624b8e3f80bb4086b8768aa157022b3c6729ba7d711b6bbd8f06e2fd3a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1249995c036f90d1fbed9193738dc282

SHA1
e5adccf1a915eced128c5dfb8e0a0bacec4d6c9e

SHA256
6fc38aa25d9efa04d2e76804978a9240c7c3f68c82c40f3c14118a42b7ee6de6

SHA512
f95d186737b4e4f18a193a9b84cd9b70d1fad97d74ebcb6bbeca97262b0551e686a94e0cdd5e44bb18707809ae4ef960ad63efb7f2959917f6789289857b7290

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e96389141ff150873ae19f196fd3d204

SHA1
058dd8195d15b7ed597aacd3c8e5e721ee8eca79

SHA256
2782c06fbff18e70f8b0da2f108d71afb0e8b3d41476929f95682e9c6e426a86

SHA512
18ebaf5517344bd97e0d8b6fb73ae1f2ab451eac2dc8653a00042d5a8fc352242d2e3fc7dd0ff2903fb1601bbde63051a0eb5483d08786ee04f243f66eafc50e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e3ef8d1ba56bd680714e456b9576b4c

SHA1
4622e0077ed7e7dd2bedcdf97dbe2bf0723fa58c

SHA256
3fa245b9bce9413e8ee8ceb51e252d6ca7213c234b1f3ef76f8c53e507e5e160

SHA512
c7789e668ce362f46614d65ff58cd237b427c88fc8ad6c0a7af62ae9ecc5ecc17b3636f855079830942b1766d61e8c7170ff3c12856422338ff78bc7a78433be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\cb=gapi[1].js

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFD54.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFE31.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE46.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit