efe51139c4b27ffa505fe90d1fb0789638f2dfa25f0d2a8ec37bb62407821642

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79fd99b94b2ee202ded0347513f87696_JaffaCakes118.html
Size

68KB
MD5

79fd99b94b2ee202ded0347513f87696
SHA1

5e06a0690d1eeb451ec7815c7aa0beb32b8b1a33
SHA256

efe51139c4b27ffa505fe90d1fb0789638f2dfa25f0d2a8ec37bb62407821642
SHA512

81413a5ff0ce109829eb17a4b02f048711d15e03dd58299cedbeaa330483b69c8bf6c465a087198e20aee77a6e71aa9166467f94b302efbd560cfb2fbc275461
SSDEEP

1536:UcEijZeqLoEijZeqLpy8UnW6ADLCL6+GE:UcEijZeqLoEijZeqLYHW6ICL6+GE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13ABAA01-1C52-11EF-A38F-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422994300"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1704	iexplore.exe
1704	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2184	1704	iexplore.exe	28
PID 1704 wrote to memory of 2184	1704	iexplore.exe	28
PID 1704 wrote to memory of 2184	1704	iexplore.exe	28
PID 1704 wrote to memory of 2184	1704	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79fd99b94b2ee202ded0347513f87696_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4

Filesize
471B

MD5
a746ec14ce02c4939e7e358c909a6462

SHA1
7a4fe04a00a6426d339f71a5439b2e4138718a63

SHA256
d14c1e8db8c8d699f7d2970446d453942a5e550da021992db0eb0954a4f9b3d8

SHA512
de9d4195bdbb1c75d323e13cdceb05c2860eae18b2bff348ae470664de96728e36ff4660cd5922a10815bcadc2ae3fbc15bc5903e4a8003e935f8e824856bece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b1d55426967af0853245f24eabbbbd0e

SHA1
046b34c5bbd6014a316241bde77b6e10ab98b0ad

SHA256
6c5b0e3df9c427b91589aaa15ff6772b19e5f9c3fa7bf0928b46dfc2e5d08d08

SHA512
c0e6f6ba726efcea9001a8473e3618016174f6667daa37248dd8afb89147c3da852cff19750bdf2ecdc31e788768c903577e114e145fb7285a826b564ebeb22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0b23bb84b64bfebb8b5097c7d372249

SHA1
781b0f127bac5c0a24521d609665dee0151a2b5d

SHA256
f553184c3f50b9c296160aad90b06ae4527b74c422cb7f8d40b2e6d80b1a420e

SHA512
5e100ca2461e8ef6890c0fbffe3bfe14ded2c89fcd2e2565a6318234cebbe1b209781f4ba8b696bdab76ef3667646ef17bdc95a13a9fb8dfb79728e024bf24ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6521d91e05491206532ed3a723fb140

SHA1
e48c6485f121ecdfdf4228de94dddead63917512

SHA256
c288268e24b84161b6f8fed89d43bb0be409a5e9541ada58889dca726cd78caf

SHA512
67ab7abc59c9d8b05d8cb99cbf5c59e16a3e9a0d26ace23499b61034b682e896bf31752901273e677c71fba1e51b8f9f872d19438049dbf2d004e2cbbc9c13d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9432e5d2214d836ed969deff0d9009bf

SHA1
4152510735498122841d3d855faa63ab11aa6c75

SHA256
6b6355c239b217cd9fbfe1b701896fb5a150920dd9bdd2b5e8242e43e6084666

SHA512
57d256b93d0d248b7800679e84bb9f08b926a53b67823fae5878ef07a59d7f65fef38c4466f3b2e195f1e503f5a8c4e8692c65efcdb4bb8637c3d4730fb807f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55ea1325e474ba114f97696467374b95

SHA1
edee3c96d30dafe8713e044c70dcf5227d5b9495

SHA256
4b1d9be50ed4b724225a0d347a49d2feb365c6da1653f3b1322ad7759a6f302c

SHA512
ecbfeec482a1a046237165f73c506292512e9a9db20232fe5dd71cd0151d9ba38711dcba5d01c5a46ec0f4acee16ae9ed2f2677666d52792726921812034d27e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f81ffa40278f18713005ad14ac116f5d

SHA1
fa8e6cd385f10c0118ddc9293761f6bea08a27a3

SHA256
ff03b4b4bae4a584acf88de8f947a46792d4b0524b9075deb59fd34b361cc909

SHA512
75426e3f3a068014da9b1993eaa029033cb99a7b97a7aeab89e0f3e811337fc60036bc53a79aa0a0177b410f7b7de70acef7d04ef959d73ecde04092dbacdeb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb83a5e07b18a82aaa5a43dcdfdf3713

SHA1
8cc9338628dd1f9b8eff4cf4eab3c091f6f4a360

SHA256
3c6c46a4e34d8afd5758065f913f3c3c69da313381ecc3bbedb9cb248d69c4b9

SHA512
7afe8ee3e6ae8f9e2febc0cfd35b45db16d5949a51a567b73555c9ed8177bc6c5e15504a123f7560b18b651917f0a553db60123be60713598fd045faf111c3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eedb98cdb44da628a5c82807fb5ad8f2

SHA1
20d101db55e3f111c7ad99f31e9eab1a6c19ba86

SHA256
b1ab95f703d1feb21382c807daef0a08d29e2bce2a8657111d7dfec50c01d7f5

SHA512
9a437ebbdfc6f56ef9f9c21792e9f8d225f647550259fcc6ead7f9501887562d7c54cae42ec629297b0f85bab41f74591b031a7985d75532149e40a5418223ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2cba6bbbfa8c1f8810d83e2ea8c6f4f

SHA1
24958eced63055e4ac3e429ca53fc0fe89d81001

SHA256
0eff99a9bf53233438789609335450ffb95a2a59d25448d3150ed530c3dbaa44

SHA512
e15b4903ccb7b7115da44d986633b1540643054be2f8f86a507339ddef813c07114967116ff87f5e420637a97a1daa60ad6fa53b8fd3800f1b98731bbeba074e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac8418d4792107941fd8b3d30fd2d68b

SHA1
3e1af594c2481744a64a51df99e4ecde50408683

SHA256
a820b1598952c8b7f4b812f50803e5856c7caa8a483c2a84fdffcb3ded6c5109

SHA512
df75433c6f9a1ea9963da4bcb23cc4912212698819b10947d540b0f87efce5191ec2da815ac45152b93fc02d77a360f205f796752183634d65e352a04f9cbba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16628d5dae3678a0e319ef913252115d

SHA1
46b4f01a4e6aeecb56437818aab0877857a6dbfe

SHA256
c058a2f478f245a33446a3d19f7b331bc28d702649f956337f1be4f5088cf300

SHA512
3b74cc47e788fc9719dd55228557cf8ca3562217dcc61ded2a565607836380038261a6fa88c91463c30045e153baac72c804a96bde8f13fb3c3f547c011cb877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e907ef1e9c745d8e5def8b80dda6eb6f

SHA1
9c2a694298c6b1dc1729b4f2c7155e2652425633

SHA256
43be8e0c9fa09adcc99bc6fc77a12ea48bcaf9bda6574194efaf28b582714a4c

SHA512
6ed8b0f5421236eeb19294ec7d24a5b2b5383e2deb7fa6fd60a97356d115238b4b4e850faac8466ee2a053c3b34a7490138f0b3a2b002dcec5e3cdb61f448e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c0a3672a28404575412c2949591a800

SHA1
3641d1cfbcc98dafe1ebfca8af493eb586761962

SHA256
6ec7cba3853bb7ae6f7fcb7be49ba78b94ab5f286a4b155c50b750f5118c656b

SHA512
15208edfaaee70bcc9bfa634f6a51efce90df049d5d138aee6d7c2cd43ddb7850c9ca06a6a29de88953e509b177d9deac348c0c5d44e1c99a8924e9e61e37915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4

Filesize
406B

MD5
888c9d58bdbff8ce64709c2a22311af8

SHA1
7fd4843d9b54259bb2f1849aa63d5402a79b4eb8

SHA256
66d14139820b074fc80e2000ee6f7d1b3b73a9cb75e6e28edad51ec3f0d844a4

SHA512
2e97eb72fd741131a2145e1f11d609a0ca87e95e9d1c9b4d636d2b59687d39d7a43c7f6d88ebd19e31861c5d7ec104b0bf80695391c70a5b14d014f7a1fdf21f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0fa43bfef8726c8ca93f00067bada315

SHA1
d75316aa5d6548e20155a98e07cb6bdaf81df5c0

SHA256
65d08acb864de72d3e27ddca01fe18b915dd9b08d376b13b2359c16ab40da9d4

SHA512
a8ee000c47eac71004590a9c7b6cd24413b9b00473f4e2c5ddd6496f3031ad914f3b7ba3d84b07769e70ff29fe1611ba415e03c797cc699ac7815384f30170d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\plusone[1].js

Filesize
54KB

MD5
fb86282646c76d835cd2e6c49b8625f7

SHA1
d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

SHA256
638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

SHA512
07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F5C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar305D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit