b3946b32205c8d923644c05027472575341490e4ef18948ff45411f1ce774d21

Analysis

max time kernel
138s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bdf33506f792115fddd332c05df45ab_JaffaCakes118.html
Size

161KB
MD5

7bdf33506f792115fddd332c05df45ab
SHA1

cb11db57b9f3bd42dc745b3e904a25b94ca1ecd8
SHA256

b3946b32205c8d923644c05027472575341490e4ef18948ff45411f1ce774d21
SHA512

b1843c96c68ce97a73203fc1b4041cee0789b886e12e432eabe970cc77dfc7b635acdf53e6974a51abb723d69103856765aaa8d9fc88927b76a7bc5be8cebbc2
SSDEEP

3072:llNSe3N2UP13G4k5QhLpOatVShwd/fNbYaaLStR6xWUu/v66sbsGon4G59t9VcyR:lOs3G4k5QhL8atVNfNbYaaLStR6xWUub

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423036304"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDF08D61-1CB3-11EF-9960-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2936	iexplore.exe
2936	iexplore.exe
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2900	2936	iexplore.exe	28
PID 2936 wrote to memory of 2900	2936	iexplore.exe	28
PID 2936 wrote to memory of 2900	2936	iexplore.exe	28
PID 2936 wrote to memory of 2900	2936	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7bdf33506f792115fddd332c05df45ab_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
489a89b0a557696c6e623ab2079b74f7

SHA1
8775908130d6c010958c9ed6618e81708a17e411

SHA256
38185bd55754c319f0e381646cac1a4aeea31ee9a58ce47badc48df019b129d9

SHA512
01af148c30a65ffa93e68741d3a71a6c5e59842cb328c426cd4661aeb7cc756452309feb54fbcd46efaeffb1fb060ec7858511ea16be7c8df255f24cff2e7a62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7cb20fd687b13895db69bd456e990980

SHA1
aba079e753c6b6a74ec790cc7efaface02ab9eb0

SHA256
6deb91e5b1d53bb3daaadf27f754de5277d2cb0446d98156d75a7dcdf706b483

SHA512
47094d5fa2ea870caf4878f399e9f3f323736af9b8353cfabc64a5744d70e86449318e2cbf0bac2c4836e497bdc691a3037d062f7b026a5055ef6b71ceeacc1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ee422aeb6ea8c9108fedb3c1d015d8a7

SHA1
3fc0986d33dc3ce2b2aa36190c841c376cc48928

SHA256
41ec53fb9c091e6ddcfb4b2c00085bfd651a72f2d9473ad73f35c3021a5a823a

SHA512
eece20328827cc90db4d1363348b097b4f3b9eb8d890b90db61c3b24a7a808da9b80202b64c171e533ffd016a38efdeb0425eee6e8df6c1542c7c280a16619c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95455ec33bdf625bcf92dc48fcd549c0

SHA1
04799d3d07f61e01d70d6f3442d461f962b1ecde

SHA256
2fac5c2f00122de3799e80a5a471530d774c78e50ef19fdf15a2a209aa4a7604

SHA512
a4757e46475b39f90e310592754004ca8b0444d9e7c03dba5754fe092ce880866cb0605b103cc7408fc37e8b3e17503345a8ae0c6c74a3cf9ba35e91327913fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
691dc5360a22d09c4adf98b38d98400c

SHA1
aaae3a6a16a0edf3c53fd548535b506a64be8a90

SHA256
3f5c943e97fff579ae3893b0ec39c1160f357ff5c0809a7fcf72fc7d76f24acc

SHA512
682f0cc7afd69c6f806ccaaffeb27e06007e1c3e28a86eda2cbf8eed91a83062ac0c6d7b9c742a4aeebc5a7c50fd30705e9735ec914a6541d9c5ac071b202423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9569ef5e42ce53729def5761071c2f0f

SHA1
9307ec9ecad6babc7e61fbef39a41e6d31c61570

SHA256
ff78b43a3916dd6741ac245df8fcfb677ed35dacc5ff5f72b8aab8076a381155

SHA512
c871938ff3e8b093c67f5d75fd1b9c1414e82104e7fd602b7742e19e17c8951e8f1ecd00b5d6bd2d856151833ab40fa32dd4b86258624ef03f13df1d65558ca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb7c119a4d06b6a4f7f27b5386df0e39

SHA1
311d5e4ea0215d4eb787cafea1c415f6b4b61798

SHA256
805b40a3c83fa9d275ec29277d066c4b53b0bda59aefaf7387a06edbc324f27b

SHA512
142c09e861a8beecfe1710a6cec8661cea22dc65a5ab01cbea2a55113edc89a8cb24d248810afab89fa162bd5acfef26b30396523e0376f29f8911a734156708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aba69271bc941db2c1b2f02d489a906

SHA1
fb0f89dd9515f23ad43a2e68d81447258b19e0bf

SHA256
4e1f9cad30aa56f877ebfe6ff92074f616003d91e587832882b71017777e9ac0

SHA512
b5d4488388915528ab9b0243dcd6ac42bd71f2e76d7e9ae30162e0930df81d2b9e98f708bc74caa0c08e8b9abdd9ee021bf2662cb397582e99cc7372b7658c01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73d20061bdb8339c55ac2588c12df8f4

SHA1
0186d220a2309f0ccc567fd56c538a734606a8c2

SHA256
b5c73d2d26471a2b5d77c1f6068b6bf77d612ee0ac87474270ab523df408d30d

SHA512
a5f6e758f05d326704d55f42801f1a24f3960de7fbfe7b18b3e9b59e679deed0becd81798c2bc55ffb4d71aa7409c02992dcac7733facedd65cf982d31e59c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e8193ce2705f6534c32050c46c62419

SHA1
c9eaece90d9e203a99fcf3864626d6fb8201d98f

SHA256
595add6ec597bd8632426cf411a65cfd44a692e5ebdade99f354db379c4220be

SHA512
5d1640b06b470bde57c70925218a67ef94dde9bc5df4c7f04f8bcd29ba2913cca4e5b435e6fe8f7c0d3d3d2122377bae6a789721aaa8e5e87f1e33f2b73213f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90acdfdf054016770010e6f5a730db65

SHA1
0a2d73376f37e38fc1d56708e0cb194fec4682e0

SHA256
18d017b827121f73c369b820a0de8ff3ff9dfb9ce177623615ff7f4a55a850a4

SHA512
263c39d70dba073e8da9cd29a368c82777aaff27c2d09dc62b491b6e5bb7d1529689c2a19acad7ee573c15a933dc53f3f27bfd954dfc316deabb57f797f5a4d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8444ce67c8a94762b4bbfdb5df930511

SHA1
a3cf981b2046609bdb8454f7fd2f2a3b0e3057fb

SHA256
fce4b7d900d931cf720c465e124fd7969c7e001497498dadd521417de3378a13

SHA512
23cda36f50e620784d64e29886af3ca03ed869c24c2b871d4f13b26334be47440d1c2e8086a3a3ca39f8faa8cc3e17e8633a93f2a562240f216f45bb31b52590

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c09095c0cf9fe03c268816dfee8220af

SHA1
ddd1f7093752097d5851acfefe8808f049473173

SHA256
c983eed72e22ce10f99d3dfc482ea41f8fbf9561cb707e4516e1486e52a49203

SHA512
1f5601c08fe7f7cf8bc9a462f82547120d16a840b085cf9ecdc7c38044efcd5a3495979f288a6c1ab2f9b3f74d00081fc8ed04d9dcd322d5a12de6b524cb1f79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2779b4cfdcf41521b0f70c3ddc65dfb3

SHA1
e73111d6275f2718b9c1ccc2613631ebe456ab4a

SHA256
ccab2eda69c76ec95a1608ae753f5dc1e9ee23bf17414f0cda236d19d725393f

SHA512
9b075bc393f0990800526b3dedf0a81b1a2ea7c1ebdac9005a110bf39913706d3fee812d195f23425ca2df964a012d0fc2c08e795641b9a987060adc6e98b89f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
345f5381fd68233c59141b9e9b0ac88d

SHA1
3d2e85b899b28e81ac36461d4d1a5299675dd7cf

SHA256
4e6088696a6a340aa4c4be29632064442ed785641b2935c0b3cf7f1b53618b91

SHA512
f22109a61efe4ff84ebe2407903a49a175fcdbfa83637a59934221ed6f7a44ceb5c1abc8862bb9eba2404b9a4dae822a4fdfcda372bfcdd491b1003000ee6146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bde47ecab7fb42f40c11fb3fc39e28ae

SHA1
0be693830f0d69befc35c36dc4f765c33d347c08

SHA256
5a3a8b9d6853d61cdb3184d3318dd8979e7e96eea80a632e1bca1b38847de208

SHA512
771485a7c08e7db48b9acaa9e43c3a2017e629b251e06d2ce044cadd6285238f31f4529f7122203461bdfe0ee106a2b4862cf40ef03aa73d5ee868c24134cb27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\6H8460KL.js

Filesize
157B

MD5
67e216a27dda24bdcb086c2385b0cb99

SHA1
17141c80f5d32bec3691c5ab24741d8b7dd5f0c6

SHA256
9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

SHA512
802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A95.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8BB4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B82.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C28.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit