44e43f8feae03f43c49b5da6f98ed26fca39a91ec8429b11c2c67ef435b40ebd

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d013049d1afa118f807eeb8e856dc12_JaffaCakes118.html
Size

213KB
MD5

7d013049d1afa118f807eeb8e856dc12
SHA1

3c83993e11ddcbbcb25b4b7985ec306a772b8bc5
SHA256

44e43f8feae03f43c49b5da6f98ed26fca39a91ec8429b11c2c67ef435b40ebd
SHA512

c77dbe488288859a1cccf85827f5a486d4f96a7a8a1cf56962fc71764930354b5cdd4ef3249af07a771d88cf4aead105fe3ea4c71757a48c0aeccd3a0dedd399
SSDEEP

3072:SJsXtQahWGF7yfkMY+BES09JXAnyrZalI+YQ:SJHAFesMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423062649"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37704781-1CF1-11EF-8F92-565622222C98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2492	2912	iexplore.exe	28
PID 2912 wrote to memory of 2492	2912	iexplore.exe	28
PID 2912 wrote to memory of 2492	2912	iexplore.exe	28
PID 2912 wrote to memory of 2492	2912	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7d013049d1afa118f807eeb8e856dc12_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5531ba408a7effd8c77908bdbee55651

SHA1
efd9b2794d065acf6a4d5e0782dc557ebec6ec1a

SHA256
a2065c07c68c4bfe2aee3fda77c3f9f26231372d34281bb5977ad135927778ea

SHA512
22cf0c29b5407b5c6f0da4e48c221b4e49919d00cb54c179da87ab6885b8fa69f5636b90c7bd77989426ada47b1daa5bae9dca84e58a61e43a55fc1ef3a0cf76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9627219fd5ecb09b825a72226f410509

SHA1
e1dae6362f39aed50c2aaa667911903d47406426

SHA256
320dbaef65f1c3a8bab77f09743a054a5fd02ff32813dc0ae45b9fbca4bc921f

SHA512
f84a1d5547fbc5f43a5b069f2a3c1a2b4faafd6f5dca0f809855341a824050abc92de7a185a67f563737fc761ab8bbf08e1d9e01b1cffcf961994c3dc2329722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae3410bb291128ef875b7993cdcb5284

SHA1
54d388284896dbab7f45a8caea52b23f99531239

SHA256
adcc4fd32986ecb4280f71b56d0198c7751ea135e29f8719232ca09f04da63d8

SHA512
e305f4f5c715e9ab2eef16c57d0203e0d60009d4b3fcaf2a08bdd948230d47c6d01b8031bc775338555965408170861c6ac009034eb6bc69be4e468726dbe4d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a53d2e1fd415c1de9adc4349cac47186

SHA1
4b5b04551195186d4a4b6db557555227e25d61cc

SHA256
5b46a7100a443bce31005374e04232e4887277a1b0c091c7b11d3bfc214203a7

SHA512
8987660aef8ab1d294f24e3ea64671e884b20d29a679e8468a3f19dae9b5115eb3e857c80bd8a020cd54ef4eacf79e073801590ad30945dbba5f093c2f0c84c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81accdf3e92e9a5f79122f483380d6f0

SHA1
6adbf4ed28f7b45f5de0191c6a48e035d0bee959

SHA256
035e914bcb3c830c208ec0cfda5b8bf2ee49857c50886c05bc018bb7842c9163

SHA512
8c337d6c38375b4364a2a5166b368072d325df191dae627707d64ee45f9eab2bd3a7cd2bc6d5f2bca455f5b7b94a2cdfadf0946d9d5de4982c7c2254eebcfa46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca8767038aa43a0c6ba1516af04109c1

SHA1
7e7bb160e580d2185284ea46b52e1cbbff57f9f8

SHA256
5089929a47b72b5190bfd499a183e89c4f792cf3daa65f336c55b66869279bda

SHA512
acf0fc268c6d7537a75c2e2673f2bf3d7fae31c4c41f531b120ae69f326d5ead1443eec23c7d8ce8e964d469762c0162aa59c8a8cd3d65fe6fffe359fc702701

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea315583929aab971630e4e3852b6e90

SHA1
a1610a6775435afade2cc6e7075b0cdfba7aa346

SHA256
a0a14112df9b8904baae4f964b0900ff8d8a41b0b8366c2eb031fd2dd086d69e

SHA512
d5a5cfdea7a5cc231f86f8abf602004771a1564a8e47ab97a6ae9fc5f7b6f1b7fbfcdc13e4823c592931a2ef3c906dac93d4ed4b337db0b342a3e4b8799e5e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3012569269e53390b1622e3767077bdd

SHA1
7ab789f6509b5679946090827dc1644717b555bf

SHA256
9557f3cf719197e01643f8c8da36381e00e0b81760d7cbb94451aab91dc9098b

SHA512
b669490c2800152031dcc0d20100f8bf758d8e9f2fd21cbb2741bf19ab6e73d73f19268b0fc8292ffe69a4d77a1786bbe8f8b584d34e69a42ba4c03ddab20be1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
098fcfd67ccdeac972c93a82a4634eb4

SHA1
c006f81dbe3f2587887002f9e08e748b8eee2580

SHA256
54660103836eeba4ec298cb55e668b17d30348c7c5fef22c29705a12e4309153

SHA512
a08d0b7526914a1d32112d767e19cba7e864fb13650698626a1edcced482f1e091bf2fdb1406e4ed130afa4a248abae54420169aad54f7a36851763bb9c2b177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06546fe88ed8869e24b0b00423ac41cb

SHA1
2045cce3ad4c99ebee6e67e0bfa87b9708f2c40e

SHA256
98be6e37832792458719e08de5deaf46cb192268f6e0d21eaa06e4c8bc44c650

SHA512
b8ff5b13bc91798e6a9ea1dbd14872139a47bf9aad2c91e3e428ec3cec7d7eea66bfc8c26abb1615b9d8aaa9821a2114206340a9e8d0efcb2d73e2af6c3df2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c46c4e517e664c8154199d9ee5c3c21b

SHA1
7217c5af6ef5a466d7715db16971f1730bfcc9a9

SHA256
1d4f927ab2ef1c1124ba4a6d0ec23a67df5a984362ec5b20fea0daf7169078ce

SHA512
19b1d273c9dcdd11b3295bf30655247adb3887b3460fadc55b320593776a1d89ead8274ddccac99bed2961eb032dfaa018d46ba5a4ea914ef52628539f2c6ed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8e4e70de583c8b02e052a0bef37cdf3

SHA1
907b209ee0ccba88c68869a00c54523adf3a788e

SHA256
6c379497ab7966e97168c31131c02ce5e25856fbd42bc83b4c90c47ab9c79631

SHA512
060fa4c9229906314f94a5035151bf625b3fde293a6df7659e23e3e620427ef0b56fc63a046979fe6097c56f9a768379341922b3d246d26c88f950fc1a56bed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06580dc9b153fc3f56f2db9918577f66

SHA1
6d00c2419c90746ff0e9a6110118098db7875145

SHA256
abf28fcd0a425efb6c8a19e5a6e04bdc615a4214a789a44eebcff59134eb2c5c

SHA512
ce26f50f41eaccf20e9d342c0ecd220c93b56be0f711577bb314de59e42f57df3c3087ed927a10a17713dab4b639329cf2e7e065fba00a7485f8f00ede371bfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a96a91cf93780307807abcef7874c7fa

SHA1
7d74d23f259328ae3b884023576a97e287033d85

SHA256
e13f4f7de3a257cef22012f76dde1dea41bb05911fbeae0a3e7cc0752551becb

SHA512
df83339f50e88469edd354ad4a65b997139f2dacced435fb7381fbeb569a1582c5196267d5b361cd20dc10bdbdc45ec8f1eadc36d50b72a1e012bda3e63f7b19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
474154676aa7a6cb4bfbc857d41b849a

SHA1
98951ad517c7fbc739b19ebca4cf9a593be1d86f

SHA256
892d3a7225a4960c524294bd9a7159b78eddad2b83b983e2a661350be1d96b65

SHA512
a5cac402ad938d619967fdf3dcbf2b5942b43e93f607d4edfcc9007fdf4ec12ad7dbe22efb7bb348171149098785a408a616d7547e7f505c4c3ef88503b8aef6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b572be95e502b053562fbab7660af9c6

SHA1
e56f9bb98b2b8ffd8225613158280739d494a148

SHA256
2096553a6006ff826b84e4cf086563bb1980376414fc24b661b934f98b2aeaeb

SHA512
28804ee25b6eb1b56d99279c2636a03e884367fb57bba64e59d95df2269220eca0b98905af4583cb20e4dc265637fc253738a052bffa4fb61ecc973c34c0d0c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b96d1fb392e3689164cc5bea08b1c4cb

SHA1
887da2aba0a3ec9c70c1edaf02bd9c816fe0d321

SHA256
2c3ef3f1cd556bef2ee541667cd5a8d5b62fe2bb0ebd5a00b46e7475b64b884c

SHA512
5836bac0437b23af100cd4695184941ff00ba425eb023603de847210310dbd323413e6b42e3c97c64a28a7a6105454bcb07a457a2d0b9e0ef9ebc90c3167c3c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91fb00952c4575dfe99a7e97ed2134b2

SHA1
f4573902e99ff93daa154c81de006b68114ac32d

SHA256
65aee9957b11e6d0a74a0b7f78ac7dcc2d622fdd87fbe565f6c1dd62219d418a

SHA512
6aee832ac579994fedc68ba31905228a2ff46266dfed3f171a1fdc1db12fe1280f6de82f4267ba899dbdc06ce6989ddb8ca09ba138f1b8d782252ac9be508876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b4b61904e9517cf3bb17afa965e769

SHA1
24240859067f34b38237c109b673c740431b3189

SHA256
fa022134a0b132fa9b1c2c5ed9cdb4704f529770bc9f954eae3945b8d57b1506

SHA512
f57f5d8ab6c4f0b6913d92e3f9953f9366667da8ae0d98d0c0ab75297579b7106eccd5f5100178bf02211943a6902905bbec01adbe4cb6bc87c6c13367a2255d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1557.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1662.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1687.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit