be315ecf71185baa98aacc92b3801d68177827abacbed3f4b3475a887823d3ab

Analysis

max time kernel
150s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d0fc3cac65e12d64857bcce50ea7bca_JaffaCakes118.html
Size

58KB
MD5

7d0fc3cac65e12d64857bcce50ea7bca
SHA1

fa81d3446dd0ac69c57aa4fb61479d9d2d6c59da
SHA256

be315ecf71185baa98aacc92b3801d68177827abacbed3f4b3475a887823d3ab
SHA512

bb32335760f72953e61b83e5dc76abebc92e33932923e9958846cadf3eefaaaa9fca36662e00f1e4a0338d214c66046269b3497a992a8a186312ae603f9d4071
SSDEEP

768:f3qKC4Cz6bMzdeotNZuL5XUH/v4L01TDD:v0/wMzdeotNZuL5XE/A2D

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423063546"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E029731-1CF3-11EF-8804-E25BC60B6402} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2872	2844	iexplore.exe	28
PID 2844 wrote to memory of 2872	2844	iexplore.exe	28
PID 2844 wrote to memory of 2872	2844	iexplore.exe	28
PID 2844 wrote to memory of 2872	2844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7d0fc3cac65e12d64857bcce50ea7bca_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a8bcae7cde59b3b07d5c8b9b324bce4

SHA1
8ac2c942308f97046406f4261767d4dd4afd4433

SHA256
5c908623af53124b9120384b20dfcca5abbb6d3f597592886e60206d31044d0f

SHA512
febbf5d0e63fbfddfd07978eed1a5d7e708f2193674527dfbaf9405992c94f87c5d47941fcc768ecc392f0bebc7390256dcbdf5fbc06540fdf4fbaab31224b25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59025b7f3beedeebf1acd4759a322d86

SHA1
eadbe514a0b1bd33ab31dec0a505434b1e2ab1c5

SHA256
15a3b878366e9a551d372fac07f82938fce4ce24cb657b9d25f03b90e8ea6e5e

SHA512
1f98139c0b3170ab994976be23234d9a78356fb452f3c9da30b18a0a012588f8b26bf94a87c761beb1a67a398dae2de517b01fc73bcced0c682981cb568207c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8bca6c75315a3b95b8bfbb888b8cd2a

SHA1
b66c0206879f1ad8bb80df5007e2ad6077e6873f

SHA256
83b496c3c5daeca300ca8b6bed368e818b7a14fda3ccfb9f59df127b66cc4009

SHA512
3b8305fb28f4236318d1215e97c2769252bf176b3e420775fdd55f21ba7913061b7672887135ea5d7d926e4c31cf85e66fc8f6ee325f3cbd201740217dc2771a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8434d2a9647229c81aed850a7fe4754f

SHA1
5b9fe61376f0b998af71c4f622d32a492fbdbee1

SHA256
9b6dd0e9b388e9fe715603f0abafca8b8d3921a5832cacaae3c871fe9938a120

SHA512
5d6b3e2f1f7e09f3d2de873de20d8ed2b42bf62040715d1904e0455f959a5e61f8159c0e51da499a92c2fa7d789676c35268d9bc1150aea44a775cece70ebfa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3abd11dcee91de62b8f9c88e489a04e3

SHA1
212cf66267a7cc57626b739c7386c2bc3ddb8ef2

SHA256
773937b501be061db99e9ad7fb84bf0f67156e91a4dbb4b8190a683988bb6f0a

SHA512
bf78f4a2a8810f2516a647768efe5a31a2ef813be7a165f57991891efa2adddd1ef5ba8b7bc60de87f436c859af54584da91e5b4c3c8509fd327c4a63bbe9982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df1d6b4e9f8023f6ee76cbe34805f10d

SHA1
23f8f7f01b98a10dfa6224211db14da527a22691

SHA256
c3d9ee326d2cfacd1b951ccdd140c42562099a5af07940afe62351669ad252af

SHA512
b675a9fc0c4a9ba1fd191a2ce82a75287694a8b42b7653a52412f88223c4ded3ac552097ad07b97fe584a303a058ea17ee87df9409f95235de225f72fe609004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfa7dc769baffb3285f9e1b487842840

SHA1
2c4f6053fa14c2a7c27eac58bc5f94daf92b30bc

SHA256
fda1d2ba9db951e3df9c0f6e1141adb5627f10ac7620441015aa543588d85feb

SHA512
4990c652d5b5d9b7793e72da0455f9e6aad855a8301a14badb1264b4131fa1ce179ec4b8b1762999f1397d32c91a2dbf06a9838a05c0d13040a15467106ca923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a65541a22289d167990a0882dc270dc

SHA1
bc167f4091d580f7432d33681fe2196418841733

SHA256
36d08b3d95c106addb8da5543b846341ae0cfcbc7ea18ceb8c016b2a61519d6b

SHA512
785e813c758d0bb3cfaff2033fdc5cdcec77043d6ab97d3950e8234630d0f5835ba1c0309c4bee5927e35d769e914aa7ab3e68add94de5974bb80b1df4e0bcb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a86829e1224c04f36f2c5a5185efbfaa

SHA1
5f2ad35e457fec8f42ab0b3009ea4038b76c5d8f

SHA256
64bb1a0440118d11c3c70fd88dba820992b25596a6cc54196c0fb6b1e5320785

SHA512
25e4ee6b297a007e4624fbf0fb25772b03c51d208d6bb61d47dab10ce260b343ece90e25c2b81f27945ec69886b145f6f497923de38f1645d4a738ead8bd445d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25b8b56112309667f298d2b46b98e127

SHA1
3afe632566ae153be8589caea90a4788af68fa10

SHA256
dffc85ec8ae9ebfd604403095b0087c886bd41d22916acaa577eb1e04126f066

SHA512
2c2fc4f97cdbcec2c03efb0256002e7675f9613ffdcb50355f3ee3bdb19e75deba6bd2c60caa9a49259507c5eb2adce7bcdf3461f2f730ba5222e535bb4d6cf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6451f2a5f3b8aafc271bf53b003321d

SHA1
31bf155a94b273b0f6e8cbe9b52e933c70e9e8a9

SHA256
7a7a208684bb6d1e4dc0046a428e87cf9a687393ef2b2a64a8a183c746d16b33

SHA512
23f542e2485a1ad3cea67662e5b833ece3b51b0c39a1e9c61fc2702e68d99b3836556c34a4b1031dbeeafac49e654fb30508b88924220d118ed120a61c5641d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0954aada49eb82498c57cc423b2c016d

SHA1
79470323fc433a098ae203499aa3fc2005a109c2

SHA256
30707621e698fc56ab7a1cf8c78731457ded730c3f307269cbb2463a73cc961c

SHA512
6ae7d2069db1fd023e7d33bf302ef12fd63937c625f8cc98e63ef45ef383654ce2eb1060177e69b821bb992b169289d9ef80b263d8e99a1806d7e3da297a1bf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ae24d64b15881907c0ac37463f22322

SHA1
d68709128a20ecbf67077e5c119386345c3189e7

SHA256
2327507da8f1f04c99f69c58961c89b7b07a5f53e4530f33554bc4872f6dcfb1

SHA512
f2be3aae5608c7166467ff028a514a7b42d44051d9211b6566e58e16aa0b41679e28600b54027134c87a5e7eb41ca5e4198fd596f5efacbde6c132e105e45a07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5916b855bf0f827a407c360af26a0754

SHA1
7579b40e7feebafc6aa340e7e8eaf8aa6a3b126e

SHA256
7e4fddf21448f1161a384766c72d7bfd61a6f2505d59ebd8011c9160b8a57236

SHA512
ed1e11d3ac6b357bdc26598f6d127053fdba7504d5a15cc6c58ab1a5624e312efb4540d7c75cbe1eefb865316ef0c9bfd7787bb490005870853e885a1775b6c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebfac896a5a3a475bae846b5381f3ec1

SHA1
2b023bc48fc71ab0064a8c6ff66b52851ffc2dd2

SHA256
bf0241e184f65ddcea4ea0c2f76d2478bde6425951c21e8b85103d29109d235a

SHA512
1b803b285f1be756d39af18ca2f7abae4e49ded895ec97b2d8e2a0dc646f9a9727cca37453b63b32fe3f92fa87645289ce84cbbb44b878ac1dd9f78f595ac66e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caacefa4d38787aac57f0bad99d44df8

SHA1
b87808f9f469f9c39faea7ed2c7535dc5aedc843

SHA256
6e2ef1587e6efdd0e418b7e60c2bd83380376e004a4225eb4dc948acb6953c51

SHA512
b8f69b9506ee6537ea85d4141be559bc5f25df6ff774f362e047907ff6179c816869a0cd6578e70616f94549bd15efc41ed1db111f7ea1f4181b25127cd0e6b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a13d20ed25aae38e7ef5851f52206f8

SHA1
0598f80b4659f3237ceabe5365fa9c24b74b4bc1

SHA256
67bf7c30f686f73f5e49389c084dedfa55701d110d865bf81e8384ed1c8e107a

SHA512
79311c0abf589f505d088f99c469994f1bded07108328060d2dbe8a5bf9626ff0ec5a4110ffecfe6a8ce7ae3f9e65f0b28f20fada5a1eabde00b1c33925534a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1325.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1426.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit