8caf0313e62740472b456d10003421f6d053ab40b860f250cc67137e5b40c3cd

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ff4e30f2ba8391932ca223ef7164223_JaffaCakes118.html
Size

34KB
MD5

7ff4e30f2ba8391932ca223ef7164223
SHA1

54bb5f403000c766e0786aeac3435a03a8803e69
SHA256

8caf0313e62740472b456d10003421f6d053ab40b860f250cc67137e5b40c3cd
SHA512

51e205e6d2380b0243090bc4511273a299b61922772042db2f6546119ec60da8fdff87bf707d9f66c1cabc76f6ae9c7aadfd89c75a37a459dc99ec40cf5f42cf
SSDEEP

192:RuOoih/Pb5n0nQjLntQ/fnQieTnrnQOkrntJ6nQTbnSnQUhsYwVqwVPwVQA37wV9:oOoM9Q/7G6A3c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130038"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E3593E1-1D8E-11EF-A692-6A83D32C515E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2560	3024	iexplore.exe	28
PID 3024 wrote to memory of 2560	3024	iexplore.exe	28
PID 3024 wrote to memory of 2560	3024	iexplore.exe	28
PID 3024 wrote to memory of 2560	3024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ff4e30f2ba8391932ca223ef7164223_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e6df52646d9ac3ef5c61cda5ce08507

SHA1
40cbf6225f6c64e13054c9c126d64cdaaa781e8b

SHA256
c213167591ebfde48f4377f3688d72f6e6fde4b3b1e81e9f04783a9d027629a5

SHA512
e1cb07a98ce7f8f0c6de4dbc4d3d863e5751aa01c6dae1d0b09d695449377c89bf9b9540b064cf7b95bb34b1bedf777eeaeebb03da715245ac6e6957aa08e6b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09a624250a6994b22283f34663d761b3

SHA1
b814df3db13e4b8b9a1da35f7f02f5481f3f13fa

SHA256
64661f3ea423d81a7c2f7f133b1db9c5f8c24e539312fc9f1a3a07f79b3b5489

SHA512
d82ab0ef85777d3d26a33d523a50bcff2d6f939cb324449cc21a4a5ebcb5e0ceb2eb3acbe578240af7f72cd662d728ad1c14b4d8c2618c5899abf67ad32b9ff1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0219ea72dcf0b90b2e799cf3f666eef

SHA1
b749e437b4d9083a3bfe9f186374b12d2fa391d1

SHA256
39dce2d9cd5a9e3349992aa8d566fc01cf8281bd037418d94a2473c222c38207

SHA512
db1a848211ad42a6780392cd5f1a6933a9d92ecc1d040ba9f9968302f12bb3aac9c6229c7de19925e5435393667a65f2dd25ed4eb2a77ddc2714588b3e5893ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc86a1d2e9ec9bad842fbc8d074142a6

SHA1
545ba9f06a9b861fb6b5e3c63c5f4c9542d4506c

SHA256
ce71a15765321ca706643ee4bbf0e2c89e465fa6fb0495fcb7af95e95f8ca603

SHA512
17aaf5d17d1f3cf320293c5a5a4c564bf143fd9eb524688c36bc76f35081d08ea3ab10c435a0c79027d58f597d19e2cbbb236d29448b475d6514bace8314974b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c88f500db60608cdf1d7741ee79f85f

SHA1
9598c54d5ad0bb070f9bcda33041f5e6752a3e17

SHA256
3252a6650d28dbe4a1799c382c28e1ada9c565bd4fcd17d64393e476387cb485

SHA512
396788eaefe4270ff9647f74adadf05fc36329dd07ad67221d43d728e9699f33ea68287b82e6bb653c6ea3a9b4c1a335204ccb8ed2dbfe3481d368b03ef03d07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ee6a5bac247753f86f044f61cc00023

SHA1
4ae346ea3c866354080bbaf6b6209307d7529c05

SHA256
3f8fae58d49c12dd3551570ab9c2011a4c2f5649b4ffa057d3b60064d829ba0b

SHA512
ba96180a78a93ac85450844ad1c758bcff97c32961e61b057c8ff70b81e3f26e9e2b945e163a6c8dc610c3a254efc26f09f00d8cd953fa62bfd3a6f54796b904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
153043b2f9d2dfab3fdb422a2a981cb7

SHA1
db711090e3597c528049dd0aa211e693aa0e1527

SHA256
4d5076c3186595f37507a07587e52f7acf87348dbdf917ee895437ff6e83f5f0

SHA512
42ddc6cfdf0b0ccaf912eb8395adc9b90a6113aece0a02274b047d361ae938f515fab2a01b9812522180af09d90f2e825f11d604b87237ae03afb478bbc1e99e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d49ce6ca9030f3c1090bd08d139fb0c1

SHA1
2dbff917d67a5eab3e83badd0e0d3d362335ae99

SHA256
5782979e9d50d3e945973437e639f27ea107969a783919620b84b8c4ca63a31b

SHA512
f301fa38d89c6f7cf788430b14d5267b84c31157687b0c4f0d98a827ce7489cd148cf1087c9356686f0e50b390c7e7d88e7878532caf9d1f081d9f083797569e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
666c3f28b2d752ff4dbfb55eaf8624c6

SHA1
1d764b40cfbdd8d25a519ffefa1e417316515a64

SHA256
c0edea994604d6a4bf4e7e9ee97c0959b0a38d5fbceb836dd7db704c9db174b9

SHA512
8878148895a454c90d44bfcdccaf7631d23a8c1f11c17d67cf41f625e826255d6b8f6a100b5d50a548780164036140518392f65b0b3140724d7c414f9cec9d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04bc4c04c514fe460c46ed9726ff4882

SHA1
f052b718b46904d1a2bd9646a3e4f30ac740dad7

SHA256
037aead1c4eb7f1fb0a09dce983d6c780a45a7766dd27f8ddfd62fd2733afd40

SHA512
79dbd1f6430efef86447060153709e8de48f14a3af5dc035d7c6a6d1ce058ee315d7089620f9374c7bb0f7a1d488ca1399bda66997934e46e100014c5e6421ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c92c6dc4557b93217fedbd4f943182

SHA1
1ee16985a6f17ed2ca4da246851bdc4db95bf28b

SHA256
5213f575d2434cb1e4d001bb2d9a83cb8477d8b5dec12aad3f834a14e26c27ce

SHA512
2cf3e33d0991b61cee7a3a896f715bb428ee4976ff714499997f216474c3ec8b5c6654fa04e9fd14b485d1d9a266c17d07902e0f1bf03310a4e44acd0983eade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
473d2b3c8afa6d4aa5a1d7585eb63ce6

SHA1
80352263a96e97e95c5cbec804690396c440101a

SHA256
76b4fb96cc8aed93d6a4a62ef8bdc3b5972b3e17c4b07fbe1a9a65b9f3c32f9d

SHA512
ba987def8079f55b369f8adcc02da986d48e3fec93f22d74c98f0c57e3c60d728d191a3047ce168e32004c8467abf74dd7d19ab4797d60470a1478b4defce146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab68F2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar69E3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit