e6a2dd50abd21864297fca1b672facaaa71a20e88ed3df760af42e96dd9f9f0d

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80f184a4762320ebac0d783411041c71_JaffaCakes118.html
Size

11KB
MD5

80f184a4762320ebac0d783411041c71
SHA1

0e21541bbfd2fb0f2ae7fcd6cbf741ad2c57049f
SHA256

e6a2dd50abd21864297fca1b672facaaa71a20e88ed3df760af42e96dd9f9f0d
SHA512

c41e1a008d19f939d7cb993b3bfe6815f2619758b99548583d5277c776afe78e2af3b7b3de1df30f6e456f98e025dc647158d4022563be90f1d9ae957ea87241
SSDEEP

96:1AIpNEAbHGjeAdZymYYL+SjKpeJVpkyL8Bh1+N3MVf90vAmncLpsha8CNo:SIpemHGjeAdZDY4+SjuexX8tXfgTt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423152243"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D189E6C1-1DC1-11EF-B5E8-DE62917EBCA6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2912	2196	iexplore.exe	28
PID 2196 wrote to memory of 2912	2196	iexplore.exe	28
PID 2196 wrote to memory of 2912	2196	iexplore.exe	28
PID 2196 wrote to memory of 2912	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80f184a4762320ebac0d783411041c71_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d367d59a511729d95fdf5a948165caa6

SHA1
b9792a14fce103fef5acbcfc9a75b1c2aedb11da

SHA256
abb49dbfff428b6b463e050b8e5c95f9c0e5ce4be7e8899ed5796ae5ec637a25

SHA512
17c6d55d6d0943ae68f3b1b84890ecf0203243ad3c67eba4685bf2f79a315fe4de85b60956418750ab39e9a3feb1885c09f1e9879ef668bb91815b0e50c7a3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31db05a885f8d13e1a132b057df11eaa

SHA1
683d0efb618f0b9f61d20c88ca43891c6cea0cac

SHA256
c1e85d15f68e4ab960367ec0f992a8b214dd9f515e7a5b6343369bfb8483e51c

SHA512
6ff94af541af2b66977d50da944d14152b1014a39b9907bd15f4dddeef1cb1bc2079a655daa2a7ccd002e57b84114027d98057e5910c2b335a823d4faef58c82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce109fd8dc0ab6e384abd6be4bd09bbd

SHA1
1c19cff2e164112c7f60d13fb698dde51fbc4087

SHA256
c4557be1f82048fff57255152c03c9ef580ba673b84bd7b3dc1622cbeec11fcd

SHA512
aafd9adbbb912dbe98d4b3492672b7bf8ece1d782b565200aa4af2a7f360d048c87d97dea0698d162a3bb1397f9edc972a44ffd31645ed7fe78fb594b86bf67d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8feec1af49ec3eadae5bd303cff3193

SHA1
1750d9bf20b692139c0a993e27c90e9ad35e444a

SHA256
a5c9d251cc13858ec2c5c877871a1d94151a617fdc045ed6ad586f8316f2eed1

SHA512
a016adaceeb1c00ad59ddfcabeb5247b7056a96ea8f0c585a4612e3666039a0cfadd828c74b7c159c9ae329e96e1a7efa81ef5d29d1981eb4fcc2a693d0a6b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c6dd2b822beb25e64031ecfe6740a91

SHA1
9284ae58085c959fca0307d834adfb0ef98fd105

SHA256
b14f4afa5123ea8963a961517674d281474c4746fe3b7787429a308be3cd62e3

SHA512
3fb8bd11dc95821c2fed14132f5311e6bb6674291419572d6c1a26c7827de177e82e605874d385b1c7996949378e045963fb9d5372d9f314ca9dc3893a2da09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd57a6a824b3832bfc00e40cc35e83b2

SHA1
1af3d4ff54fbde43a1dd36295d275e9613b644a7

SHA256
2ab532d8b39e43c4ca965e6619a93f70f98c243fdb51a0313a1147a9e452b088

SHA512
ce9a7cc73e30e98cc807de50592d49cc354ed894839cb50ff69ff26978ff86f837a9f5b4c335722bc00191f4cb3e663b33cfa89b820141cb0b8e59b4613ff279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e09138bd89302dc9c6c9be63a9e7e7d8

SHA1
595efd344bcdbfb00ff0a90b288b9a0d8a82ea40

SHA256
17b59eac002569deea375955fa2b6f4457fc5de2eabddc47cb67c47cf53bf9b5

SHA512
24f80fd98922fc5f9715b4fb20b67f04d7e3979c300eb3aa140b743edfb691486597299f70fd2e62d6856ba4865988b6cb91b109e9af7d3813c1e14c5cf1c4ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e490638beacf54f859d49226a88fd49

SHA1
a4b94e14cdb68ba9d44a91e343357fce2cbb314f

SHA256
6236c2de5f8712c673449289c33acd2db80deedfc62ad12c14e4b3280a1de75b

SHA512
5181a8a4e6206644d51af835b0e05bcfd60dd294d48c9d6be56be5c16bec523230f0985256f417cba55b7aa4f58ecd87c54bbd408162e952a029aee8285ada08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f16949d99a1c85d8deee212e8d37075c

SHA1
de7518b553570ecc62d131c2445ca7b8b73f8653

SHA256
199e27dd581a1c8a1aeddd49d671fcbe427a51d57fa520db934b40c1f6d253e0

SHA512
de2b1583f3464316fb528fc30feb6d9b60b7a4e6a82d4baca3f6dc93218db4eed5990834c1ada791586b3b61fe62e69f098e9ac4adb3f9eca88c0afadeb5873e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f585831e66ab15a1cc71b8edaacd8e4b

SHA1
4e57d8348af5f1214c6a36db136c2cb9adfa0d43

SHA256
9830696c84b05021deb627804fdb3659bcaadcfd6b72e8df2a4657d275fb3498

SHA512
4a59a8cd8e905790b293a2b55d8eb08f652e9b10885e6d6e802c8657f57de25ca867f388e372a165942b16a4f3e53dc04886853ed1581e253ccb771a8fde36c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11c435cd8cbba8d2d444183eec91e0a

SHA1
747d65009da5bf98bfee2c9ac56f4608d69fcd55

SHA256
8eb0e38e12f2263186796dd604456821b102b730e310ccf3426111b763fb07ee

SHA512
b31d774e3726440762d21c477dee6abdb6763e8cf09b9ff22da0a6d008b7156746cc2338f681f65151b1f0cab619070940cbbba191c25c5cdb63a7126d79e4bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
879c282e89e1415286891c15fb966f0e

SHA1
1891ab8b279d0165971ac16b938fe2edecd12976

SHA256
337a40643eb8ce9af6c166c1b2cae41d894f854b49961254fdcb7e69553109d4

SHA512
ce34a42c320948a5f425d8e229685d51a30ca8cfa26bc1f9e53ffab4877212ff2a66164683f1ea4a006902b7c2cf7229ccc604268db149779b6761c300a359d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c90f4d433bab566f847d8b24082f4300

SHA1
1b6726b61a0ccd77ad0602b611b2e260f2c52e49

SHA256
401632dda1d5f68cee2c0b2d0a4e5a12d368598e9da61e66b2ce1002d5fcbd54

SHA512
25c04a83782f23c4083908e7a82b5d3e3f9b4c88ea4ad6c5f73ac3f355e3db67ba79ed1c4633fa258126bf0472ad17c49c1dc9e1622a92bf089f20ef0a13d3a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
684453318c240450bbee55242d33d3b4

SHA1
5fb14ad748bf9b5f0a0caaf29dbd057838d6de94

SHA256
703764d74cd9d2a918f2360a9b665e25d53cf6a7249f16df65bfe33616fa8146

SHA512
2cc18896e901b66818f7c4ecc83eba09e9e1a34fea653dcfb93af18774b8e9331378b50fad713f468e409fbd2944a1f71ec0c29e80f4cbbe1e41f3f38a3fd263

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26e4d9007dc479e235c68d72ffa5cc37

SHA1
5f02a7c1241444eea8b9240d35dcda93339803ef

SHA256
c65583e6f6f113e2f06c06a1ce3559f908fd4a38f3039daffac52cde4198e26f

SHA512
59a3b1c6ff4b498dcaecee88c08c863d60800228a745204021a7ae1821c507d08eca09569cfd983f5be80e99b9330d3657ffafec5fa50a6f6989e17cc1695c85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d08ecb746661d67a45b08d55ba8baf27

SHA1
10ec0a4b21b3cc3fa40048c7b487bc1e5ff9538a

SHA256
2b663bff9fb7100813ac201819538c8b1eec556ccaa201a8be9d4a90dbb2dba7

SHA512
9022a8fb64c96fdbe18dc8770d0a6f0476592742b5f3515a546118d42f5f98c82bfe570a967506ffecd3f1f3e5e63cbd71e0afb0ba27830442ae683bd744f483

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92e34b938f6b3841bbf8f835df1bcc5c

SHA1
47c3998b7d24ef2cf1e20f7a180a94fc8052c924

SHA256
81fbca90718ee29456606095a8eef94775f9519283c02b1239b315db41de9969

SHA512
416eaa382d7fd30e6d1a4dba1d21ac4f0c34537084efe4937eb2f0fc6ca5c38a7d19ad1622896b04cf84bbde31b556340a0e27150b1260954347b67707bfc6b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87209284528482fcbff004bbefc31578

SHA1
b0d74e1b3f4d0f6b455508948fee10e3bdcdc08e

SHA256
e0359e56641cda3f6b6a70dcce03fda58c2089ad0b14a812df736c43edc5c910

SHA512
d6c838b329db6542b8854efa3b6c38ad294ac6fc6cf4a50cf9afb25838a50683d86cccc7a29d9475b90bc6f327fd23d443e0c97b7315043abcae2eb918c06624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa1201a916a2dc8d134370ad19ca7f3

SHA1
bd7da524143c9e792a5bdf2a2696107c0316845b

SHA256
42f1804d0985cb4706ad1cdcd26b6b6b437aff04f73b6dc8247cd629e6da11ca

SHA512
33ba87196af6ded6a2d8d3201b84eb8a9fcd8ea32a124579cc6d6960554bc2a47dee7b056351a1a4b05c331570029194f967f07050baf07bbadf2d0eecab0661

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16CD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17BE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit