ab3047bfdb759e8d840ae4277a0d8c0d321a71f99a93ca43700a9a427b63f6ed

Analysis

max time kernel
139s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82c8a19b1aa4a9f82d9a52b54d7ab465_JaffaCakes118.html
Size

28KB
MD5

82c8a19b1aa4a9f82d9a52b54d7ab465
SHA1

e6fb422f43afd4501bd87819fa6f283122db68bc
SHA256

ab3047bfdb759e8d840ae4277a0d8c0d321a71f99a93ca43700a9a427b63f6ed
SHA512

61cfe7a98b876cdb2dfeae2d1656c6ee4d8eff8fb1c16ec94e0701b78bce7f7cf3af27d67bc0e0a951680f08ada476838c468d4974ea2e09d6c16936f4632869
SSDEEP

768:SfzdsFqvfudlQVV1C5m1CCCcmzm3C/CnCQGNz3EbbVz2:SLdsFqvfug1C5m1CCCcmzm3C/CnCQa8C

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423198487"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C5C9AA1-1E2D-11EF-A692-6A83D32C515E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2124	3024	iexplore.exe	28
PID 3024 wrote to memory of 2124	3024	iexplore.exe	28
PID 3024 wrote to memory of 2124	3024	iexplore.exe	28
PID 3024 wrote to memory of 2124	3024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82c8a19b1aa4a9f82d9a52b54d7ab465_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c7a54430a1c336a2efc5306cfbb67896

SHA1
3ef3839bb4b40b2e6ab01a27a5253693b82e3194

SHA256
c177ca3818e89e969ee446c0051f59a0800336b6ae0d75aebd0863ac717869c9

SHA512
31f5b908ef4b22f81362233dd3a0fb6a39dedc25269ff601dd60a7e27244a191007395fcef10328b8fca12841a46c3e36709af31d8ff1e017d742ce9b13cbdd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30bca8240d7c4456109b6faa4d9a95ef

SHA1
4aa1abb0304056e52f06be9e5d15143325d34bea

SHA256
74b497b7c3d689fe82cf86e5354565cabbe530085cbbfb158c6d1fb648e836d2

SHA512
4b6bc2c629d2c91c050fc40d186ed7019a00f075fbe50d723b39876f807207db32f71a97f6c8ea63e913012719861a10de4c06df1a46f2f845da1a8c5eac29a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e2f714cf65aa1be48b7badf614384fb

SHA1
daf1acb445a5299823f55f17e50bc191f14ad8ea

SHA256
400c3de3d35739fe3056313118bfd6e4bf96c4ad31ef1995308e95c5dd53b6e7

SHA512
78ea60c8769e0c4175a8d054279ea9ecbd8cc840805cdfab698e95a3ecce6114525cc5cb6ff3448cdbe1eb83aba435a8c441bba384f1ab617adcebb886d60d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72495f117e193d35416a75ea2d2359f4

SHA1
292909947773ab1ffee8b3738749c0d7fba12a92

SHA256
1e8e786f205e39dba7230e1dab1afa14104bd7478397278a7831672a775aac35

SHA512
bd3a0bdd850d047dcad29808b20ca48222a8b0fb1584b5a4c09d584ef2511f8935a4ffa3f10cb14f7543181abf020b8596e65cd2e89321c0e5e7c6bdfee818b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a03eb0aa7fbfaf261a5b2dd5e255c79e

SHA1
8165a078f4de13b1f84613c036eb22d380a3644a

SHA256
29212ef7417e42f63310cc46d42287b233315a51ac33f64b3ec9cbabf4e3adbf

SHA512
f6b6451b1598118b95e6f407e03f9fd141324207b84ac9e1899908a73c54b91bcd07618817710ab729909d6abcda8af61593082ca892f72e422bb36fc18e1e85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bb381e78db899ec75784158c56d9cb7

SHA1
ae2a6738b69f41dd79ecd86ef4a5621a1ba25e74

SHA256
cfa98b3a1ec9963130bc3fdf5c0a4c3d9ea89b08a7aac36c1145db03e0d92cd2

SHA512
eb09eb5be88f915d44db17f61afc3720a5a2b7f5bb09e17a704e58546b6c2f59524726763e8c86465cf0e905202511bb7103f3711896d23ae8018d1fb707f6d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a966084fa1d39ed4060a55e037e6a54

SHA1
c5883eb31c3a376208dcfc8edfc69c8addf67c12

SHA256
ae23438b59561df740f0432db5f0cbb304bbaeb7c1aa0940cdf454504e7b4b6e

SHA512
15db6440e3c6d99dbeda29f85a9ba8a5bd926c8260ba0a557e3863637961f0db62a780615bb8dc6bf2c4bd2f429d516f055a7ea26120d80317230d73f6aaeaae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e35a2fba78deb65d6ab7d40da756db92

SHA1
aa2a815d6ba48af060b32f03c24081383a33dd78

SHA256
7089b9ad9df1e742b563b2e248895be812fdd3d89da30478b2b881621e2d932f

SHA512
f6e98e64bbf88c28b1b0b4f7a92573e809a1dc6ff94da7e3844159cbbad4b57443a12d184c6962af3bd5ba8351f9b06a5c279343f8c9520b0e07a86f3f5d36a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
118ce056ba4d26dbd44c4fdf0dbef060

SHA1
ebe6284c3e02609ffb0a2316f5818bc301632cc0

SHA256
d5e15d27491ddfa7f056747ab1e9c8f159aa547ff5da1bd01ff4e101b7a3fb60

SHA512
97da23f71520399d65bc1f0ce38b9b3317649f461b924cc5d8f404c403735b6f61230d4e4194d9fca29e1cafbeef324cc7cb7805a7c75b4497c719945b09f14d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57f296f665d477c11cea052e9bcf44aa

SHA1
cd76038f0517cff12804f005f9b46ea8b0320725

SHA256
d9d00af7eceb8f12f6ac89dabce4fd5112fe96a328e633d3dcf29c353d475fd8

SHA512
5e163ed367ce55381b80c883281acbcb59462aff35847f31d516b2452067d3d93fe60d289e88577a46f29b26b390e0660419a4e445486d2bdb12198a678d7a44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b3e8fe301950c5046fc11e69e90d4d4

SHA1
8344dcf1c9f157956d20b2b82eea7d8d368522aa

SHA256
d4570b9197e90849b70900b733d1f7c0af87268828f5161c7d4a8da7ca63f47c

SHA512
2ef08e7da6dc6d5fb0288c25ff3a713600d2bb8e1bfae8ed809399785ca0d8606692e135a6d9b7e09b48b123df5d68eff24d6253290bd265b4cc4a29d5454001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
324cc1927cab3205fbb9fa9e5022dd87

SHA1
4dd8748690c2ebac49b16cea77489ad03776f74f

SHA256
03ca3165e6dea1c3a748cacd09c0ce1c6362cdb74758d1f85b99adcc16115d44

SHA512
2f16468eb197765f1ae0bf2ffe00630a7807c1ea2144c7b318d8baece7dd20bf4bdc377b5f01798f5dab064360fc95ab973609641d4fede51fc41feaed24e79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\dropdown[1].htm

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\jquery.pixelentity.kenburnsSlider.min[1].htm

Filesize
122B

MD5
00d64a82ba2d055e5facd3a30efac924

SHA1
308e275068e3bec5effca608fe9df2008c979650

SHA256
aaa3feed097fda6687c7c27860c24980f3ff105b6f326d10c98854145e9afa6b

SHA512
1151e227086964ec19c11eb388ace411a56a6e1da96409b2bfdb5313fb5df75223add437a653decf3afdfbd2be2cde421c512f9de423ad74f2ebbaf81119d8fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6A47.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6A6A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6BD6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit