f1e6d29e28ef83fae7bc6ba377ec6694bad5d4f40d89f605d0fda69b6c54533e

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83cc2bd8af12cd822908e004bfa19c25_JaffaCakes118.html
Size

88KB
MD5

83cc2bd8af12cd822908e004bfa19c25
SHA1

5ae1f5c9a553966ba6e0108206475d40d41046aa
SHA256

f1e6d29e28ef83fae7bc6ba377ec6694bad5d4f40d89f605d0fda69b6c54533e
SHA512

a75e82a549fb5219695dc240520be2b7945c421f1fc321fd1897d8911a689893a0ac349aa2c9daca3411a7b57e63143ed2b529ffada47af7aec2bfb46c3f0fa5
SSDEEP

1536:SX6MVufv7gyVuBx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09w1:SefvKBx7dyfkMY+BES09G

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423224543"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27AD7AF1-1E6A-11EF-B826-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2956	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2956	iexplore.exe
2956	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2132	2956	iexplore.exe	28
PID 2956 wrote to memory of 2132	2956	iexplore.exe	28
PID 2956 wrote to memory of 2132	2956	iexplore.exe	28
PID 2956 wrote to memory of 2132	2956	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83cc2bd8af12cd822908e004bfa19c25_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cbc8286d4121ebf1d98798d1b86caa8

SHA1
f39b7eadb859c709e89d961074a292576845e242

SHA256
f4a798594c45d532bea611e3dc382603a832d850891d3a5eccfb34c9f431bf2e

SHA512
6372a1ad2850b920ba98636f3a27719819f3298ff56edcd62ec3ddf8df13061efa7173caee0022501e48883ce2608b267999c565b0088bdf05eee911730e7cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bbdf08616a0c50d22a80a170fce5680

SHA1
dc450d5ed6dc14a71857827e45b26254f775b738

SHA256
eae17ef7376645cb035e313d643be5fac94b58ebc674289d473bbc2de08190cb

SHA512
fe5346a5edf5e2224a24f9e444f237cdc986c52fc4cd5821f7d12468260bacada16abe4394cceb50b7d9d572dcd6b9867dfc2f55b356fcccfd1448c3e859c03a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43b6a67c8702397a8626cea223b894f4

SHA1
cc51ce9cda1a507f0ab42dffebf7295b848ff3ff

SHA256
f16693af0aba75d189fa4b736560d503efcf5b6b7611dbb3e789616af15321ba

SHA512
769c1996cf81d44e9936040fcca055711446a66bb832fb3d62a46c51f05dfb028df757e2622d174176ab7cef05fb98207f4d54e7a05579a7c71a7ddf7490d78b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ac50e528571e666623a4d8b13ad2f04

SHA1
3f1f8fe0415174d56504a78cce09506cb7a2da20

SHA256
dd90cef1de271d3bb12d986eed44053de8b71a203105ad7f6cc99e1909903d8e

SHA512
afc4a71ca7f2d9e6aa5717c3c5a63dd9e836f8d25f1cfab38d924531069f3d87c9c3e7a9554c780c0fd4f5398cff489d3d91d7eb5f0f39c3c6e11498c5424308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71cc885c7fa174fd6898047959e7c812

SHA1
c9a62da56996ce1403d37e9a060c536e8a48b14d

SHA256
ba7a85a643cf6f009942f47deae8192c5f95eebbef0ec5b1d4b3e4533a01e422

SHA512
21216ac3c67037e634c2cf9209cda322af9dcc45265276fb3b136abaa03552cd86a484247b58dd36d2fab6b896851dd055b0a8d1b3dfd4097a23d663739c65e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffb9978f854469e9c55b70403da1a800

SHA1
adc1cb6416208e6cb07e6c0dbfe005281b45cc42

SHA256
d34f290430ff2713d241a03d12810b7e679d1a471a407fa7160af9932641c50a

SHA512
0417fcc13c9b98b7ebd8e2e7bdf9d52ccca3a43be0b71a0bde748feb850af6bcf2d72f825185fe9b842540bf6ccca98e516df01702dd972d7d956b12baafb21d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73666ad7834dcf3ff9b7f7bc9b160c4d

SHA1
370c0f6302b5bc97952915f0fc848f477cc9273c

SHA256
418ba5afdd24d93826ef5720f8c5c7443b247d9d71addaa8ff766eec8d981a58

SHA512
7bce4c0a9ca00518cf9bfcb0c309d84f9472522c70e0c09e378d2a1d1d58ac372bb867af95a383d245695c3e480b4a4a66aee95bb3ee49b4a1d3f394d55a6cac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
380034a56bc3b42bf9fdea089abeedc4

SHA1
db01e4df5ef44178c7f86cf99243c7d8b6633236

SHA256
c9044f04db5598203cce830a7291f002a0360dff5e163e17eeb52a04991493ba

SHA512
800c121f06e1644105c4a4190cdd668f695d6041feeced357cb523699282a7877ced6d1956bbe0d6e02d956d1fe11befb8c99b76554e97e6b79ea4e74e1b9466

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3064f567564b15b7f97c8317f7e10e6a

SHA1
873227c9bdfaa83f711ceed958c0c4703080cd40

SHA256
c86b9fe693ec459d0fc17e1d1dddad8add944396cc566ecb08e4c2bbe02b11b0

SHA512
fd5c94f12db05a621883dfd353f0b61e90119d8a240a5094160139992ec17035ade8d581e9d74c96c7b32241b24eab615258a6ad0fe4082c4af034fa6ebac863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96462524773391e36eb7ccceed6cfa82

SHA1
6629e519a45244afc958aa1bfebd65b429648705

SHA256
55d285753e90ef6dd2aae1c5140ad287854e69e3021a6db5426e2e68b687afe5

SHA512
0d3cd8c53159ecba879488808df5d0a9a8a49779957628bcd9c839ab9e11a32c425714b883b810fa074dbd8c139dd9e8604fbc7a819b446837729908519bbb6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6daa45a19e8c7249914fe5bb069630a1

SHA1
9e48c31f2db14587eb9463ce320acae6adfaef1c

SHA256
afcbda9923d1a271f6107daebbe31cce211b1870a4d4e342d99caddbf905e04b

SHA512
9499667dd4cf1d3776b99f44aeeeb05525972867b2b74551beb7ae177005dc9884809611cf5ad15c3d4d2b791c2763f977a204e3582b7e885ac1e10ac81bac3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
febf66b491af2601bb2b8eb15ca83f3b

SHA1
c319a53943b4b1ba690b820b1ee3d88babab4bd3

SHA256
18f328e9cd47ce92f8bf59f7b77ea05d8c6438bd89b12613bdbad3ecbd67efe1

SHA512
e68824cdc2c431b77e9632e48e8674713e94e783ce2051a127a1b3d8b050e63adbfba7f492a19de01fb737ae37917347f01f00efce8e296a61f2c3edb87c8bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc6cd9b0470187f8a79ae9104e4c6ee2

SHA1
9846e15f7b7ddbacaa38030fa1486d0b121d15e5

SHA256
9597f038b738d7db7cfdd49725d4e1cdc8d1740541e8ef161a4c5566d123b585

SHA512
a1e565a083a3b59265410a38aef31b4306ad6e0eedda5f176275e2b72733d8ac54d653b2bd57f6e9640300a753246213892beda36e43d970d2b9517f74f4e97e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d08834c8ca0d22a76ca67a2cb5f9889

SHA1
5348231607f5edfbe9ab2cf99d4ca172c7d659cf

SHA256
4a824c0d8d88ec500d1fe2033969b4de90d310c2bfc305d176704f8a65982d15

SHA512
fb914460360c3bb237c3cfa3dbd2ca2908fec14d3b769f683f8ef80b929d20d9a8f9582e8faa2be90dad2dd7c6551ed57b6ee92b18532f88f5e106407237da48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb9ce3faf1a5abc63655beb073908d96

SHA1
bd4ea09e65d62ffe9d5a7d2d0c76fcd38bb98e38

SHA256
e3d25242d321318a8009bca257e14023ddee3ca87729a33077dd3d5ee88de562

SHA512
cf3655ac73035e01526609cc1edbc8d960a5bb50552b0977f7f4782cc8997ba4424eec2459bc9305b84fbfb45225a7e7ffbeb5d38aae5a32ee67a0734591ef65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c449d904b060523d7059cf11415544

SHA1
8dfaa4e39820d88e9a69c6690e3269883cc851c8

SHA256
5a40ded9ba1ea3c0c40bcc40d3a03c291d687b070bb6567cd08709f1284131e4

SHA512
327304d3a1f31a99adc68d61eaecda8a598ae03c35fcd9a8cf4d6ffa883dea6ac4e7da6c69953e633bc1bcd7b2ba2163bc344646310fb3dd4b1f0f2c91082432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c12d28369b6d55c20d3dd13edf938608

SHA1
488d51c53b7a65f7045a17f5f5e86f9717a384d7

SHA256
5d7e22a4ff107ec802a23fbfcb6f264447e1f856114233485559dbe68880838b

SHA512
476f0029e7e0b66aad7cf1453628777c9170c9bf8c3001d334297567cf00ddebff5e753986551ddf1ea9fb1e845849d5ad262af881f1be64ab395c781195a71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c85ecbf4994ec1fe6cc7810c83a990ab

SHA1
19a2e687a7c2fc198316e9085f6e6e14845668fc

SHA256
c8492022f9d25bddea4a6a441d294334319c7b6864f966fff4bce79fcefdec71

SHA512
bc0fa30636c8e138e6414c75b7b737b6fff3f9173a4030eba01c1ad7b14e9f9df805687fa96fa2e69ab1070a57804799f26e58200b876c4f57862e6e02766b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92839540abd0299b99a4e48572c50b80

SHA1
1d776d3b7a494f148ecf3f71845f2a54dce1b8d8

SHA256
f5f254f84181e22387d638196fc8d505c011bb330107049eb9cddf72d80ce8bc

SHA512
afdbd4bbc1a1a42683b116317b2aa9372380765f6984ae30c72e64004867f6c453001abc7be81f508b7e3fe45fa0fdfb20b5d4e89e22166fe6c726fd5aa95e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1EF6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1FD4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FF8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit