aa383f9ea96b951ac9616dc270f553791464bb1408ad12affa9014b7ae127d9f

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

856757992ebcf03bb3c7dc6ea47f7856_JaffaCakes118.html
Size

213KB
MD5

856757992ebcf03bb3c7dc6ea47f7856
SHA1

9826ee66d5580ef8eedcb8006b5228c468b8ffa0
SHA256

aa383f9ea96b951ac9616dc270f553791464bb1408ad12affa9014b7ae127d9f
SHA512

eb52bb84faec6ad38b07e9ee712e5234543071e5cd8c2d23fd21480aed3b7351c10af585ca67aa3d08ea77cfafe5af83c5348dd610095f92da869da98aaafab9
SSDEEP

3072:Sr6czgB+s9WJyfkMY+BES09JXAnyrZalI+YQ:SrMmssMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F593D091-1EE2-11EF-A304-E60682B688C9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423276428"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
820	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
820	iexplore.exe
820	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 2252	820	iexplore.exe	28
PID 820 wrote to memory of 2252	820	iexplore.exe	28
PID 820 wrote to memory of 2252	820	iexplore.exe	28
PID 820 wrote to memory of 2252	820	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\856757992ebcf03bb3c7dc6ea47f7856_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:820
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77f58e0838fe516bd4a2006b8577d8aa

SHA1
de3c503fb0781e4edc7fe2cee4c0299f0e353965

SHA256
7e51ac5f65de476c07d82d0e176338b2f9fb3138467b4f8e3ec7969b8fb94d24

SHA512
66ff21551a10b21301d6f7a111f91c48bf227887a2a5945048c243d2eed76f17c176e68418b4ffd466109df624493d47e0a5efea0d8f9f20edbc002194d40596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81df8a2be81cf4ec62e3af113bbd93fd

SHA1
ef735eec55bffb140d726b852ad1b501d5b5105b

SHA256
9f39a80e18b36467a96a975d360ef2e71d55557f1dc625c5d60b12b38fd6d2b1

SHA512
8b5f7f06cdd798a4c3c28abd0a6313d5dfd4c8a0dc472b991af825ede2be7948057fa25aebd046711c8a7345089e0c5094fdfdee2c5b9c68adb5bf0391986f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25e6d53c70401b9ee811232efbdfe25c

SHA1
4df1b07795f5d83072c43b9ad55446d830f01584

SHA256
661462dab11a2728fd573b353908b8a525f2c2327c404d3dd16c97679d5d9e46

SHA512
ac71a854aa28926d962092a085a263e5556ccad860e055ac9327fe05a45e48ef070129269433c297c2473d67f82ea5329258fb5e48d54521607b5216494bdcc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eee0f2847fe045f4a003aff34b4059b3

SHA1
bbf074b1592893c7be7396e139508d2c8808222a

SHA256
81a1ced3c2a9eb41b49a83d77750b3204b4bf2f263c1f968b827fb6dd9e39c30

SHA512
7efa5d869a592daf89cd0552f9094d0c9ae5449142cbde8ad0c26881793f562e5e081ff5585fe77222919280a0144fed538d5a718b3a93cf2190e96f4b2d1e34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf08b7fed21602ed5b66fd0e7597c0c6

SHA1
a45ad44116e90d0abf940ddd769f30c85acf8568

SHA256
00fc25b6be878e88fa8f0fd6347fb3ebd4ba1c33cadd2f469b07ecab24fbb86b

SHA512
3912e8cd38e5cc9e368e3a8bcdefad9e30f05e2d8e3d171e3dddd6c3dfe7eef5c8c94e540c7b92194e19b5549c8a77cb5c3f82e44f8f6b7c9421e4dd663341f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8805c7f7f1483d21d7a2fd0eec2d8c73

SHA1
6e995718755eaf3f3796e2c47eaf6cd69b6ac711

SHA256
43064daf113747cca948a163b9ae9a6c7ec0a920fb4a8c47d61185878535d8f7

SHA512
031f36608b71470fa0c2a90cb6cf48512bf44925304b7e790d3a5790e1636278471cc9a1cf9dd99410feff2b7f9d8e4466669c1779d65333c06aaecac3900ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e41ad48b7abe3af2be99b235bdc660

SHA1
1335225071bb443cbb6bebc0cda13e25c4e79d38

SHA256
de2176e8338129563bcf54a81f026ba60f391daff065647aeeff85c129512f08

SHA512
8247c5864221a8dc6cc865741d9395ca2597f3285fc2a9c60ba28debc39770a84462f6b9c69d55fa9b4bdbb0cbba577c7e2d1d18ab7f472b56fdb5d2b30dea7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3fdeed7825fb7450ccc7f71c76c7a84

SHA1
91d3d7007fed53155e6240bff9570ef041212d09

SHA256
ed560b1495ac2ae216c758011bf2e6770274d641eee0ded9f76cc5f70e6f4d7a

SHA512
fbfbdfdd847f33578758a1738cf13dfb080c91450e8675a11a608f23c8c884823edc3785830cc16db4ac373ce7859c1a1326506ef4fee781548a614a8c985d78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2b10a5d4a26f8dec1365dc93340d5dd

SHA1
6ad999af7f48d5856d0cfeb3b59e143a2bc11424

SHA256
1cca09908ada81ac79990b84df3dc8ebd15997ec03bd6bf5b74be26e0b858eef

SHA512
5de2835645fa9d25b3e5cdb1622f9d7e1b432a7f9a7a3910d3b10b103b9dfd21ae45d792268c6ee564013734c18a4979d7088bc185e6b3e3d0f2fa83ce8a6425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2300f7b61d36ddb5420255a901c0018

SHA1
bb61df85bcb85e98fecdf438b911aee820913fbe

SHA256
f6b8e9b7b605a680be5d25f1e8765a98f64c78b3c0a7429391bae37579071315

SHA512
f48331a328623acdb86912c77d2e7c1828820e76bcd54c177f76692c71c8e8411cf8f23b6272d06ae95ed3b233c75f5116512a3c01f2a620a09d198603b4548e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dfc2055d0d95c69dd192687614528a6

SHA1
cecc59d24e03044f1f7f12167235b1ea1ff4feb2

SHA256
989cb38ab572f3a5a188ccdd4884349efcfb089ed5e7b24fdc4d65da85a16ee1

SHA512
0eae2eabcaea20d4c50e89c9a3cadeaddfadc9b22775b8cecf64f249b1e767009a37a2012ebdaaadc16db1b293374453922e898f4bd2e3a313bb391664c12c79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a421f17d6e9c6a1d1f3aa181363dc97

SHA1
3f8dc47649a2ef07df6ebf6cc984885a295c2eb3

SHA256
fad5b181b8d956e3379375bbecbfc6d9bf966e3921ed900775f35738dc06f48d

SHA512
ad09bc57407a2b41a277ae574b6e7643834cafcf6265cf953542465a3e47b6846722f67cb7d3b13c74fbeee70588514800597aa6372782748626e25cffd3870f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
437d52c828f72297e7afc45bc3ff31e5

SHA1
70794463547b7fe5bc7173906991fd2e4b34b37a

SHA256
64346962e780041ff7d3720adf8560f1a5cc0ef0676bd5e47da1a91109c66101

SHA512
e6f28b09efc9621f3cdd23e3421d2565f4c6f3043b7d1b64fb27becd8bb7936ba1dfa3f1a40e435c64779f505b84d8ac59f2c7adee1bfc5268ee339818d65b90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fba5676421420d935eb58ba5ab02b8f0

SHA1
6ea7d7020a04e4d7259ce9aae7e3cffd290477bc

SHA256
0c9bbefe9d0eb5d803b656e5cf208bc11aa4c05ef9c7b3bc352540f671a8d341

SHA512
8ac144b751b68bad6897ac9c6453ab8fc7f6fa5f494d626664551f2ee25c095e241c31767864dd9f9ce9ca7b84f3ce436a837ae052b7d6f8dd9a64aa140b8508

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f229ee60ae5c2577cddf920c498dfb23

SHA1
fcbf568916edf0de1bd0ae0e7f1a54f7c48a94ca

SHA256
1c48db9dc3bec4c73b1367be27cfaca3af0ec14b8fac730f9f3dab8bf18aa7b0

SHA512
48443a132fb98c60eea52312471e412ace3cfa9938f4459abb5466213b6f8e27271a543c01ba6b797ac1133b422842ed3c5a27d55da394f863e1a7db8cdc4f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bea12d7a636e1d496e8ceab54b0b8d7

SHA1
1a8d65ccf52f9bc3b30ffcb3a68fa7f0d307f3a8

SHA256
e48f92e8f95fe615365ab03f760bbbdb7989cde2b7fd6c614519bcbb9b9f5d4e

SHA512
4b0af2479ea012796e61da70bc3f3719d14502bbf2426fdc656c4a4fcce422b20fa95a453e94f54d70dcd572c0b4bdd1fd3ba4ce01f4679c9fa7b0ceceb5775d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
607e622556141e87f80f546a11334c48

SHA1
6a21d5f3300525ed90abf6b58a40773d4c00b225

SHA256
83759f99edc47818ec7461ac6051aa9ea9cc466ec4512e03b8c124f05290bd72

SHA512
d2549a6c9a21c3f6797449af6ce033dd656d1555f6e7642679da72e0162bed895d9bd45903e04f3c78a64ba384b7a2797f797b5dcb6c2af3e0e01524d0569661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52fd0d348e381e7d9f80b967bfac82e0

SHA1
dbd9c987939a998f016a0fb02008656608a7ef22

SHA256
cfefc141de23246569c719beddf381667b6e265d0c47fc464e239ff95a7b8c95

SHA512
bb79495d72e38003d5826c8018b635fe1d81804bbf5bb89e17933c49fd62fa38a4656341fb7c7f8a70b73af62d7dd192bbdd60ad267d6275b3fb247ffa2ccb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d81aa0d08a72306a4591bda57867551f

SHA1
468795385472ebb1f404874b5f8100283c406925

SHA256
2e376f0a85c882b77e6f7358bef3aa55c43d359aed0f9cf3c29f4a862a57584a

SHA512
10baaea44f467fafb3fc6fbf39a92b414455dc136dd527a25ce2b4249a2277860ce1d64c0eaae0fe7bd9a1d07e96a9c687189ccdf4548aa54068d42d596d2fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab143C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab152A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar153F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit