38a5968c48e33a67aa6e540771c75713798f78fa8008315404260a487baf72f8

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8588cbd0f6ee874d686a73a8e9cdcbb6_JaffaCakes118.html
Size

343KB
MD5

8588cbd0f6ee874d686a73a8e9cdcbb6
SHA1

f1348b1707ba196118ae24bca0f1a41d62a91878
SHA256

38a5968c48e33a67aa6e540771c75713798f78fa8008315404260a487baf72f8
SHA512

aa4dca3d83095adb94b20f5d20b8fa3214dcde66fca3e6b3b114e84c708b32d5973fd2745178643b966401ee849f6194d0295011ee91f20f29e4bbfa240cb8c9
SSDEEP

6144:QsMYod+X3oI+Y4FsMYod+X3oI+YZsMYod+X3oI+YQ:+5d+X3Y5d+X3f5d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423279667"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000090d0f9b28f36bf429ef645070a5a4afd0000000002000000000010660000000100002000000057741d1cd90f03dca6425e6b4f02d0e7337be857d69146d9c2a8d18fb76424d7000000000e8000000002000020000000a6146ab68ae7a3fb00ad1324d84551d80f17e7a18f5fba16e45f888139a8a13690000000bafef3405b525f84139cf799d9632f63c9d1931a2124d95597d78b8dd4669b2dcd0736a24dc3c23f65877343573389ed9c295bd6923b1d9a2dcaf36c6046e6639911bd0ed727c072d8cd274d7ab97e8fc9756b5dc4acefb09f268e2c68d8ecacab0943e3abf820d663465ae74c3b9648d8c91d8afc55192cd60087a1dd1eec1b500f42faab4270dfd56c8f9630c8dfde40000000a6bf42b9a40f1493c7a16cb99a3bd546faa8caa8100e71b0c91d6a9ef4d73b5497b644c894b1022c8ea33f735f598a306d293d40e56a0eadb21ab5d84ae381ec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c9c454f7b2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000090d0f9b28f36bf429ef645070a5a4afd000000000200000000001066000000010000200000004b73167b0cc15df8e02fc3739a3f21405df63fcbfd692cfcd625666ba05f557e000000000e80000000020000200000001e38e6a6b213b109de01392ac4c596b0396ec86f2c0bff81503871dba7671608200000005d7d76dae1b58a67689eaf816f3bdfe2ddbf9259c3ba79e77b1efc339cd1af694000000019b46bc0bb7f6b05308d797ad41f278e85dc5069b1fffe58377e02988fd45399e47c7e05dcf23a28ed675eb0bebea4659dad46fb33507854bac52d366898e294	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80292F51-1EEA-11EF-9C17-5E73522EB9B5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1336	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1336	iexplore.exe
1336	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 2620	1336	iexplore.exe	28
PID 1336 wrote to memory of 2620	1336	iexplore.exe	28
PID 1336 wrote to memory of 2620	1336	iexplore.exe	28
PID 1336 wrote to memory of 2620	1336	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8588cbd0f6ee874d686a73a8e9cdcbb6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10f1f099384fd144e1a5de216c96ee52

SHA1
a2517c3bde22453829c196976c0308533401392a

SHA256
3a2ab9a9025ae9ce5f14c9c472bd0b714e0d6b2c00c08f1449390435a6fbea2d

SHA512
2ddc48b81e259d1b70f20fc6c99cb1e655d2a74f03b18c71565218e2a4d6dd83c3841617516e7156d5bd97ae2cce8a24a0e72537d0234e2088a45c39ecaec7d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed45c64d9c607f2b07bd0fab6c7c059e

SHA1
2672d8e86f685442adb60d3f79d95100afbf38d9

SHA256
b9bbefc014641a019ae791ee47407dbeb667d8bb7fab449f99dced66ec6d3699

SHA512
92d1d1491befb059006f0b41645f289a8135f54d48c41e136050c1d8181dce090641d87efc821b58c0f5c18724b74d4d6daeae04e80fbd9865c06daa5cf62b35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
240b55fddac7714eda2814f5ca4550b3

SHA1
ef706c5b956df4fb9f33662365edfc6eadcfe87c

SHA256
49683d07113ab8d240b18e2c7d3e37c7f21caa9f458f7dd0244530d899b32aaf

SHA512
19cdf0963f2a5c96f9db33a1c3f31f398793556c29a35dafca4ed8b6c3ee378544017b3fdfd37c88ba8b148b58850363a307c49c0c2994a4dc91f52a82d74b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96c9faec2615ea57cb6b13e871cfa847

SHA1
045d75a4717adfe07b1c10b2bf4fddbce063b55e

SHA256
5316f712aa3f058852e7c9a49287ba4a23bcc17855cfb28dc1b603c07f676414

SHA512
009813d49bb0fa5b1faf4c620faa37b1d61367d0dabc603ea0eda85dda1fc2a33077b98964c9117b2678a70a415036703e9b86237a96010fd9f2812fe0bb7b21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f971ff207cc3c8ff25a58abe455da45

SHA1
066dc624c6aa13091e638e422c445e578044a2e4

SHA256
2fe5fd297f54e30515211a34d53a9d53afa0e89fef6bbf2ff738564dc79853e2

SHA512
e2ef5342c0928512e450923bf21725967c08fb215c876db3dc84987c5921006134e460c77c97f0a85477f27bf08e861ceaa7b0b84d64d59c30cdd65e609f606e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e11e7555648019c134d03188a40f47d2

SHA1
3cdc5b03594e9e11c295f88598f040ed1df03975

SHA256
ca15e6d673249a69ae8b261b63ddca0ddaece9bfaacf29ee547a8b672062964e

SHA512
acb8ab01caa491b64bd2300150ea5f3fe5c91539f9d043843397a69dbc1f6ddc24cfeb3255b0526599f1ae162ac9c81fbef2ef0e9ffec746a943ff2a0ca2a5ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
932328202c8fb1f66cad65963215f580

SHA1
1a86f00277a0d0a70e9c7ecea105b26def1faabe

SHA256
ae0eb2348bd5b675e8d2b2ce6191c3e7164a8a334236c28f6bb8dd7e3ec3ffd6

SHA512
e9d99ca3ad189aba0470e9ee3a7ebe452934eba1919521a9854cfd85922eca646bd1a4180916fa311538abf70c0b813a40d3b13aee48c644c31eb002c1252b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be512d6851cc9054fb47835a1671a803

SHA1
7c8cd18e2c8fcce37d36110b9d29b86cf747f28a

SHA256
672326dfd730d6bdfdeab79cc2f7833e83a5c6169c47bcb06bc6401f253a68bd

SHA512
6710d6be3a2dd1a892b3ebd2f39cf4f333b5516082b567aa73dcd701d6320a8b4919719920155417cf23b295b99fc47de79d25c2e2081a5fa0409dbf526be987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
961d85a5b75664f7657bc1a192469708

SHA1
08193a806adcd3ca33c7c50bd465226a35718f71

SHA256
8bf1cb1c9c82fc6845822105bf412969bff44681b07c18102c7e1376f8ac7577

SHA512
34ecab1f5279525e0d78a37230507de75c5da18a1ceda41c931bd6e4064dfce07b018ffd5ccc5531560a98f289fd8a90b4d178f84db713bad5ebadeb06f61239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab5c8a0ca45564d6a00413b43a0b0cdf

SHA1
43c777915a5ad694565d0d0266e9bd694e98b942

SHA256
5491d0b4fac0a8090e359699500d6442d545496a5dc3c11258a15f6263acb227

SHA512
58b66774138befb6f91a04956881df3719555eda9940c5029b96ef8f89a29ec83107efab1aec2a5c4df6cbf9a20a03b637e0604032153d883d355773b989a1fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69f6f26948f5afab8472c55460a37213

SHA1
a332dee94035f1fe86f4fb7bb07936d41f853a81

SHA256
08dd21304704f2f70b3e2f8a40679dd80021eb78b1ad44535b49ee19bb70e6f2

SHA512
7c36757aa11e6ce6365e3c585f7c1836527ade82bdc9548ed5a04cdb88104b151a1407e80e994afc39ff17d3cd35663ef493be49aed4f04ef4dcc08119cabaa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e6404dea509775a6fce4fd03fe8a349

SHA1
da357865c5f2eecd259a01a8bb9d700d3a68bd2b

SHA256
7a65bd0356f5331410f9b858f51d9aef1c6b044f2256b3b1b8abd76672fa966a

SHA512
88c6e87201547ac8694b68ac3dd7fbf7efab1beddc93f07a1c41c255fda6be3f9a6d49be085ee576e5a66f83db7031638404237269b0f898d26eaf3cc32eb99b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06c9fc1fac834328001c65a9f9317a08

SHA1
a033d369675b02554bb28610a1b7ae59a2c04aef

SHA256
7142bb807ef5986d4d64266b16c73c208c2fcca2c465f5d9be0c2131f3a12d31

SHA512
ce91f6a6ca1d0f16a5a8e8b0099c4087695ba74078563c7b1cfa3ce2cbb60e146b9cd961b9c4b4f3b00a2103dad6470944a2ead9beee61dbfeb71ad87cc97a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D1C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E0D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit