da00922e3d4291015084dd5d6b84f6d989daabcc67f53b5d2dacaa13f70f8d4d

Analysis

max time kernel
137s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86541052d3821e0dd2662a5b4be5d5fe_JaffaCakes118.html
Size

213KB
MD5

86541052d3821e0dd2662a5b4be5d5fe
SHA1

7ba0e72164ecd81b3dd5dca0319b184685fb2300
SHA256

da00922e3d4291015084dd5d6b84f6d989daabcc67f53b5d2dacaa13f70f8d4d
SHA512

722f9d99df969a1033aa497d1dc199a0e5796be70d3012014087e13f5e46a911e37d1f73f7621dcdfc9b1238317af4ae7ff8aebf70d74fa3abc40ba6f7df0c6b
SSDEEP

3072:SAJS+OGJpG7lyfkMY+BES09JXAnyrZalI+YQ:SAs4MQsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423303791"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9CE2031-1F22-11EF-9A09-E25BC60B6402} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2656	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2656	iexplore.exe
2656	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2556	2656	iexplore.exe	28
PID 2656 wrote to memory of 2556	2656	iexplore.exe	28
PID 2656 wrote to memory of 2556	2656	iexplore.exe	28
PID 2656 wrote to memory of 2556	2656	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\86541052d3821e0dd2662a5b4be5d5fe_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9572124679fcca4698e2cdf7667b72f3

SHA1
e60e8d531c72246ad1c23bae7bd4bc3bcd574fa5

SHA256
a2c24c9ceaa446b207c123d99a2275e4bada12d5ce406dfc50c2fb37dc1e34b5

SHA512
5a27d7060fd330f4a8e890e20ee4f7ca0ecb203ad335c4c4581525a1bca21335b5d6973f035da730daec6c84e8ed76fb716ec5cfc9da8d22b9147e9ed58a82d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
507141287a4c7be1fdab43923ff2ca3d

SHA1
c99506cf69db12967f45fe13de298163e92f62ad

SHA256
eefbc956976723b091f77baf8d5233655936bc9e4641a54947efe18d812bb580

SHA512
f442dd0d1a4314770ae5010a865d25d87711951599361fb68c260a346824ee38954dee3f4e14f9f3a7d2ed282fdd371323c9cf2d056aa1263fa54ea81f7231ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ed2f43d6d6676f9d2209a2d86fd1710

SHA1
ceeec26e295548a6c70cb8198143e06c5fe8921f

SHA256
b6e2fc710054c59a5326d5bdba6689c0c382f5ed0e1aa437c29b5654804d1853

SHA512
508e8ade7b9ca5ec310ce19f7fd35fa4f51d199c64360133d774a4f62282de2982c3053d201dc3920bc4ad39f32196e5eceb1ab938639454a2d953778f7e09b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c49e6b9b667d55cc4496270dce57c8

SHA1
a657dc7dc0681442e72610cdefd2d0f1986fe0fe

SHA256
9b7310cc5ddae2cc527169e2803580d9e64845033679706384f4ddee0b2b89a4

SHA512
c00d02eff7f05f967156a413c557eb0a99513805fa2acac8149631261dfd72f2f798e5f0f0cba4ce4c023c25a1cd2a9ffa69b31f948e4171ca084545383d4e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03ff98291693da2c3b7b3525db052e95

SHA1
c10b594756278946c76e3384ac21765cb5fd6e4e

SHA256
c731c20f60716d5d0418d862ee1035376023d6e082f746f0a488f388080515f6

SHA512
b0f5e9a87260f48100d22c4da6ed37bc1b46604b7d6a47d9212b0b5f72f94e9813203a7f8556f75617db19b67c0ba1c2f385e5559fdf59ebeace4ef2c41f56ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6358c8890f3cc66415517935cf247023

SHA1
d23a5ebce04f2b70e392d401d25bd5f510bbfcff

SHA256
3c1e035ff57e18c206ae12e41bc0455c5c5a241502617eaa8dba04e25f0e9ca3

SHA512
c10d09241fcf0c83255394a1d2c8ae480961e16b165a60381d7af8b0f2a31462970884d78105a94588dcd06e953bc5cb469a42381f7075ce291f678ac57c3f5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4f8d458979c82a678fb930bdd099252

SHA1
3d886c5696d6e6dd8ec18ae9ba9bd7d842042769

SHA256
5fa84c4ff363885441800b33ad9b95cd254b1c9d2515251c5873c17d7bef0905

SHA512
f08b982fa61adf900bb6ee32a19261aa6c297bd0e5143b53b56870093c98a287b7951f232957d9e0158b7c96b7b1e912887eeed56bfba9431e5635b03fa31315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0de9d1f058facc82166a542401d624d0

SHA1
b731f7b5e55784fa63749b03e08bba8a16b784d6

SHA256
ed7e12d222e40ec586223a42952857a3790ee57a7ac92ba69c1b527cd123bea6

SHA512
e5eaea33a8d0401e2ec85660164ba20b0ba844cff015cbe9ec540b3f12cb5d523d95533cf6b1f5bf7a8c703691062d6865bfe704c05677ea4e79590f46ad4391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e2176252f9d9b6da5ac73355c6c874c

SHA1
01dc93802c7ec426e9e47bc2a4c4d4ac6fba267e

SHA256
4340c04994531b26d52a79aaf9a75129826584368788bea16bdac8724fde105d

SHA512
fe753b762080af090af8b1691c37498ccccf417fe648329dd462d2294d2302117baf83afce8ead47be3a3fcdad49b5cc0a08fa439cf979c72c6465a471a2d262

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20879cc4cc0020752d8e1b02dee055f9

SHA1
e6acdec6b7f79c34bb2fdae4b1ee1462432dd027

SHA256
99e4ebc0014f524226840b98bea2b0817152806f2ac24b276bbde8a1e56573c6

SHA512
532838f7fb179f769e6fe33d2c0ab5227074103f95d6558ece504520cf2585488a67576be7716db09a0fe2898d7cb829ec682263c9d03f591b8d393b29e119b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8832bc46761fe7894ad398944c14ebf6

SHA1
a361aba6aa34e9059f0f90323ca38730255bfdce

SHA256
d82568ec1ab972032d00605aa9bcacecbe4e258090375c6bd8287ee291b7e931

SHA512
d9228757c9cab538ad2c181cb892b6208258c2ceaf02ceb13ab67f5ea76de44d774b680067ce3a3dbcf553ab3426794ec0a0c997bfba2234179b28ff1d010af2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a364bedb88ad8760af798ea5353151c7

SHA1
2ef5fd841b3815591c2a11911e60846461f2e827

SHA256
add6e27977b1de0ff1c10361b79b78ce2c48b64dea1d0f5e6f41617c18c7594c

SHA512
4c07e8cc77c34e327c70eb0e589ac2997ad9217e516ee2c6513e8f8d6b8ce6a6e08d82ec48e8c07ec6d6c3cc24727ade609c2661705c5863412b724b59818e7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41f9d9e7b5ce5211026bd82c64793462

SHA1
4686530a84ed02ad71be743208ecaf55bbf9bbac

SHA256
dc5b990898ea95023bd63abbd2e4182be7664b9c85803991111cc1cf6d3934aa

SHA512
e0939283cee7763d1ec21fdba7e0ac5ec162b69aad4c6d43846ae6203e3a028ec5aed4143cefaf3c62d43f213a382eaee124cd4e6cf87bc550eeb9a0c0c6acd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3883df0d182316b3338c67b7debb633a

SHA1
be2d5746e46d1830cf90cd41818e9fda89246583

SHA256
4ee77d0ff1bfb3e69d1d7cbd31d3934c4600f4e10f888a124d6593837f4e24b4

SHA512
4343e710c4aecb05396c8f22b297c7bf3ccd22b823b20a3dffa7fc8769dcfae287c545ad275b1e0c1ccfd3083575ef284a886a125397f4b690773ffa67e50feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc8cac13fa3d80210a6588899b89a881

SHA1
17b86cc9e747c6449184460116c7504bf4767981

SHA256
677953284137339def8f91f9052fc3fae03108ec9cd90653c888c36d51fd8d06

SHA512
100580d340122a0e652902664741586042b2d7249608a12f7077dc167d97797d38c00da23ed8a92d51bcd5a7a4c7454f68a751902d2101b2274837bc1dc804f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5083c34c4c63b3e8199141a44f50e5a

SHA1
4418bd44c4ba516605d8d50a6fd357ee2632fa5c

SHA256
9dd0ca0ed1a37b23af29ca7d13b7193c7adae3a397c92a51270032c8e7b05033

SHA512
87e4f9f04915a3229c731c8252e836ca9dcf8b9e11af59edb13c432b36cf81cee13cdc8ed1833345090460ab1146ef5ebd2a37b8232d8f5c85eaaff7d039bd19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f052e63f4ea4a5084098704eb26de38

SHA1
897617eaf0543435e7a9d12b7cc5133e2628700e

SHA256
1c2af8e0089286f4b7c703e7df793b62822a55c96937c57b50140a714f828177

SHA512
c8de8fcec75a707fc80b6e33d4d97179ade46a54fe389a4d5a276be1f3d2c74b2d40b37c20a4f426f5e19d02c4c98c52b348cc48987ce46d0e19f0f8b017abee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BE5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7CD7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit