4d46fa1807291a30a5343fc4d437fbdfe98397f915b80f7afb39d1669bdd1552

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

867460a537fdf9638b9fb263049aa91c_JaffaCakes118.html
Size

146KB
MD5

867460a537fdf9638b9fb263049aa91c
SHA1

86d8acb0a4ff79dfb9a12c0d8f28148567e3ecb7
SHA256

4d46fa1807291a30a5343fc4d437fbdfe98397f915b80f7afb39d1669bdd1552
SHA512

d1dbe5a17c08ffd36eca3b5fd6a503042d2625f5c338561954c2d0caa90226fc8178604f9b9fe531c06a5414a7b30b18b472e5a39b67d8e43c83aeda30835f7e
SSDEEP

3072:GwuJGvWDUO3e+/HkBxRAT3qZ7Wqq8bdh+fcdAdpFpqrBSQlks0k1yocy0MVdD5uE:PWqq8bdh+fcdAdpFpqrBzlks0k1yocRu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10E4E0C1-1F2C-11EF-8AAC-6EAD7206CC74} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423307827"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\867460a537fdf9638b9fb263049aa91c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
984591c7c475e1fbaa38e7a1107ca546

SHA1
2f5bba5480eea8e0364cf2d2017fc21c1a121e90

SHA256
f4f6f23923a3ac14eb66148d13837d6f134d2691e2ba067aaba13a6747efce0f

SHA512
852574ed4a2bfebeb17039e59508f15dfe17a90cd73dce34b812d33b8bcd2f9e0347b0efb841e5747ecb677cef69f4106781cdf9464175f801ee533cd0a1ae69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5643E5B1AFC779877CBE317A5A99342A

Filesize
503B

MD5
f8f861518cb3febe82c071d8f97347a0

SHA1
26f28dad1a32cd60ef0fe2cf14dc2407ace5baf6

SHA256
824f1a7c345a6b2ed8c21e78f8e9a63e459a09f05f041cffbe4b7e8f41603db2

SHA512
8759e304ed33383a913fc7a09aa77079f62bcf3baa90c58600c9329f13f7d1c9289122fb1a1dd1337b4aaad3856248e4075cd99acc352b8c26a3a3eafec1149d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e0c106498faef14387a236e7336aeb5c

SHA1
11b470741ad6ea01b3ca009852a4d14251a96207

SHA256
16cd67a97f2c528804d310da5ada140dcc6aaad33525a5bfa167012a5f553be0

SHA512
54d299381312119db50aab78d71aed55a8b0756141a19e777268a4f2c1eb5ef6b6f5c6b3ae24cc98e1a332b36f477d57f4dcd837037d52dafcc7f83700e38468

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7a451a3b04673fbe6515c35157c689d4

SHA1
7d5d916cb8e863312f74dde1012d67889d86bac1

SHA256
4af1ca3520bfd713220448044ca86553b0079e6819aafd905c2939783014ff4c

SHA512
dbb6ba6ddb53f215e15780ef500c5eb3756d5bd89db2b077fb8df6870b6325884e5c519da5bf1ddffb0f129d64ff3b455de332ffa4873468def82642cb2b194c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fc9a1951542776eefa0f980f76e6abc

SHA1
31b79e83cc427b68caf799f80cb8fa9aa1500e6f

SHA256
658ca44c241f07d2fdb7149534a5e3d5d5496b693c8193afc424a1d746290fdf

SHA512
45325b6c962da9632291967e641fbd1c05c6548d5944dcb32df0821824393efb0861460c7fa45fc53b61029a9f57b7a328440aca26752cdd3c26dc703680caf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69e9cc4a4e0e51e1066ed75fbe69e6e7

SHA1
b92b65ccba7e9ec076f44a1f5f430eb963a18d9b

SHA256
751a96eb1f56a1bebbc0be36398d7cc2ee970edce93188c14ae47d3acca51d69

SHA512
338b7ca01394bb4a1ceb7f98db69dcaf856a68f91fc6683e7b0cfb9eb682a12b7d3b2c5a3ab3527b2fbc63846c3f26182dc53c67ef2bf7f9ff42da1381fdba3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc2617a78c9d91a66b022327ea2d6ade

SHA1
f9cfe2c77b990231cc7689ce581014013827aa31

SHA256
bc791a9477e35b8fe28e28101eba377589b5f12875fbc4e23fb3716819628527

SHA512
6c3578882d52d4d411dbabfd02a66b7b04b929c35f145880a33404c2d39da68e76e406417af0647c18e883569e2081c54c92d65fb7e07768304edb5b99a94091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af93e674dacdaf1522d71354af73c674

SHA1
96cf211e6751b60d7602fda704d1441c4bcbc0fd

SHA256
a856b111bc67b4f08121d535760d400e13e0c0a085180cdcfb207e488a8c3228

SHA512
a065188696c0416707117bf18732393275533815d2853cb5c05d6df9b578b1dfd348cd849fb2279ce0c2c36115bb9489008366d2d91e5e9376addf27e43bc131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5586cdc92d1db3e08f6ad7e8ebae1d6d

SHA1
8914c504cdfff83a3968e70965f62e6f22a1ebbe

SHA256
eb0554e126cd0e8ffdc2c18197cf982b91c262e587e06d6300be6fcfbc644abb

SHA512
5e252ee5e39aaadac90e04ad387a98cdc9cf7d9acaea6a8fbbbd3af62535e129923cb3bc9986106460b7023b6b4032d4a648806414e28d4049b9345fbd357988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f71ce835efba50774c6f66eaf026c696

SHA1
3c7f960173cb3e974044212c6ce6018ce8bd9a3a

SHA256
da7437322438a4eb443553120391c973dc3035202eeeba98affceb46f1273356

SHA512
137749d42f6d40a1314ce77898b889a67941c8f41328db716872916b3c76f499d385b5c84a83187a2983ba3fc539c00033091f6a54da02617b1b7333717a81f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebbee604e455e961c8705a292ba8b6dd

SHA1
649e639932ea296479cd169075bf430c24120d4c

SHA256
90f1bdecc77fbf70627940aeca70fbbc803368f050d7cb0e5ac3c251be6f25d1

SHA512
f701bd0f7014475038e0b657f855f8c8ff398563c6ff7ffba23a852cef692f2adec715372d53784b157bdc38583fb9c94b47e6d11a9ce61986af7e9c16656270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6f81d928acf5449c68a0d29c336b88a

SHA1
e5532966f5f988f4926dae76d4ab3ce52f9e1c75

SHA256
5aa1f7c341faca0c823e6aba2f8fec8f2a4b5b9ed11c49174b89bba01334e059

SHA512
b599e023db0951748c8adf34481c37ecdb3c0e98e5b15439b840afb7eeee4b9ebf471a2370b722cc5d4488690e3a23614ff764725a9de247ca4dd14e560b7619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f9c0c0df684006ee1451cfa139eae40

SHA1
8ea876e73bff68c599562fba065cc9d80aff13d5

SHA256
c68679b4c11a8758b12976a78e08c073b81892776ad2f9c5f3813e643611bc27

SHA512
fae23281e50fb31a15c92a88460009c48292976cf250e83bbe94d61982816fb729c4a1bb6c720f9ac0f581416a0e3f044c37de4c727550e4081804517275a125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6dd6be5dd7ff8b2f137e6fc1ddbd2797

SHA1
b539a9605da46923e7ddcdd59a284f98c8b72469

SHA256
03e6f7221646dfb16b6387b37104a8e0ca1cae94c0a6f051677f5e7ccac4e569

SHA512
91e2613ff9a43f5a07784860d25c51e69e2749d25ad86c251b00ab8418d9f76d316f74c3f322c356554ecea4a65393031c9f78cb021829edf68994de63ebdc13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18FD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1900.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A9B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit