b5a8ee89ae81151fa6e2d8b3246c10fb7069d35c0b621f2374bf6c410cc739ed

Analysis

max time kernel
131s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

878440b71c3151557ea5eeaa572d9aae_JaffaCakes118.html
Size

26KB
MD5

878440b71c3151557ea5eeaa572d9aae
SHA1

607f12a5d25bd801942e54336d3684413ca4cafe
SHA256

b5a8ee89ae81151fa6e2d8b3246c10fb7069d35c0b621f2374bf6c410cc739ed
SHA512

c48f9b8ed4e3e345fa1dd6a449433cb1f1af20f0d9a86b3d7e05c52b622e1c1156cae4ba4e085ad08ba30c8f5dfe7b00d6a986a65d743cc9e81f9d2927336e83
SSDEEP

384:fdk1lu7/0/ejgJByO/w8LWq9QgoPK44u+xRmO9NQpkOR9gGX:kluz02sGUwn577pV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332008"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5DE5A341-1F64-11EF-85B1-6A83D32C515E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2728	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2728	iexplore.exe
2728	iexplore.exe
1216	IEXPLORE.EXE
1216	IEXPLORE.EXE
1216	IEXPLORE.EXE
1216	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 1216	2728	iexplore.exe	28
PID 2728 wrote to memory of 1216	2728	iexplore.exe	28
PID 2728 wrote to memory of 1216	2728	iexplore.exe	28
PID 2728 wrote to memory of 1216	2728	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\878440b71c3151557ea5eeaa572d9aae_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c651f238c4cdba2371e6763f8c20bab0

SHA1
de8061a615c84a9308d2f0b4b239c8e15e6acc6d

SHA256
3e09f665f234abe1d2d085882e6625ee10c5151e4f6824998d8b4620cb57c277

SHA512
059a00146ad5774275ab2a856c2a8d9347bc43cd7bff2636afbe10b421c88fdc713c53d7c6d602fbe144f092b515dd0c3144d82aea58a81af1a7da26de187b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca1040183584e932277ba480fc19ac1b

SHA1
ffaaa65f1c45110edd42d12afdfa556ac6175399

SHA256
11184abbf5a9d53598266592df9f5710864ebf39de79018e103a9fef35308ac6

SHA512
0d42fc68a288b9b0b058fb70df55b457b2a49513c8017867dd388a51e9bb33967f06a17adc88e9530e51e017f608ca0f8cdd90e14e30b7c0fe91830543e4f153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cea311ce8c16369894318b63487a653

SHA1
daa249b3349b62332d51a3cb481299b3baceb691

SHA256
5c178798747f2867c00980fbf7ba0576b58f07780cf22f15f5341d2781063506

SHA512
4621e69e6e98aceb9c5e6825b2350cfdc3050cffb0691b1e341e08432a7123559f5d7d86b35348b722fd776574a1a72354dd880fdedaddd16097b75555003f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e14049e2697c08a79ef639e7a6b7c59c

SHA1
bbcaa630c7ab1b216bb316f1c18824c0106c2b44

SHA256
28d1e75caf99df8ff6dda106649b59a7cd6ba32dda18dc3f4ec6153a7456d4b9

SHA512
f6e0ff1227d134cd173a5dae1f918bdd8db843b377ae0bb39ab3978efa56e6ee96b0af6df6078d24d53c2d54eec739e2a0b97d93cd19e9a61ddcfc1878293213

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d82c114b9c9eace2ace7df4fd77a1a8a

SHA1
ab0164b68f4ea21e3efa17ab5f6777d0e65cc243

SHA256
96a9ac28481d2a4f274f4502e87ef91e1977fa3fc7f26558b5ed99c0cc9c2a78

SHA512
09821ee58c98554ba9b31b34b5520916f37662d62cd6f1a36e91c72851be20156876b889e4df23f5c3519f81658a121337e9a8957829dfaa47c0ad0494a052d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6aca027bdcee81051b240cd7a8dda600

SHA1
27c13d2b316c1ca596c633889620238e4247213d

SHA256
88ea2655a735f4178ae5cf2ceceb393dbf063c645e9e5193d7949b7833573b89

SHA512
c09784278951d05f0a25076896975bdc8fde7c052689702af031324127f3fcfe86f571651c88036365dac78a30829f1be1edcb1bf8dbf8ad5429ccdf398ab15b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
561970b7c623027554d72e4d14a62367

SHA1
3d1e8f172db8f3c40c0eb867c597b805225cdbf7

SHA256
1170af0dbefcf0f0a16e895e3a7d0b9f864959170a933857dc949c0be125c6c1

SHA512
4953550568079782681a67fdda3de43d80699af645d1bd9fca2ba2128686b2421ed9fdc68ea1c209c865873b0ca56c9c4a5af7b0f265878b01251bf2cb4e5e75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
458671bc6a7d89c3c3602c9cb27ed93f

SHA1
080a3ba901ea3abd0f01c32166dbfe6c95cf1388

SHA256
cd0e8c1f4471bb0538761e7afb8d701b255f03a360f7f2f0cf84b2485a9b0174

SHA512
7e82d43769c9c3fbf4ec95f47010161b71ee2ab57a724151c698c0f7b6b5677c744fcd72c02d41a40a0d54edea092c17f02d570a11c6357236ef094a726bbd19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71866d4ffdde3d977a01b5d423fcfb20

SHA1
77aa9a89f4ac2f3c1e04febec1fe1909224cb9b8

SHA256
e8c7147f9fd0d2318b3365de6778c65325b59ea739e0d728accc1eeaf3dfa325

SHA512
6ad885d565c652b4299008ae4e5d046fd8b3590f0ad2729b2ac3b397c69bb36b497bf2677a289d751bc86d41be571af9d6abc799d2e04e12e920ac20442f7162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2683cad01f87f6f94272c19819d5cc02

SHA1
ab901706d90f5ed06165d27f328f07dcda410ba0

SHA256
4c505313b96f5a1ab948be2f173cf45e05371c5b0ed7408141a625e39116d20c

SHA512
90d4b700b60d37d24cf9dd06e364bcfd76a25920212c43b8d7c327d53f583241644da3f7ef86d6971202c014a82874b1f0e8a295588f0da28c3c11f2fd4db8e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b5c8603c0d480d46b5e9693e5353db4

SHA1
9f04f39e90965d59111d77101d3755aa2c11a2b2

SHA256
2231a12a5221b002e898860e0697821ef0d11524b70bf1f55f575185c10d6fa6

SHA512
23051bad55a5e8f49fa4d5945832475a1a12295828875fc060ecca6ca95b75b552aefcefb8fa145ffe9fe9819d7779936d22718bc93e755149378d09dbfe832e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f83a2dd4802986635fc4efde6d2819c

SHA1
dcd67f351452b48a395ed5c429e660914471d22a

SHA256
b1a69561e97eea9b9b7812c13eaa061401dc8a87aeab548889794f0ecd0e456a

SHA512
0e3edde15e2e342e3fb042145c6b952628bd81189514d22244536dda67ead7768b9e8244b2264e133a04150c4674889ca9368f6a847da568622e45420f522bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
471c4ed050b6825218209bc389ead46a

SHA1
165df1f7fe00adb2d4040542e2d7d0237488f4d0

SHA256
995f8015e21e2589724a42f2b1da82112ae8c2c242a184796a89f95e7f39ed6e

SHA512
0ff6331dc77a12752759092e1200e55591e2fef873c93bfc8744b78cfb4ecfa6cffa602072d820affb33b4e5ea790a7e44bace35f1140bb22651c44ea1f6ef52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8ca6ff2912704c901e9b2ed22dd6a57

SHA1
7017bca6767f43e598af52f0ca6de2ce58a88b42

SHA256
a90cbccbfc1d289db7d118a6238b71c167fc3e803c1761b60d66dfca6cadac08

SHA512
b59508917462a9ae9c2cd8f080d8b9c4f0e8d8fc00673c9e55c6138c82773cd865043cf33baebbf288d1df61c8c0124419da10dd55dafdc28ace5f471b0cdd4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1c93d25bf4d1a1e1775e45ea31116f0

SHA1
9da867564c496c7f099093b7e2869d828b4af3f7

SHA256
c09a639d43084d91826e807bb7dd59be1b9e740052a27cadb0d9051f50d6f882

SHA512
bfa004bd2b2685c2bb879fbb8952d0118606a259f99a1976d5990164c0c3d153792138c89d8a3cc8b4f053693e76325559d2935192d6fe21e56c716590bed0b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8e56c2f1fcb35c9d54bb026ee11befc

SHA1
52e9d6134e2eacbd62623f476f11c6d48e4ceb3e

SHA256
4534476ecc295db830fe23ef3a0b2e69938759fb451f309d0065cc3b658e9a88

SHA512
3625e5919effd35cfe86fe215d2bd481bfa457e8dbab43b48e88a1b68e9dc5e61d558506844076a6d27f90f0242eeb53849f858d7164f2e30de4a92365181f76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6123b4e194562cf4ba3b4c396ff778df

SHA1
898a289588d0c80831d13593726b132630e66129

SHA256
3301e2af962000cc14253a61098ddaaadff7a6915981ba90e8ef93803c479f5f

SHA512
ff6b96589863cc4af2fb7825ce4ea6c69fee1d3142fd15ce0008d6b75b437ad0948fda405e36630b53e28a6a80a0a67500b921a37d5e6fa5e1104a983e2c46e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa7a03c6527fb3e1b8befd10f373085e

SHA1
6a67ad4c106ec746557ab9d3a850ab615586764d

SHA256
a886aeb21b8817e57887240ae6acc5c36f52fcab2e78458fb9c0a3aebf20a070

SHA512
c7980bf153a6ade6a7d41f3ab1796a0066dfd83d71e699c31ceb088517bce66c205805ac6777a74550927ee17c0e65b47d40d02f555e22d8fa80ab40d809ddb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f195d5747fc100930de175aed34761a7

SHA1
965c95421648a5bce98c623b487f365750f657b1

SHA256
0848813d0baa4d6c971c64714d65b66e974293b2d5d328d187568bc72200517a

SHA512
1cbe685d506e84d93ed90d449ce5067bd1d9e4d3b1999e184bd24e8684bc8d0b41fc66832ada8c0deba430a9fda5a22d16571853a012e6430887103eb5c9e9d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DB7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E98.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit