b6ebca2ce9fbf73653448ee3abb0cc6eb5de0e50362da161a8b6f4e457783a0a

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bd794dc26ac4d699c687901dcb1d275_JaffaCakes118.html
Size

18KB
MD5

8bd794dc26ac4d699c687901dcb1d275
SHA1

7652d003b75c0c18862d9816a0201ec62b227e99
SHA256

b6ebca2ce9fbf73653448ee3abb0cc6eb5de0e50362da161a8b6f4e457783a0a
SHA512

cc1232f83eaf707add3c6cede0a24257b6a7b912e3171f50f632bd564f984f85176669a798a2fc3f93f979e84fc38bdb12b9ce4c1bbe2aba2ede09bf8a988276
SSDEEP

384:1r6FUAKLlq2CtrGmAF0/eB86hY4OxbgyGcxy/B2A1XI+YRUXmFKZSaEUU:giAUk2Ctr9AF02vEGcxy/B2A1XI+YRUW

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423439058"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D2F8FD1-205D-11EF-ACD5-DECBF2EBC4E5} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1720	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1720	iexplore.exe
1720	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 3056	1720	iexplore.exe	28
PID 1720 wrote to memory of 3056	1720	iexplore.exe	28
PID 1720 wrote to memory of 3056	1720	iexplore.exe	28
PID 1720 wrote to memory of 3056	1720	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8bd794dc26ac4d699c687901dcb1d275_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f77860c4be11e48e06ff1ff345040a0

SHA1
00132788f53443fea47efcced5a8de919a636ce9

SHA256
bdd545d1d02eca15d24e9623fc70e6a0818966f4b1bc76e1a1c6b9f9d0e822b6

SHA512
79942b8d77263d33f804556d4ab364bbfcdb51877e2e55817792ea1be26ae504c7bdf54eaffa488d3fea4fd130dc5a4d2038928a72fea0f3def79784246d2b77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08452564143c5cd95dd034be5170100e

SHA1
370ec1d9770ea45e1f833ac70b0f37b4b52f277f

SHA256
32ac04e29a5438e435e30b33c8e37949818ab12f74494f73b8dd4508d5bbd9f7

SHA512
0d10c947511b56d6c6a0d39464a33467f7e559de28af03725b7ccf2645ff7c0b2e6738ab92f262a0f89fa6ac2fb265859303ddb37ab206484fff77b56d54da64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08e0ccf434c1989a036fb8a334631644

SHA1
fea1d75c738f7ef1ed3ee5cdf992cf1bde84c5e1

SHA256
0dbd80bb1465c7f6d6267bf2fd591052b26d4cac60bbb4411e023efdf69b093a

SHA512
e679ded92765eb64a3b312296badedd25cec3eba9451843177fbb808f6f4d2947f15cb826f866ac2d7cff5dd6063ab8ae956ae1995a404d2431a1d05f8737a64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68c6aee6b020f3ab8bcc20bdf424ea14

SHA1
f7f9372e71a3470f2a0f0cc13a49a79449730ef0

SHA256
2f706ec71686ef056be83ee634a7f8c0eabc401d86441c9de2ac3c75c99614b0

SHA512
86675075f97a7aa40fd275ed6dc3bb475728e87d8a14953937cf271094252a2e3c50ba391ae6e8cc9ea54e1fbfb28e45f49309a5f40e08a5faf20ee43d5244de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd61b49c8dff8e1c9b6d11d581b74f22

SHA1
cbce7f01962fe26e63a1721b26f9ebf38ce87b6f

SHA256
80a3bac4704e7dae05af38d01cbe3d45c5ee68809244605ea37a4753a9f3266e

SHA512
982eaf197cc21696c4ff7dd4b12ab396264d349efc424746b0b17bb00261309025c7603df4352c1ce0d1f22311424ff13877bd706a11a41b1b0e5a894004082a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d23f9b12326c7d908870ea415cc0d46

SHA1
aa7b6e8b0b3d1064bb69344583eaf1dc6acea2e7

SHA256
2effae20e0b950e9bb7d0a1514ab8cdcf57a8c103ce44c96c90577be856518e5

SHA512
3756e428db1ce10307fdfa334fcc49cda772b83b401cc8be84ea66ea30c2c471fff1babc278156ce160aff402be3a1ce32916eaf41d9c817f02e99c736f7436a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76ea0b005919d8e2cf3912d16d2bb36b

SHA1
9a941f510acb9c3342fcfe4b094d4a9b6b036f9e

SHA256
8b7a8b66c1d9d0ee4a3f36a0ba8361b51144663104918379ccdf1e069961bccb

SHA512
6055546f407a4ea7a0502d53f74d31611551e4ca2cca81328e144995cb66eb6b52b39fb9d04b119a50b8d79ecf7dc05afe518b8c6e425595be179d62391a052c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcd170bfd3027960198cd9c1d0d35747

SHA1
a4c26091c37e723410e50d8ad7d6b90dcc72ba60

SHA256
c5f3dcd4f3945639b8710c615d5fae6258bd9c61d2dd32414a7d48908977ab61

SHA512
fb4226ece3c22bb243fecd71d4ab3ed7313d560989d966f3c4597ff3c5ce527760887d4f38b1f7757e4f5a59a694e8bb1b0f437443c089d42f02bed751b27928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
985a807f1baa7d321ddaae2f5bea6e07

SHA1
2ac4bfc3c0bb9fc2efaa4a4a37a7740892a5d078

SHA256
e2186a278bb6eb9a1c548eb7bffe3c817510adb38633192fb68ce37c602bf0b9

SHA512
2793c1be0af47622efdb356428234e6003833668424005f3c76422e817994282ab367bf371d2b60b848ffb95884e03585424fcd04ff285b4d24ef65b4ee4c21a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
204fdf47acff5ccbca4503ab68220bd8

SHA1
434e776b4954332388298f4a253dc871c929d222

SHA256
b236c4cb6d4c1235ba35f4a91cc34ad0a8ac63d34da4cd0e035fea11ced6b75d

SHA512
d420b56f3298ea188e4e8e3f422ffa869a40d6edfac05b12c6ec4f5e469b2b0e48a7a252bd454657a9241a0cc0434695035c1064e6f9862318aa988b2c45ea3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20ffda2c48eab4b22aab40c98cbd7567

SHA1
7be8cbda269430f393add3d1b847ca61d303c768

SHA256
09bf6e1bad02ecbb18063a73409c50d746230f353ae999e11d85222120319ca5

SHA512
0b8b0c1289544111988b2c789492793b8c93ae0c3349d4bc2290b30ecd8a71c6bf9948a6498fe3dedebde10ab636d32a0961bbcf45dac4f3a731d2dd8dd8051a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
548aa78d966589a519a1c3ba870086dd

SHA1
be471eda77f045b9115e7f71760a89f2d6bf31c3

SHA256
7840c7380ffb8245b269630445fc7ba21eadb5adf4847b9d4be0f5f822364b93

SHA512
bd4590e4f7abea629225a6c6d149da8f0667951ad1b89e076727d8f603177b6b5e1931d5f4e664004bbb447201e41557e4b74b419f59772bca761a4ece775b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78e6bbb87864645f9c20acab8002d697

SHA1
76f43ef450daf92158085387aa91bb3319c76def

SHA256
191ed6f994d71e842b1385646f2e1d49614509ad78a52fff7745fc7012fdbf8c

SHA512
bacd4184f817fadba6b7c49536c20446d8f69884b3897d74116db404eb2ab6bc346a9e60a5fbd3d6625b58f081d8c9f87d77adbadeb38222216f7af305bd60e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94f3e8e5d2f9bb3714bad8a774c2c788

SHA1
11e449e2e2e1879bedb260d247401406493f1335

SHA256
2b9190edc0ca8d4321651eb63290cf8904dbffac08fd442afcff16ca48f2d4cd

SHA512
620b716350271234eabc6e148d6c104e603d04e85f997a149fe17b72d38dbf98fe87bff2af1a60d985ab47df58b05c14e6e0bcfb432030aa89e0eaafa2d3f314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a62c79401c71c7e83c47625cc67b4bb6

SHA1
3d1d59fcc8743a569881625f4c997f369c9ebb6e

SHA256
b2b20360154cbc038c96e447e79a3207f1027bf9bf61cb93ff6b1e02e86ffce4

SHA512
019e3015af9aad28031bda9d581ed10cbe3d26b226f019b2e15610e896ceca8673252bd09cc50dcedfd8513d97c1e13a90d7e8043c2e85972c58d6580f6a4fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
825442f6cff20e38f1c6738b8e1ed450

SHA1
a88cf6fe8037907ec0fc35461012d8925886c08a

SHA256
0cd60c4099154f8b095e64a9d9b5698263952aca50a59157aa18ca08cc15ec5d

SHA512
48d0a9d62a475a096c7b9ab127f6df7ed11f8d8c7c582d62c3d06bc1f163870579b25aff741b577dcf79f6a6d4f35ac885ab79c53f37b7f6e7e987a43974c9b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f4689b451d8541e6472cd0d6f543958

SHA1
fd435796e23aa25f158cba41f09cf3efd6fc0f7c

SHA256
7b69bd93eae0ad3fd1a81549214a7861c96a73612d028123721e4485a8eb8a8a

SHA512
9f2cc978f2e40ac2ae424954573305cb598c8bc1b79d168a5b75bd5ccea431c882fd768ec2144730bb2a2e4c07d5748eacd8c23775cdaf39e701e433941e76fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0755f4daa5d33b79376ffadf35d22ceb

SHA1
9d8037ca5a022afb4317fbd0df25a1c4c54defab

SHA256
f21052af5e72c80120d8b7d67104ec30745c5b4a6cc81c949f3d67c2e3db8356

SHA512
a6d97585388ec5292fdbab6741366eb7c32d4756404590fbcab40cc0b6164cb631d58b1e4a0789f316896d27c37455cbae307a60f6c2a10a5beb54ef6c256109

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1602.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1686.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit