f7c44d07bef7eb244d82f3c1894fe419cfe6275de8419b5dd6675aa9824de4d1

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c1c0a04102172514239225bd23f43f2_JaffaCakes118.html
Size

19KB
MD5

8c1c0a04102172514239225bd23f43f2
SHA1

5e8dbe5b42b454558197faa0ae352841196f6b8b
SHA256

f7c44d07bef7eb244d82f3c1894fe419cfe6275de8419b5dd6675aa9824de4d1
SHA512

84a938031ef05658a782a788e83db8c0fa376ad8d67d128059fd66262a94412fa98eabe08c057837c0220affee05fc8217279f4aaeb09e1d9331db8490e32f10
SSDEEP

192:uwf3b5nDxnQjxn5Q/qnQieBNnNnQOkEntagnQTbnBnQmSgHMBhqnYnQ5QNnlnQVs:8Q/uqqNXS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C1B5F61-206C-11EF-AA09-E6B549E8BD88} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423445258"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1896	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1896	iexplore.exe
1896	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 3056	1896	iexplore.exe	28
PID 1896 wrote to memory of 3056	1896	iexplore.exe	28
PID 1896 wrote to memory of 3056	1896	iexplore.exe	28
PID 1896 wrote to memory of 3056	1896	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c1c0a04102172514239225bd23f43f2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ea4ac241fabe9dadacc99eb15470f791

SHA1
c86c0e7f7e2c3ce065d3e672b9904326ba38110a

SHA256
a21228eba35702efe68c777a0e1c5941fa1aed9085665f6911cf9633e59e6078

SHA512
752134a0799f54d59004093e3df6bff35c68451659da84969477b8ce6c80d6aed4a5a2d378b2a532022da2d179ad931b2c198bf64202bcbafd5decc005c963be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
396d06ac5cb7ec9e6ddc27fe003e2523

SHA1
a4609a21647e0887fe0445e49466a0757b0b3da6

SHA256
6fb8006f6b9db8e0db5e9dbd18c325c043c8d34a4ad253f319a7267cc4df1bc3

SHA512
29bd43b5872c6d538bb229d67b11a10e2e1e070e6a445c2b022e0e565f784c1c49ab6305e81e66db2320770b5d11662fae7b7b7dafbd480bf76588de3c3d0c3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce4869f1b659dc1cf4cce40bf2a1d4e3

SHA1
e3d11241ee58465a6b46686ba33404710b99832f

SHA256
2c824bbf6e82177d60f08b777281617891a63b64a17a57642b6769bf85ccb2ef

SHA512
d9a23dd4ddaeed702b11a1c564309d60093095f3a9cac0fc42efaab784485b8c3629d5122fb771242ae15c822de26ebe3817810c64bc0388af387ce5400d136a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d171cfa646fd0e2e7f45c3ea7a53676

SHA1
7f14b3187d22813408a14554a5fedc3b007a1490

SHA256
6be6c6e889b938e878c01bd50ec27be2dfbc648dd4fbf7fa4a0f4eb58e74de03

SHA512
2494b63e72e456b5a81379cbd0e7cd1de1ab1f6a5dc8a33808ea011fc7906dd737f67ab555a341013e88a0b0e4a6c223cee6a22d15e1c8b6c5b8c52becedc865

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
173ed42b9b79613ec94165d697badbf2

SHA1
6e6770a5d94fab423e386dd38864117fc693f77e

SHA256
862406559243e120873ee805ec2cbd4b381dff7f4c85727cdc685f406cc6838e

SHA512
431d68f9f0203582ee97242abc7e94aaa1f752fe96ac3f8c9e9a7c81948325624a2029190463c0de50764c2e7d6210925e5a0124af86f25a599e0c7a330aec1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57066283cc1e17d86d6b0de19511bb9c

SHA1
681708d21c958fa0d6d31028c6c68b8f1e296ddc

SHA256
3e90ad2d565d530f119f6b07139606db8ea92369c9384f4cb7f884d89baf04e4

SHA512
baa48b863fc65d0add2180cfbf00aaa72e6190da6e93e7012988294fb3e8635abdc95a911979ad04a6d5baa5d4eadaec482b99a783acd6ae64ff5c641ebe26b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79718eccb902972881a8f0c633a3af98

SHA1
d2a4a7e3e284a384a1bd6934b46dbe9e49bdb4a5

SHA256
98037591f0ee67315a5c2ebca0cd17bc33abde878e1d0073019be238f5c0aed2

SHA512
51945a7573124c8760d0525b09750e85e8ccd95eb0f95a935a5ec38348cf636b6c8398ebc42996ebf50eb49c10bb803469f2536442940739da5450977a9af1e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
353f6851e78aba663b1924428570bdc4

SHA1
aeec46d33dddbc8931be414813f0ebe74b9a526a

SHA256
aac9c087b2d93e9ebba6b788c406b0c5368292f4dbd2ec60fb30c93df46f9c02

SHA512
858658f47308595d88cd0548b72891a10c68c20f6fd75836247466f949e7079f6509943b82ffec915896364c3d99211a0cef46290cf94fa2b9dd3cad0054bb25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd539c3ed0a6ec1336397ee6e3d01ca0

SHA1
8f5af667d5c54be65158666831980aadb20cae09

SHA256
cdbbab415444860a6100aa39f288d55c794821fd7bf82448d9d279925c13e718

SHA512
87bc942a244095d2d54399f06b390bf31df9691fcae5b2dd12d4adfff0020c5716bdc7040bbcf24d8ac7fe9df909570d387915e81549e20cf3ed5f45250fcd89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c31372487a8b013eab38096cc1002c80

SHA1
868c9e365fa4c8595353536c93f87fd0692d4cdf

SHA256
f8144eaa8b4ab3e7b692dcc66d8af7c2f39f25e704537433c55b3d71049123a7

SHA512
b4ea2ad1277a052dad54e57b77229e29b3a5b19c7b11386f212fea1520bfb8f4e1d9fe93d18ae46e37d514fdc96f24a3e4521b4534009ac625537c0fb660a1af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
574d0c2dcfb6aa0e94b53a34981b1672

SHA1
4f72c8b52eb11c787a6ec37a23c0cbc9f726d1a4

SHA256
c4748c3a982980b3930c3747a20b25981f9ea057d17a53e735520cf5762673ca

SHA512
cfefc9a2aa6abc7d3d1298d165ead50746fa0604f487541d881d026954cecfe8adede464008f97b78f3239bd0fd037d7ec977b02ba893184b05e774ba938addd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
db157903284c1883b1dee4387c5ab319

SHA1
8ce52faa0193c1718bafa331146f559e97234394

SHA256
58c8762ab2b39c285b24ef11196f78aaf9a92fca515388bfa928375206245e9a

SHA512
782427e9e0a8d1a107b8c89e31f7b7d244dac43cd0f6895c2087668a015f400912ff3949b81ab9a180ea460a50932d3dfdad79ab2c5c9291bab0ffbd5e40cd4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar69B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit