a0d3ced5822842c7e3200e6f14604a1e3d551fe64a8f491e55c105d2cdea3096

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 07:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

89cf9f154518ed6ff68bd374643a1a6e_JaffaCakes118.html
Size

25KB
MD5

89cf9f154518ed6ff68bd374643a1a6e
SHA1

f08d412b0bd8f4c4d642abcdae8cf7f9563b8545
SHA256

a0d3ced5822842c7e3200e6f14604a1e3d551fe64a8f491e55c105d2cdea3096
SHA512

cd743d52f7bfc9b1ebd93bdeff4139ae8c18ba835a0f052b59b309450f12323e49199e61b48ee59f4333eb2574d81b1bed1f2111fd90eaf62bf8b15b11209e4d
SSDEEP

384:HK6Vx/GKSq1jTvyhDnuMwPAMTOnbr6OIHQIFanpRDGoO/Ezhsek9:bVxB31vvytulojoHBkPDGoO/Ezhsek9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423390518"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{991A47D1-1FEC-11EF-AE77-52E4DF8A7807} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 1592	2912	iexplore.exe	28
PID 2912 wrote to memory of 1592	2912	iexplore.exe	28
PID 2912 wrote to memory of 1592	2912	iexplore.exe	28
PID 2912 wrote to memory of 1592	2912	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89cf9f154518ed6ff68bd374643a1a6e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b2720556a3763bd71835cf806a4fa134

SHA1
d740ecf3494b30d72cbdc1b95a187dff03cb2b41

SHA256
47b88c12c1d8da2bebee18b505595520ca89c7634dfcfa4e3732c5057fed9eca

SHA512
e258aa531882803bd9917b9a8a3fe986b4af8dc0c7266adc085734f5205e5b537147b1716e4fbeafc222d3d9e22bb436206c6f24ea612782660c2c2d991ca97d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29a2ce1e9fab79e3ffc74bbaf7c6d39d

SHA1
6cdd5a9c7040bd5c3151d3ce289caa22d2efc153

SHA256
54847ec1985005f1f8ea1549dc0485aadac527f03bfe21030724db947ba7bd10

SHA512
674f269fa98a2c9b765bb545e66709222c7ee18e7a77f82b6bbbce596020ebe18cca4dd46dadecf028eac186664f3826007ae9c86976015f4cf664a6c3be2c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
033a6e0537d708ce8c77c7636f9a26e4

SHA1
c6ec1c17671cf8a98014600b5d596fd807dbfce8

SHA256
51a62490be3edbc528532456c904966d154d5f595b5687e84c58fe31d6964eb2

SHA512
05e674ec68a00edb23c8ff9883c1c03003fec36ed2c605e0eb2a1199176d2ebc7380d9254364635ee5d14a5b7c894540ea4e67a40c5dc3fd072df0ceb8708c82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
942cd32acb516ad55e36370d3a88b3a0

SHA1
79fb96f273444f537bab03a48061d711cf7449c6

SHA256
1aa71f56ae90edc756d16b15638c547c2d787ce25fa38a34e0dd83516e7cf730

SHA512
439ab9d4eae2c85f02034993e4f84bcfd3cb4bc499c12d653af0326f58b016c1dfadf80cf651518aae4376d8a085744b176215ef0d52a42e038e99b1816c59d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64af1db0597dc7921e5f56737fd33dfe

SHA1
310f44f9ca89a16aaf375b337c2c785688028790

SHA256
ef609d721977fa2594e227854d3bf533e62210e6be71c4beeaee58cdd760de35

SHA512
d00dc86e2fdd2ec79492c8198b01c2234259ec1bc238e4b8bc1b72fb514381eb2d69ada91c888b0deb72a2e82a6d5790f421bd4c7947c6bcba861777d921c9c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d905ac14b9ae8eb2c1569722b156405

SHA1
60b97b1f8c20986471bd2b81109e407385da5314

SHA256
6d1691dfa967c5992cfdeb8570fc10ddafbde4685ddbb641ee442dc2f251cd60

SHA512
40603e9775a1d0a4b2ccf905b8cb678a7645fe899a4468960bd2331ad6b65940ea45b414155cd6e240a67c983ddff78c990c2f0314810cf554260bd57eaa4ffa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e87894e1f2cd2b1bd938b4fb38cd9e7e

SHA1
dfbf4e78b16ce6994f1fd1a58a30ef650b8dbfc9

SHA256
47a1a44dd2c7d4c12658f79eb5747d8365ed186282025a46063dc1ab18d78cf9

SHA512
475fff59aec5a9916852b38aa50ad070b85e41600a80f653a64b9516878af2237ee2a0dcc675a6d824d54bbf5c464655de3c1c1584201fdf0d45584328df5e5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
471ddf8e3536dcf7886d05d641dbda31

SHA1
ace4c6b7a87262124caf9a3d99bcba649b21b145

SHA256
cd3b85bd53fbe0616e42e34fd87a5c7302163ef9c4a57c503c45a03134654c96

SHA512
4fbc8b73a91895ee88563a840466fe1177419ac80b3cd31453cb46a14be48fff5e0b0753f8d0566717c4a418dc47b01c8a569e9c9cc64dcedbe2a332b3db46df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cc5efa88796a1f7c645f0cfd28fd119

SHA1
25114cc32ee5654a5fb865e5225e2bc16889f4d8

SHA256
06f1f57b06edfceac593d2bda0feb2d6376122a280c31495f89fa5274f7447cf

SHA512
31ad111fbe5adc90467ca618c8bf55c4d6b685e2ab09ab7b28653f37d960fdcf7abb95b1ebea2c2de5abb43b39a4a1055c415493a67cd7305573d72e4360efc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82ecf17f7881e861fc477685bd6836f7

SHA1
bb9fee72b8bf1fdc1278a4ec5170f756d0be5ece

SHA256
dd08f95bbfbfd1c92c848217f25883f69f336b1514f331931c1417c83f7df426

SHA512
392ab00edd354393ac881f174cf314e73df6c32303c6eb90d85cabf09c71a9df400fcffbebd7d4f3b8ef6eca69abdea3a87c5e19a4ea0ab47de3bf348194ea10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f79650ce9f750ac459b852a833a04efe

SHA1
d30973c1ee0a4e2e4932ba6f852e124f81f1f1b7

SHA256
247b339531b0ca399c1725d96f8c778ae8e37c837a867d4edc5e597144033a87

SHA512
078a8a208e10fda379e9ae0bd39868c47b5e5551bfde745e7df331097838b214142aa5fc1c043d31b677357ade8cf56e3f8fae45fca9c6fc41232ec182866d38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61d9dd29ce848314779e946744060eb5

SHA1
c512cb8766a7b7bbaa2a8dc80468920bd04b8b72

SHA256
63529368af67ebe0add485ccd160d2b444263f11cdc0047263053fd9d0769fac

SHA512
8eb2631b6488adbd3e89abc1256880b40e13fe07afa9268a2c2f06cd18df259867b2c0bc4710eb59ef04a6d2db3e28f880e959b3575ad1f062028cbcd275bea8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86a3845a2b2093d4010f7108870d0e53

SHA1
b976557ba8fb1273bdc86d3ead3260fbc36c159e

SHA256
254363a4fd02e4875c137e5bcadd71a2735b7c9bcc12e865d14f9d9019c067be

SHA512
6b94a6beded3343fd37e61849f803c9a91e7c75930dc8173f263edf687b2dcf6e26d868e2b120f7ab9a8168616ab0c665b1dfa7229d3bcdce3bda7020a64fabc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3d49f5740b73de24bb9f1c2baea7c66

SHA1
859aa5be0139f02832cc112caa2a4ab230339cc5

SHA256
33477768e31ae04ef3c1a85f94485c4e050f0106ccbade64f37c60c4dfc08321

SHA512
fd3864fdaf707ce1885c806899941138759c5374c3f3abe088168eb6ef29942560f834dd6c4cb4b235c792e56c0b8a3914dac795301b70ca65c52e5080f78c66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0a7d1622ce76caf1b7df4306c446481f

SHA1
cced55e24bf649274941a6b94569c0c620f1c9cf

SHA256
3b6aa98b7511f00d8f45b6cd5bd4c9f1d12a0c94f4513d47624f4c4dd437eb40

SHA512
d8ddad7e081da39ba53447ed60e88e2bdecc818fd29ae18720adcbb29ca0c01c9d7e05e8353a9defa970a7af320dc0a54c22ac11c2dbf2fade0b8732ae475ce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C86.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D18.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C8B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D2D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit