f1d6e3d206389012f94e088c73f38a7a55b8bfdd7fe07aa6ac62aad279ab5687

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 16:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b0058a8450089965ef1b3989a169e6e_JaffaCakes118.html
Size

271KB
MD5

8b0058a8450089965ef1b3989a169e6e
SHA1

d8ffa83feec8ebe17717e9c536c537fe8cb76605
SHA256

f1d6e3d206389012f94e088c73f38a7a55b8bfdd7fe07aa6ac62aad279ab5687
SHA512

76286f1f0e3f5a2ec7913e33574176e73cbf25f779a10837787f223e5f7c2c819e35aea276341a5b49942cd19d2c2c150f222ce6312ec5e2b85712d21fe54bc1
SSDEEP

3072:iFLyZ5PZJNriyPGiqERtrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJz:OyPGiqEvz9VxLY7iAVLTBQJlz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423420034"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5169A0D1-2031-11EF-8951-5E4183A8FC47} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
756	iexplore.exe
756	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2336	756	iexplore.exe	28
PID 756 wrote to memory of 2336	756	iexplore.exe	28
PID 756 wrote to memory of 2336	756	iexplore.exe	28
PID 756 wrote to memory of 2336	756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b0058a8450089965ef1b3989a169e6e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
50a668e5f03d2d735ff4c1ac9024d866

SHA1
f29f7617c54a94ed3a36f242bed595f054a58627

SHA256
b97f118cf997470d02e7bfd7d809b6536c8e1ab214da73c75146859dc161adad

SHA512
d36a185f3bcacfd6edf5e76e5c87a4fcaa9d47e2531eb3c21c229049aeacfeddcf7c110ad29d5442ec361441d27ceabe3f9f7e5baa9bcc502d0e440fd33e0a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0c51a24da4deaec6312148d4c8b8f11

SHA1
af1cbe0915726fd06bae22d4b6ba7b2f319935d3

SHA256
643d1e4cc9258174d5a4e4930f977772d21ba8bd2de36e92ddce76ff4ae757f4

SHA512
fca048f8f3d859aec3e930373a0cbb58a7be102462de65147d2707eb1ae928ae9def62953372eb6fbb8bf21aff8c304650ffb5de89d6f517deb7d9fdebe5233d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5495ab95f6fa3900540383812c1f98eb

SHA1
d31f7ef4386e786026e320cd842368a4099da144

SHA256
9ba4d3a9b09bbd289b784944bf0b291c9c0e3bc3a3ce69a26467cb6aa5141be5

SHA512
9fe2acd9725ea68a160d6fcd38e4aadd78b1584ec5f2e8c66d4d80a484bafbbc7dd79513ff00e52a02d515ffcca9fc51ffe8a245e42f0fb9be008360f22cc594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f90aa0e8111b713aeff60d79db4b3f3

SHA1
b370980af631e73d5c8a5c6b38f775a378d3bf1e

SHA256
ae6d213d03321693f60594c52fba04e64077e6267496926fd8d3d33500aef754

SHA512
271d2da9037cf99cfb7962f36928c5ea64805bd0510db4c451834658e336c00de6f9d3765cc6ecc42c78bd4b29c69b7b8505bb8dc9dd22539710142fef248f14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35a26065b14d38cd22437a878a34ef98

SHA1
59fb04329ad2379f100b293938936d256944e7d3

SHA256
25c9147fb331a0ae27d6ed57c34c6fe898ed5a3348f4c132ad6aaf9897c8ac4b

SHA512
2ff7df8e8fa98e8425829c91c7b80178131a7636297e12a4db4a2082dad494d8ec79459eaf2751e0792465f4a514ed299c308198592b855e2dd68fd4452e66aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b0a9f00cc09b457dd419993f664b5cd

SHA1
60f720ba2c324ed9b6685ef010988c56d36eefd0

SHA256
90ce2a0d4d11032f9b0497e59e7e4021bce7df51fc43f3f72021cab3336c4a56

SHA512
a97b1cde1db87fdf3bb46edb00d325241fb86626e905df5e4626423af0b44305a818cad4c10c9afa4ddaf0e665b5242b24ed8d8e63ada660f4fcb39ef89aa4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61679988ac98b24ec2c7503f7860959e

SHA1
75d6604e1cf5f413d9a329fb3987c59c880e38bc

SHA256
4d7760fcc844f5deb29e25be7e865c3791dcc2aa4ff0efe2332445e8890471ab

SHA512
94a34f3d163ef8d8760abf91a929c8b5361536f77925054149367e96e1a3995181d91a37dba121d4ca9c9ba40aafaaab94fdf39d4a2edc407b61807d71d5d42d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfc4f2b6ac0e487030bce70853c2e7d9

SHA1
b38858e561875b92451d0a59914f665228b30f67

SHA256
e7e810f3cce79974f06099fdbf78461b2db547b11ad9941a46e807e570ba8c1f

SHA512
7834f9c9889cffb5fcd9704df446ea843cfa7a83c0e8da279774c8525dcfe5f1c56e4a93733586eeb161ccb02ad782fafbd0200c3fc941d76d266790870a10dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae4562c26d680b236f0caefc8217500f

SHA1
6760e9ae4dd2f5bd5d715f3b1886d15de281aeb0

SHA256
28f40f30461ac17911635a219361b5df03b545b06f674dbe7b96ad020165360d

SHA512
1a1af08bb1fa9c58170632318290efdf47ea79ca0d50fc9d1856da03d2ad1e97dbe3733aba6c45010e0758b4a95814dfbf64faf876580ff349c15e31d0490953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9c5d02508a229bc1325a7724e302cc

SHA1
dd1eb072e77e729eb0cdc3791c7f7a71e64a199a

SHA256
ba82d58de9b653d9e024bc2fcbcd4e6f9f0b51e36a4ba9a237078b769ecfe064

SHA512
3e6804bd93afb62a563b69af17449c06837444a1ae7c703a2edaa50119ec22162ab549fbd3b81f7c1ccb8dd933c4ec33f658b2adf7d3de81b4d3a190366e2f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c14c0219610c1fee3f658077661e93c4

SHA1
f63fa0ad292685b27214e6d8233e0caad5729855

SHA256
f5b40ce46b83a166eaff9b22eea0c6131643ea96082040228dd1935f8a4c3f0a

SHA512
649939bd775fbabdcf23436c2c2c7e7924259fec6361b3c87a64e9592c7d3d7a3ab34fd3e42623e36e70291d345079507914b58083d81e2cb9f93303be29db29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfd68e7030f8275c759cad637c579bdd

SHA1
2014dbd0ed290da772aca3f39a95f8439ce4a599

SHA256
9e68435f962320811eebeb04518e95b3f7f4204cfad97f7b5cfcd61bac11cc0f

SHA512
f841c7a960141e0795ad3c0a7a23439d1d08f84fba7f5561363962a451112e53420e4f4164e5e79e97d60cd25214a1b727edf68dc9abc6b6a8413a312c1dc40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
f8b502cad0f8db4cff210466e7110ff7

SHA1
b1769193cc5b3eb35c5db8168b7297a75ebbb7c4

SHA256
d5e39314b4fa2cc3ca743ebe7a79a08debac873e18ba82a4beb37599b027da3e

SHA512
3d866110f9ca5aff5141a70cef3a37d168d20ccc6bdbfb590b4aeb170d9b57c0ccbd6c52172fd476e932fff858559461c1d9ab9f65480ffac63156f8feab2fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit