d00869501eb1e14fec12212854c230178579a5becc5c638e037a257d381a3de9

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b84689337c7b1c59370580c75687507_JaffaCakes118.html
Size

220KB
MD5

8b84689337c7b1c59370580c75687507
SHA1

54b1d6f84ae68c39db1d984e0d011839d49cddc9
SHA256

d00869501eb1e14fec12212854c230178579a5becc5c638e037a257d381a3de9
SHA512

02e151326e8567f66b017ae85f2550eec5b160887c805b9734473b922281abc6dc51d95292cc58fe93ba4b2a47095c51de343a87f674808311ee42caa7aba7c9
SSDEEP

3072:SpfuLo33ajrC4USyfkMY+BES09JXAnyrZalI+YQ:Sp+OoXSsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31E75EC1-204D-11EF-995F-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423432007"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2952	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2952	iexplore.exe
2952	iexplore.exe
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 1376	2952	iexplore.exe	28
PID 2952 wrote to memory of 1376	2952	iexplore.exe	28
PID 2952 wrote to memory of 1376	2952	iexplore.exe	28
PID 2952 wrote to memory of 1376	2952	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b84689337c7b1c59370580c75687507_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9b5beb678287dd74f3ba8b3bbf022f3

SHA1
80ef83718ba2fda9784c27e8844b6a7b240f5b5c

SHA256
23c9d2174dac47d88acf21374ae2e189824e6db3d94d49aed96626cada05688c

SHA512
144591bc7a494436731c9146f74c985d0e1ac753d4e16d8f9f9e12ec659948740c8437562bdf62d70871f0937789bbb26c06a27e21cc624f25465b06dc2c46f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f142e294200c59b64b2d81381b82ea94

SHA1
b12c4fbdde12d0535496a72fa1087b4566fbbd8a

SHA256
fa4b0f8a8bca6a33e4635ad726917bbacb9490ef63e914c21bc7a5721a9ec9b7

SHA512
fa77a19e68c4b84c0341aa64d14c00c58e1ff834a50ec8ca5ae236870a5dbc8fdd965656aaada1f21eb866fde03f9d7cfa949a97f1da2cf204b7597b9a7200b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4540e429d697d1c51dba7fdad1c6e800

SHA1
0a41027c37eaa590ff78122cc237167ed09cc78c

SHA256
621db3fda28a99079605b9f7a306888e3e310da6edef885936d555d9d3fba39f

SHA512
301a54f32ffc68979a5cb413d2215c97fc8b06e8a2e2359b04a29d45cf14efdeb9945baca937832977074678ff8f95653c7b96abd8f0dd2f0364402e3e357a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b4dd3f2af15aa9b575769b79d98eb49

SHA1
c5609ef90e072d681da30d4017e3a254bd1e15d5

SHA256
e350989fbcc270ea0875cf13af6f170c3e32cd408fa9440964cdd687b4170ba1

SHA512
c6bd5df358586cdeb270db7eec7d7420e7df4d175946cdcd60ebab8ffe5882f51c063c10948b27ba022784e8c30b45d07b074509a867bd2415a2c0015e4d27c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc41146dad093d13998bcda2f64272f8

SHA1
27d7841169ee7dfc4ec1b68a63f01face8ca214c

SHA256
1fc5e69cae039b95c8e5dae6caed7a6cea07d2a2b506088208325a145105f1ca

SHA512
7705b7b81655277138ce267b961bdd773b02738963ab1ab57aae4ebdec8b4bf09a8de2534c1235a517415cdf5111d20f9fcb3f553f44016601642f5e72a050d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cc0d05cf2f3cda78b9dff7d30e481bc

SHA1
039cae50c7717d76a397d2a548b2fc86c8eebbc1

SHA256
5c9cb1268fe2f53b62c1a512657d331d7f699eb20e30717970287031b53c761e

SHA512
9e01358dc735f6895033408bc79746645d1a3521e5f2de9167d4dc5c093e19370d13e332449f0e34ae87f9d4cd4e7ee723dc17c77aab1fee5c9625e3bbc91a34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70a9629f4c278703aff2884a45869fc7

SHA1
527964003d821745778d64df65db7993ce3aa7a3

SHA256
860c9ed1e099409263f8bee461078e21c1ab7a2edd8a33e6d6c34bbadadd1e5d

SHA512
b6f02e1c1401d0dc7c44ea694f79bb5f627c76bb13338a3b6bbe48981c09bb65f5aa46357f0af42778e4d33ea7b80628e37ce947a8e557e0d166eaa481cd7b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1077148951fc0ec99a9f3d4071c03744

SHA1
3f29aeb7fc1873b505115afd1345415476121047

SHA256
400a0c6ac37cae9879b99b812e5a04d6d76497b5768d2c14bd7e1dd6de3d7a31

SHA512
686579b9f1e2661adfe6ce9b606e6ec7c91f0b3fa2a541a80f45a51b5965dcee28c8eaf168edfd4094212f45ef00e5ced6059a03970588375f743b31558ff7a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cf8ec6ede07e55b6e2c4c539dc86b18

SHA1
8df9a2485f80452e45c4dc091a8f1d95b01f1dc1

SHA256
a60e056951935d72840126052968e2eeca48a4e17e1cb608c075c8829c0fdd2a

SHA512
8c97f2071adc0aa6b3665aa6ae80e449e71bbd2e864296299e61a1d368b72c8844abb4cc4970e9d8951704693653744bfdd1ac024eb89e3e4aaac1ca9e14bdd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1ddd205b6bae78bba05f8d66d14e087

SHA1
7defc12e72527dcad574487dd18d9a54bdf524cb

SHA256
72b4232ee63dc4e7cc488831be0c8c563013619017a0935b44fa40657c107525

SHA512
64deecfacfea633de677aadb49f4af6b88974b835394de824b292aca4f48f1afc2a64b04fed4cd0f175e81b22c3858e0e389f11aa5ac9d78561c0dd96bab5185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78d1da64a4921643f8c65f63310fb72d

SHA1
9fbc751bdf0e1021efcbb0c417251a8b15f61d95

SHA256
522572a67209ce97bb2f4759cb0d7b2b93cbe887707ebe319779d6b0da77e1d8

SHA512
daf047078e15572682e7badcd72bd285b0c2d007965cf2b776a50070e5066c4310009560b784bec3fb799957c9a494d62c98d964ab52e98271ba117ed9e66cf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
463c60fe94c3e61777bb3b1e184b3d64

SHA1
efe799dd46704f3111c48f8d393deb2b1006cb4f

SHA256
c7573acd3c13050f17c65d6841c30c9e1f350a324f866d6d8aaf459f6063e130

SHA512
2a1b13812c0dfc3e50f4535fc62a69765b7a1b3ca55954d3670053b6300ff3b66278c230db326bd95e5228e1b82a94624091929432d808c63922d285c007777c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36d49680a88eb80af6b8cbce38f423c9

SHA1
1b411d11dcfd4855d3852e23ecae900c654ce683

SHA256
d00b03df1886d0099d557417c9e32a647d8f9b8fd3e51079ee12ac89ed3c4cd7

SHA512
9d027ef27bb5a3df736f8183394a138ccb9b8630517a0e2b28be00d094d3d47ab0dacde4fa55ce9a615a0fc2c6d894a3885d1f437cacd481a0a64f4d0913b5ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbcc13f378af969e725d00b41c0b337d

SHA1
e684c847269bb497ccd456fc5f6de2fe797418c5

SHA256
8c48186a75758095608bd925c9b019bcc20d05d738ef7344cba00d328e2d1348

SHA512
07797e84396e2903158c23ca1d5d28416bd655c672aff42e419401c4d1e5958222e5f81e45aefe77a2f7d18c68796ecff0d83e663fba21b33f6e4f610e723891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03a6f323016433d142fc46a2aa50f515

SHA1
8e01bd5049b720f3fcbcf2375956036ade0d79e2

SHA256
a28e4586e67c89f2384951b4142d61b53b66878f49aec0f490d09d8745aa4298

SHA512
761e32a526705c438bbe505599b94ca144ae608f5c93048d1936e5683f6513c3b9dec6790c85260700ececf0d65ebba90ecdc15aaf1e657a5dae5863bdf35504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30df7c51134243d041a0b794835e22ac

SHA1
b508ac03088d3edb04386c1922d6cb35d1608598

SHA256
57484dacdff1dee53b0ef375bfdb809f2a88fac2554f9d53396a73695412407a

SHA512
0ffcc5cd46606d47b323d6fc3c5c3a5492a78ec23b5ba0016b704f3ffa72a13739aeeb315dd30e0894daa11e1853b95b5b23fdc5d7fa78dab1ae00082e4973a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70d02a1cb1102af0fb073a40b9a20ad0

SHA1
7e6dcd043e394400879c96370d74444df97e8f07

SHA256
0a2e3999702e48f3c5b082bb3ba0059e4c88d04a20598d7a923b5e8772197910

SHA512
4a46f203cbe82b555270feae9f8a5207e78720e3089c67e7b30bad48e12105fdece6e3a9947e20f90a1b2d06f835323cbc54831114d2f39f135458ef084ef1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17C7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1899.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit