81e32229906400a29b1c6aa40e1673cf2668a995fee00a5436a0c19f19bd5fbe

Analysis

max time kernel
137s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 20:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f53b69341e1923b7f7a2bf8cddb749a_JaffaCakes118.html
Size

220KB
MD5

8f53b69341e1923b7f7a2bf8cddb749a
SHA1

a306455dd2be62121e7ddb595e30fba083a13308
SHA256

81e32229906400a29b1c6aa40e1673cf2668a995fee00a5436a0c19f19bd5fbe
SHA512

1ee383c545ba4daf300f96b2e7dae24f491918e74b6b42a55427db5aca62870a92783636a7a2075cedf9640a97574c2d4bfa966c2cb8b4e3aa5f1465483cbc03
SSDEEP

3072:SzMun7megAM9moyfkMY+BES09JXAnyrZalI+YQ:Szn6XJcsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15BB83C1-211F-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423522154"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2528	2164	iexplore.exe	28
PID 2164 wrote to memory of 2528	2164	iexplore.exe	28
PID 2164 wrote to memory of 2528	2164	iexplore.exe	28
PID 2164 wrote to memory of 2528	2164	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8f53b69341e1923b7f7a2bf8cddb749a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7c3eda8b386b84d739472debdf0c7f8

SHA1
ca56745d2ed0c2f38af922e385983d6079dbf5dd

SHA256
2d0a5804c9e06010cc0eaeae502ce1b0c5cfbfb3450979759f99166e6e90efaf

SHA512
3702ee622195741d0a10d1dd37e9b2cb0fd3d7338d898084bb56cba02381b4fd179c839cde9e7c8f3b7d8c90e0cdf3d005f1d475268bc0b964bcc149e0be6352

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80d9140dcdd34bf7527d537530958100

SHA1
0e27925b69a9fab1a3d9d36dc3fcca0111d694cc

SHA256
6a965202141a6c4da7535445f690448397a9d98c62f47be53ef8c5ad47193a03

SHA512
87fd5fe3d6f4e4546d0974082cc295db6a7b5ff55e905dcfce504c2405db618da5f04af42d5ff87073d0a0c65be3bed406d7f520fd404e488b5287d76ad6e511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ebe44baeedaf17b8d3e78e335608e70

SHA1
23678f064c07de7f51d6a1a408e49a8df364d194

SHA256
402cbf63c0e3ce7cb86f0f2a71daae29731c410833949b729a0330b9bf41651b

SHA512
42e4874cf354a4c88961d7a59f9e075efda81a72b3c3f0aeb140034890a0ee18e9144fd58558e8d6d06a174fa623df36f1e637cb457a8bfd32f6da0fe000fe0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a680f66d7b7065d5be81539b5b6cafef

SHA1
2559564338b9d00e91e810f1870c52f36fe9c78b

SHA256
81d9142b420067b0027966801ab5c3544c7b88adfd7a47948575454125ed0684

SHA512
583bd0488937cb4703666ad331c39aaa6a50833186cd30d132a821f513599f5390551e22058f0369cd165cde51978c1299d0a10f9351962ff91051403e3370e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f01addff904350848a8254cc2acba45e

SHA1
4dd2402b475d83b140c66b8d1b5557d14edc18b5

SHA256
569a29635362c50b11e3fd4699fc00d295845ab6f8348ea9c5ff7205946676ba

SHA512
c6aad0b152769c5aeddafcd3bd6d5079fa987b9090b495cd18583d1966ff8c1c5d060c1f10f66e42142d75f6d487a9a160ed7561658bd0e143dbd97a66433067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c0cf8949709cce4c197a3cd3edaa93e

SHA1
13dbee4000ff3986a0f691a1ab6ddd3915f1c966

SHA256
74d8bf0ace2cd0f250d04902ac654c4676678c617eead8bd1d50cf5e13eed762

SHA512
e6724ea41a0ba8fc7c71749e3d0950a713d6e797d2cfe8e9858ff7bc80229f8031731e994352ce5f6da072aba072a4c9062459bfa8e942a4c9dc99ec0eaaf5a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb403efcc29ea08f60563d506d6d9d02

SHA1
78ec0506b2a6b6facefdb0cad994d36d38a27537

SHA256
df3bda7b9597f59388b45b16c94bf679bfc1332bc0fa4ca4cd5a8d2154a53ca3

SHA512
88f82358d6e7b13a532605a33c83e85001a0305f49064bbe0477bc67b3919909170b35b12fdafec54d512d0ff5ae270159eeb3b92e8fc8cdf97b9d3afaab19e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
440fa6db0e61eb3ef8196990c853d836

SHA1
d86b7ec1057986827ca622ba74d866c79932f401

SHA256
7efff0277eabfce5fe5918f190e23bdfd2bdd2f5854280c6151d3483efb88421

SHA512
00f38a46fb2a3d168dce74ea3aa5d417a1136149a3a6f350cbc0c562eb7a4b2b652e04d1f80f868461c58ef7ecbbbfc4dd09680f32732c93d18bfad6af96a9b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bdf85651085b12a401901ec38c3e713

SHA1
8fcd60ea8b599023c8ef4b4865bb29316b7e7438

SHA256
b1e1fcad962a3ddf71a111d7a6ae7722f4b8b9dd51ac2e8eba6ed662e30e464b

SHA512
dcc415e3345ea9c44c3dbbd52b603ee1646ca6e4aeae101ff7ba62cdceed4bdaba8175a661a945b0e6682af17c2617697302b21f9f772283e5219d0fa3be690b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15277eb545dd1ac0d9741fae902815e2

SHA1
4e96e2e924d86df094ad6e9df87cd5576b2eb3ff

SHA256
ef93519e8e109434c24ad8ca81ef1f78789727176bddf171a5b08224e659fd33

SHA512
63ff3507432a7af21e20ad43d7f4538439d52624411fd5afbbaa40d659e518f504aa16b8612d92b9448ea6948404dacc2bc54e40ab2f857f67e48cca72eed465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f6d80a9c49a2ed442d392eaa7cd781b

SHA1
24a232df1022d3fdf810e3c8e8d16de4b6a2168c

SHA256
09ad750999d75b5fbc1d4f750af196a03a18a7b85de619451e9b66b8c3b99c97

SHA512
621fe261b1ad39d90e326d7a8b451d039bafca094ffde589309e4eaa70ca90a74c2ceed35d82deb640f0fcd485e7a4cc1a2e6682c7e2e558124a7a3a44609fb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20972645ab6dd0eae91537fccad599a1

SHA1
92a49efea3a5c805e18c4066cc866243fd1ff1e3

SHA256
a464dfaf79b51c359b789f2bbec78a1afb754c83a4a2b70389c6287c1b5312a7

SHA512
11c5910fe122ec17fc55e4e975ac690c17fa8ec86edfda0bd17fc8507402a81213bfc0092c6bdcbe3bc3e573769f52fe45be6d530be701c5b1cc3212e139a09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ed090ff914a837c1b24c9f48596f401

SHA1
8c593f2135b11541d564205d2367ed8bfbbc6562

SHA256
c554a92ef394baa3d6e4df2d225c88778f11a547dade338ad1fdf4ce19697603

SHA512
a194b682de48abaa530128022e007b89587e137feaf61d64e60645a2bd56005aece5b844d5a570a22b2dbcfc4f0ec0f57a52d0dae9e694d4527a345a985fa2dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab237A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar246B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit