0c6d235cfdce61f6cdf166a92d35b6eb69a3432731467d5d4200561c328eeaa0

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 21:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92b444c66ee2173817cba0fb668fda33_JaffaCakes118.html
Size

70KB
MD5

92b444c66ee2173817cba0fb668fda33
SHA1

523dce6efaca2bdd9da912b05e0614b3e7d97c38
SHA256

0c6d235cfdce61f6cdf166a92d35b6eb69a3432731467d5d4200561c328eeaa0
SHA512

069ef57091b4f1a92722f06bbcf0878769374a8886ec836a12fefb64dbcc7562b876aff30f0cb01f959df20b5b85cf989d53b4f7f69a254a5c8a1c870e1739f2
SSDEEP

1536:m7YMpjFy60oSAIPAdwZn2Jdm1XSm1XJ9SAcmVe:m7YMpjFyDoSAPJdm1XSm1XnSAcmVe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423613057"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC231241-21F2-11EF-A7E9-D684AC6A5058} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 820	2220	iexplore.exe	28
PID 2220 wrote to memory of 820	2220	iexplore.exe	28
PID 2220 wrote to memory of 820	2220	iexplore.exe	28
PID 2220 wrote to memory of 820	2220	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92b444c66ee2173817cba0fb668fda33_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
4704dfe58d12875c69acce9674591a74

SHA1
e0883bfd0d7b87e301aa6b591ac89a574949b14e

SHA256
e2969b2d35b9ff0efe21fe83d9ca1a15a1d4d86ceb0fdfa1be90cd5c9b583532

SHA512
1bd10d7e2ccd0c645af25ef46686b34423cf4468df303c0cc76ef35ee7419665828fbe85f9255d2f4a3d0629710fccbe9c2fd1dda0b1ad983c071ee468e12d7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

Filesize
472B

MD5
28545ea4f2df73b20ff82257052bf0f1

SHA1
60d3de7f8f0fe4dbe4f4d07ca578e992631e5de1

SHA256
9f7d45b8b46f09215225dd56732c75f72f926a14282ec05806d314eecc71dbed

SHA512
6d8ee8037bf369a56af295fb6c18eb4fe8feddd868013cfe6c248a66d08bc769c0487b62cfd6c07e307bef20f96ab85f211e527f14f0065a3a5883380b2cff2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0cae2c1a1d9209ee950b5c33b5b854cd

SHA1
00212586909e0f4d55ae23532c514db23e383bef

SHA256
b8bdfb14fab90e09c463d4bb26d26280a44912070ca95a2e9d97d5d0f3fd5347

SHA512
8b10ca1358037b091e7dfb455e96ae3b2e4254c7b31fbf04e3793ba816a220878e0200bcf88895e1088f6587ac5c4f2dfa4e68e9bbf4bb666d273ff8ac24becd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f7dada488d70db6ced9f5b01d08fde0

SHA1
d877bb309333da36303fc63a7748666352af56bd

SHA256
0a8b5c810182133770d9277d5d6606a9aaef342c987b4574d035431b6828e2d8

SHA512
6f81ec5483efcf0708fd47bcd5633dfbc00f84f55ae17fd86042eaa71df8725ef54b6593bfeaf3f7ad6574b765ca035366b9adb2b2891aa6fc7fb0b6bb234159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81141add01ea7e63c92ce2da9ec924d1

SHA1
c8a20a423e7ce66d353a1fb88d839bd92a04b72e

SHA256
951d7b6045cf3b5ed49dfd22ba16496b8fc80aae79d1063daef7b0f77336a641

SHA512
c71be4923e62c12b2f7f78ed4e4e2f34ea6893ef142702a389b8a1f9f8440f1be2dfc637afdbd2490a608561aaf649c1d9ae175de0bd6255c032453ca86c9846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db9219bef5ef0145b278c61c3aaebac1

SHA1
8462269957e0085f468676847e3fda683337142d

SHA256
8efac53552635793be5fa5bc674c71b6f75d086748953907ac18c16786d35277

SHA512
5b0f8ada9d1184c251860aabd9ee19e2603ee3f43359ff6569d02c6c84593f84a1a81567fbb64ef7af34392876f3760d8bac5f918814944f5b42220d14c75f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be01e4700276e7ec16137884126f7428

SHA1
60ed2fc044dca7c346cd563715c5206c9f902beb

SHA256
51badd2bcc50dd3c2c8af4aa8d82b4b462f27d42376fb0228cee46a4fdbad78c

SHA512
de5600b12206dcb3f6fd0b7a960e452e137925fa17229b49046021eb24ea78a2e9bf8ad7e2e280e423ca75edfe9e95c1918048c8117dca0ed239e2415a16bca8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc96703be9b545eca4072fe9623aa0e9

SHA1
611cd157d12e41ac305658ee19d7789f5f932462

SHA256
e7b2e1f72d8de1804e3650e018bdb16188a8bbe06e4d7cff1f09cddc29dc055e

SHA512
e8cb5b48250bc19a6e169286a507195dab983690525873489f121cd78990cbfc770ef6766f4a83ebb84ca8438b1e2a458b24571ece0bd11a824ffbaf03d81b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81462bc6861d7a0aff0dc824251fbd9b

SHA1
a2b67ab2aa2d6234c6b23a61ef2d94118ef63337

SHA256
433a6a62b7de75d972f017c21c33b57685ebe35d187c9aa84c18b645e582e356

SHA512
b984a7f8ec1f02dbb2d71b3c3dd87384453f589d7b46ea7c615ad906a72740530497b0f79db6281c36a13b4691cf1c0aef87460a66a3f636ef24aa3974cef82e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71bd457c878bc2cf79a9d126bdbb8c16

SHA1
b0078ee20beaf66c70e242c33f372dcce17623fa

SHA256
6a1d9867d108d2e187d8d5d14153b5f0186febd393f8aa226b702ef038f4cb51

SHA512
fef546739785e3b2ff1bcf01f2dccf09afd1e42c80863e2db07eeb998c5ed8af87a10ead2716d478b2b8b006befc45091d6f7acbb712052ec6b3e7e32d46ddf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
033c630ee338f57f5adcf6e9d8eb137b

SHA1
6831cc359f61a4680f14277d38fb33644c268f81

SHA256
7f4a3a5b8e9b11ba180a603af0ac05f6f0f19b89f8754b015edabe091ed7d95f

SHA512
65919c08da8223d3495cdf0a9c02e0b6c129f76e0e9259d6a54f6c6bd17a1444605548b381253519836f44527450561ee986a1ec9155a37a852e4f4f25a6f91b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8151bbad0a8bb8d25c719284f4d77e0e

SHA1
cd3bdbd216ef6dd33c94fe43b226b1c982c3c9e3

SHA256
5febd83a9ae4d4db9e607fe9bd34a800156a2dff76b1f95a5b0c1b3ddd721427

SHA512
e340f9c33466b71e142d6410d9ff956703ef6c154d511b01b37cafa27c0eae15cc8419ed3297306719ef6e4bd543b30e38a4d22b78f43b1715d8a476409d8f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e2e1c0838fd5c289fcfd927d094b6f7

SHA1
644ed5cd75c7d7ac053fe4029189ace4cb474092

SHA256
4434398713f8beffcd8b6e4d26c11c05c4345a68d15bb56e9bf56ce1e4670d63

SHA512
2b7241f032d7eb5c420bdcd9baf8a7948c49b67078e7c492cff45612b24aca0250891cb6d56145c4ae0097a139487aa644b888565e60204d1a849ea7c48bae58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
f49a77ad6219743f780b45adfae109bf

SHA1
7ee1cff8271bbdefec701899c8b73892962b681a

SHA256
66cd76f50efb70c18af71c29751e6d36ec504cbb63fc2142fda222ce55759ad9

SHA512
c0ca931ed1d497f1c690464525af75a960d42e8273fcf52cefc1b5a8950ec7ff4db5ca9120773c1100ae4d0444618d5df2f4561c47827c2f5ad05488e6233294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

Filesize
406B

MD5
ceea72097a383f4a373a8f55e452d568

SHA1
1a06cba302926dabb9182ef82d7d1a06daada629

SHA256
5c955886a32c59efe65085a8e9b1f18de5c6ad76aefdeba85cc0e5e72aa18067

SHA512
5738eca6220ba725d5ffb8a83bdd1bf2dd25e49b4588243193b624ca50beba36156e950c3de5e265ed28e541e8738fa6093642d4ec3859d0c0b70679abdd5b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
682c26af19b240f98d2cb951721fa54d

SHA1
18e58b652c7f82a55ab4b1910693686049e25d62

SHA256
96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980

SHA512
078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\cb=gapi[1].js

Filesize
134KB

MD5
f9255a0dec7524a9a3e867a9f878a68b

SHA1
813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b

SHA256
d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d

SHA512
d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2129.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar212D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar223D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit