c97c1b6ea21a7b0eb62c56e739e3533851ac688309cfb576055125b0ebe1a247

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90628715b9c7227c3f6eedc90ab80da9_JaffaCakes118.html
Size

141KB
MD5

90628715b9c7227c3f6eedc90ab80da9
SHA1

8570effca62ff2fc704d6639f38b0ca180bd05b4
SHA256

c97c1b6ea21a7b0eb62c56e739e3533851ac688309cfb576055125b0ebe1a247
SHA512

63e23854f7bf12f7a0f0f305dabb469592afbd9a2bfbab7a068c5298eeca5d1f12208efa2ca18d4019ee3acd7a78b1659f6e1862f12402b922e1d421afd1ef90
SSDEEP

1536:SsqxaZUt6Dnx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:SDt6rx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{892990C1-2158-11EF-BC57-569FD5A164C1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423546829"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3052	3024	iexplore.exe	28
PID 3024 wrote to memory of 3052	3024	iexplore.exe	28
PID 3024 wrote to memory of 3052	3024	iexplore.exe	28
PID 3024 wrote to memory of 3052	3024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90628715b9c7227c3f6eedc90ab80da9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a136e0e4c7a72312b950b35a5476c662

SHA1
9ac990a3b7b09db09d9255daab3de9befa8a33c0

SHA256
744c300108ae2d312372893bad32c444df97a385f5ed191aef18e9025de11291

SHA512
0b00c37cf48aec137dce3701f9269bdd5b4854f5693ba694f8cbeff6c98cbb7941ee80deabaf8e516c91bd96e5310cabb4b2ba4d42242fcf1ad932747ef539fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0b43c8509bd8955dae4f6d328a6720c

SHA1
b6b113a28035b5acae273858dcde7fd65f88cd7c

SHA256
f90ce9d8a37520eb914dee0edc827a9562be12aac6180a31abd86232e3f2f28c

SHA512
10f8abe6a63d7fde62fead59b44e6de86c10d49b42235beec6245be18a4aeed9f0b2d050223e4909d618ba1e2eae7811097bdac8c49b85edf4b27292ba38b331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cbc8edbe9a1cd3fdc1b413eba5f107f

SHA1
2759f58f7bc449611cd4852b93dfd8eb41a9fa20

SHA256
cfbeb5322c032863ea9c3db84e904dd1554ce10352ea3216f94bea308bcc2ee0

SHA512
083ffe1e74c1d8ffc4551f4ff2afc7a8ffd46b797a1d7f73ba3a99fb473c5ca97a390b31e6431fb7ecbb672e9b7392a31c9a451e095c1864047c6b178f003081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a2b45470576fd0a99b990feb3c02b23

SHA1
a5548fcf8cdfa448162f1fff0344c0ca3893dad7

SHA256
cd7763b057b75e17f82da51cb3072859f5debad71232555d6705f00ed2dd6709

SHA512
8eb1120b83bcf2b13b56a143d56c80f52c88c8c95ecd37b7b86f837d6002c94ca4f58558615e3d59638476299ccb8e3a499f70aae7fe1e205949e4f7dbdde2b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9530d3d8faabaa91337b4769710cf1ad

SHA1
74edc51511e5babaa43dd48c5207d45d43ba4d98

SHA256
60f137801fe0027d9535640a782b285c4cfa037a40719f86eddfbcaab83c879b

SHA512
2f27df8162bcedf0dd49ea36555c762f259a8f50a02b08de639a38b1b6e3d7c1fed4ab739ad503ad1e186d3ed9f94d81cd8bf36e39794e13545c71da9106d1e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
675443961c2f421d68793b640b3f1d8b

SHA1
4a832b82e6ba2c41f44bcca6b320401259b0045a

SHA256
a79d61c42e6bf2a82c2c32b67c8e69073e2d649cbddedd6515a6a0b1360959c1

SHA512
d301f6eaef5dbb165b79baaf93162bcb7e6678f490402436b78dcef29ebb0a99ebb415683fbe2539b0effd4042624d5b83fae24cd476fa12783200b4b49e460d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6971510c58f55911f3e082c7dd2fca0b

SHA1
24738aafbc882e95ae5e1bb1ace265d3961a66eb

SHA256
0650682cace80d415684b5c3d6c2ca5c7264cdc5d36f4ea866a093f7eea5f9e8

SHA512
38b6e9ee756287f9d38cc0a429aea71b3a73688a1a5fc39f6ef7a2fe46b4b69d99e56f4ac23e669cafc29403b5a93dce8cd89c3759e6b22488ce42869e82becb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9975d5e83a778af866b515a8b6c493b

SHA1
9d8cfd2c60599930bfebca7ef11662d19741034a

SHA256
b7655218185b961be6532a3f3cefe889c70677625696867897470b439ceb74cd

SHA512
7abde2886c384cba6091a03def89490c6a14339125ff534b76c233e4a327cf42542ee11a860b13c32d89a2b5658d3ff19a94fb9ca8f40440528fe0531436c0b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab0cd79ae2cd301ab62a8efc9153fcf9

SHA1
26f96e65c5be3566bf7aad6223c54294177c2572

SHA256
d181e3815d39ddafc801f39add744fa0964799d553e0a8e932924a3152b87a75

SHA512
257f3788ef696ca5a3c63318b2aa8aad28211f12afe926fc87e334c6c9995581c25a1868adf20a8e9b048af7427df1efaf80d86ba37e19b516818ad23b3fae67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a051725f5ee8528db435bf8de8faadfe

SHA1
41a4d333020aec37c721753f898a580d7bdc034d

SHA256
740dfcc65f1daeb798634352abbc07cb3600523c364a7baa7db84db6ec6ebb2b

SHA512
8e6dcd517b906b193d3de29e3e042dff080a022a2744efb4baaa980847c7579cd6fb65fb812fb5c3526ef6ecaa44285766397b6efacc0e2d6500333eacabcdf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55b71686fa6935a09919a4a38a5c4560

SHA1
16b8ac88205153fc13c328b046c646a93aafc622

SHA256
21fd316a483a3b4be1e39776c4bd0faa336c9a961213b885af3fb7a111576ca5

SHA512
571b7189de1af30b5856a53cd29ff9a8e0b3c07f571be53251eec8d370670b8282278ee4e3faf0b6c5c47bd07f0844ccff95f3129fb76ecc58d49768648fc888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9512e3efa6388dc49f061eb5cac8dac

SHA1
8c6eda4c63adb89981c61a483d70bbbdfd871d56

SHA256
be0b1d073490c87702511415c97de4b3d9adb201053a1470dd4f8eb7c5a6d8a4

SHA512
e41babd21a95926778ddaa5049ac60992ab9aa4bbbfca441a0e6543a1bbfc802952043f7f7a1307fea8920295db71d64eed9bea45f38143ff997588941ba4424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb5ffacf95a0e7e7602825677ced12aa

SHA1
33496d418ea7fb88973cf192e1af46c5799f5d78

SHA256
af62a4540a86b70c180125cc34e2563c6a3780bda6a13f70ee9e4411d67d48d1

SHA512
c3ef0e7fde4974ad1fc1b5c954e147cbcfb477b535ce56a75ce23e44777bbadc0035f146981df51f5fff88349c56e088504e74f2b232d9dacc2b9aa4e2136181

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c0b02e8cd3e7aba6866d83565b11a1c

SHA1
9bea6d249d1fef9b95f8540d08ac4ac258922b98

SHA256
56696422d21d8ca59f9518cdc022cb1a96a7bc5bbb928810fbda9aac3e937d84

SHA512
d7e16cdab3476749144e65e160ba41ee38aac55129cf0ace8a29c1cc2649afc3d9286e93426d4cfa29dd2f0d9546a0c175100b31f236899ef69804f3b3bb8b02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24caae449c20e5c66514072b1902d9af

SHA1
7d5ce2e0e16d68d0db85f0a1574ad62ca20ccd35

SHA256
2bd1b26fadbb20138b8485d2a43470c99b9609bcf15e7afc887b41f155d417d7

SHA512
6de8cfb2190ba4c1d500b32647bd4282b5a6560565459fb41b5a72338242c54985fe8fabe2aae5b78e645ea1822a0650fb34fc90bab733448f319f34056a0058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf208b4027a6331dd74979aef9eb89ad

SHA1
9ff9e9ae518dafd3856953c0964fbad14330aa4b

SHA256
a9fe86ae1338f7b0aa9bc28c4e40468a000f5517b9b7ecfb7537ca367907a290

SHA512
a86dfa5fcedac2473ec592749d2927dd1480b58cd42339e96abae856861ae7da066c37ae64ec69a2e2d2dd8469d62ceecb297feb8c34dbc84de087aa654e61fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06eed62568c03ce74501e968e04ae430

SHA1
2b1788dfe0a5c3b6eeb5e57a87075b73b1f7996c

SHA256
50e7f38b88adbb364bc2a5c9540505066bc6bf2cb7963e1943b6bbe2f07725fc

SHA512
95c561d7d70d599378114e72b1b4b09638f35120b248504d050eac6f5073ba7b018a8cdfd272c9cdd90895ce64028a5c82d45901ba87b841e1b6b0746e515675

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab207E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar216F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit