bb798394b6dc9a7e517377f56ca3624c34166642397eb4e707781aab6f7014e4

Analysis

max time kernel
147s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90c447dff7c0dc627b4920f987b08542_JaffaCakes118.html
Size

357KB
MD5

90c447dff7c0dc627b4920f987b08542
SHA1

67cadd9476cbee91cea219dbd694d4ec7169638a
SHA256

bb798394b6dc9a7e517377f56ca3624c34166642397eb4e707781aab6f7014e4
SHA512

01a5c7a92e34309753d1ce0ceb433f0b4f32cc0ec4dede43df56d2d0552297fe81237d10b07b4126acd1f42dc209cb311f2f6aed8c12628d60aa95bd6ca1b59f
SSDEEP

1536:sFlM9CAEV8ZE/PwRIfeFqtOk9KCkcSdccttUVNiLtBErW3Etddd7NLdt9cltdBFu:mlM9CAEV8ZE/PwRIfeGoQgO5eMt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4407541-216E-11EF-B238-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423556404"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1896	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1896	iexplore.exe
1896	iexplore.exe
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2872	1896	iexplore.exe	28
PID 1896 wrote to memory of 2872	1896	iexplore.exe	28
PID 1896 wrote to memory of 2872	1896	iexplore.exe	28
PID 1896 wrote to memory of 2872	1896	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90c447dff7c0dc627b4920f987b08542_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_6F2C379B4FA37C407DF31A1D4384146A

Filesize
412B

MD5
2c01fc868812afa9aaa9b9adda423108

SHA1
96150b0a8d0a90100eedacad6ac447564fc6ebd9

SHA256
31515458dff1872c33eb3cef96ea65639e7a8d5583bef9f3308442bfc7cc3202

SHA512
b1f26c56cee29f3d22df03c37a371f099ef2d52f0f4c9f50e637331943798d7dba02518f161e7da5938676ad9a32072c1bf0f6580c476a5f03c14e9be351f938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
37db262e8d76b0ff60c89be0f83c7837

SHA1
367677ad66c62d50ab05a5e7d315ac8d668c14cf

SHA256
19e2d514c63551347d9dbb4d76fcccd17c124836d1b1207a1bb3c7054873c804

SHA512
af16dfed1f6dbe6e909db34527f9710df807436d21863f43e53a529311fa07df46388347bb75a6c6b6adbed3ae221602aabf3ce804ffd01c46bd1268348fee36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8ef6636b2297795e4b92d71cc8bdc21

SHA1
dc23e33ce4a26c4754a8fb4b44a9ed8fda3e2523

SHA256
25435e3ef68b2884499e7062f90b46d55f84b639576652851b8788ca86e66305

SHA512
0549c6a7d1ecfca04483031e2b97f16e42cf5ef55f48222450e11ae25adf89b4b102815cb52de31e607f90a68064a25548774c0556b14caba50ecd3e427268cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
453255919277e70f6fb2c2a91586ba40

SHA1
a2e08f2a44c6cc9965d596bfb41080b80c2869a2

SHA256
98a1191063c9cc44cb58b4c02d8552cd4c7786447ff5d20f36626166ff22cf10

SHA512
0abcfe6ee57f40583abae8af37c887d3806b977e8c658c1eb5b2ac785e3806e63d1c28b9d9e718377e394128d4c7e14070d4402687914d0beb6586dc1d78a316

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b087f9f41817ba54d3e6f78f4e0f9b7

SHA1
12f7cd34f725a59944d3e8007c5da786a85f7496

SHA256
0d5c99d9436ade37a181477928f576e26b9c237ecdeb59f8331b031fa99fc259

SHA512
7eda89ae17cf21f5e2e47557a3c2ee2ad94f38d979bccbf9bb35415fd527f027d1b34a484f3591d4ee500d7bdcbe6da37591a02b0bd6d6532838651e10618dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea6e1b8a84ce1283f047c4fdf8446870

SHA1
a3caa3957332c704d934146da2d60da05297181e

SHA256
55bb15772e817b433c5d4571999bc3fe63f295f23c8a50f362492a0365a4e739

SHA512
b2dc13eb6549f1d409d4373e29106cccdfdc998634e6b1a1c7c500f27e41bc230bb31029bebb61964635a18b54597456d6ad1c29b3862f38379aededed8bc4c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0591a47c828aa08a595e0412160358b

SHA1
e0f00f42cbaab291f1df77fac01435193321548a

SHA256
d0d0395934ac8c9dcb130b6c2cbafa71fbe5f0614c74d7c19e0df772212e66bf

SHA512
d933977e449ada4011aba2356b6a43230b67817c04d075206f9d601f959b4ad5ff426dedb9150fb2d380dd41099fe070136d85986975dcfabc53baa1dcce48ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e09d66dd589ad4bc3de82c4a4fa0f274

SHA1
04fd071d37addcfa658cac978b84072d7b6606df

SHA256
01fd7a426a03e73971eb3a81bf0683d84e190e7344a55334c05809f9f22fb58c

SHA512
4884702456023a6a65189cffbfd16630bcac6c38323dfe70b499f636e1ff82321411331613e78e85f80863f17e4eaae2acdc2f864c2be5c47ced8ccd3451944c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35321acbf6ecb3d7bc261386c0a36d6d

SHA1
af59656469310ca93db403b2a0d13cc44da7e785

SHA256
8d1a967f4a2779f6df6387cada11c3c10eb9c12481703a6a12093a41f236a346

SHA512
7afb676df2fa8db91e19627049289cd20012f2d435e0a1ce8318875cbaff94ef1ebd02e262328b1073e0ddf786a53a5409a103b24afccfeb8de2989a1a4ca73c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dd25cc5ad5fe753ad9d694e56166128

SHA1
535b6dface62dbe92079187c715fed60f76542c5

SHA256
5e27012e664db7c9b02e3db27de1474e135f94f24c739a300cec353a04c8da96

SHA512
8e8faf368cdfd1a9b001e065c40ae5dad22ef9f7eab1542facac8ca99de6d053af1c3a792314597e41092cd4ccc1f525caa37b48c12addafac4e24da043eb6d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
388fea16c46640f52eec6a19d118d88d

SHA1
a088b088d73b9d99038c54c8ec7feaaf412480e3

SHA256
bdb3f0d1398bc9e0af81f58c298a21eab582c493089151636efce3d8b177ce36

SHA512
2e08ababdb5ea0bdcbc077cadc00eb7708407d3d703f174392300e24ac6dd3d204de9ec64e92bff027332e5b37f096ef13ca21cbaf3140028138f667681a0a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e99092752000765047ead57215cf158

SHA1
ddb2ff6d160e28db147c9afd28e9845d1bdb78dc

SHA256
7a51297204258022e72a803f0f64496dc1e374e759818928520d939f71d9a11f

SHA512
b5899cb1fb195b7b1fbcb08069a33b1f16d54c8d5d4e85444fce8a7d245fa342195ad428fea203bf39778d8f0892f2b3e7d4b2c41ad3f2a5265385688990fec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a78adce4e78d6f62d414a0ed30d927f

SHA1
ed0e43dc7f6212d679eb0da53e650434e674607f

SHA256
7ccb082dbf8897adbf1c20786bb77a7c554d93423f9d2888660f9e942dd9c493

SHA512
5bf337d80b8c6fef40c741313febdcce05a57858c989fd4642df4ff61856da815c37bccab6d208983484df2e44c3203e17de250905b5146367707f0c7b09fa20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ec27ff6b90bf51ee56ba3e2ec92f107

SHA1
88e9dbfb74231f8b0bc85ba53274a6a7a8eb46e1

SHA256
20091d50f5ea8d9f9b403eefd3bc972ac7d3f8c1ad6f289d080b30c29f1bc7df

SHA512
d65238688a3024f085f2de29682f37dbb9ab202f506e657c4c4c6476f01a1062b1f7eb854715242dc797c11da3c01f085cc96186d3150b3d6b713207a794191b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c778edfdc78c47cb5ebc82448d7c865d

SHA1
57ba8796dd19a24c48b01c0d569839bc3a6f3268

SHA256
b9ae0fb6ae784e5c73c73352eadc6c93533aca7c96101d32f27bdb9cbe5cf851

SHA512
b8e21fd16f0d8b7376ffa44a2004e970e5bd2682dda13c9554a25b3ef8c7be9f2856bd2c3af49f63234eb7258941828fbd0d235b2ec81a1439a5c26559a102bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab232B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar235E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar240F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit