50b84505f4d3c7c65609c9659bfe56e70a51d13e418a4d87f2a16c78600e6155

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9193862f7c3caa0f54ee714bf96730cb_JaffaCakes118.html
Size

220KB
MD5

9193862f7c3caa0f54ee714bf96730cb
SHA1

f3b50cdfa15f45357757ddaeb89b92d9e6af7aad
SHA256

50b84505f4d3c7c65609c9659bfe56e70a51d13e418a4d87f2a16c78600e6155
SHA512

c966ef218ff8258c5a800e4bdbe91f0ef1e29eb9f309f4f08bfef5d85ba2fa554d592646bc5c9ebc5730227230f1843b39284e071d309eb81187b7fe1b34296e
SSDEEP

3072:SIlNLS+qaBo3dyfkMY+BES09JXAnyrZalI+YQ:SIOn4sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62841C01-219A-11EF-B5E8-DE62917EBCA6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423575111"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2940	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2940	iexplore.exe
2940	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2804	2940	iexplore.exe	28
PID 2940 wrote to memory of 2804	2940	iexplore.exe	28
PID 2940 wrote to memory of 2804	2940	iexplore.exe	28
PID 2940 wrote to memory of 2804	2940	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9193862f7c3caa0f54ee714bf96730cb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1a205547933b169d344cfa1ea1bb74d

SHA1
38c6c58d454e74bc6968d4b6591d55749a527c66

SHA256
b51ed9f6ce551d72aae46ed90af23c0d1d6309371d09564d28b0760225b5a31d

SHA512
c394a2434f5d91d27e5b206e60c1ee97d54df829c873f9dae75fc8e7ad7db9c2e9a96577825dd7718dc1f0ed6ced2bea308b6993b74d6e4032a5b84e5921c22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9818c2432752c0575e81637aaa352627

SHA1
f07d3f5ca00e0842fd57f6d2417537ad4f196e66

SHA256
e0d8402b0805e99e8ae70b5393296e58228c5bd8f9e9d36414338ce518942486

SHA512
86421955043e3555afe63e0dcf06814a675666047cb7b7742e3c4e224cafc49fed9a0dfead2eb4cb4203a9ca3f93bf1cdddd8c3ee0e9af778968501a23f1eac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25b25a11edef78d563b069b2d3f25b93

SHA1
07e4f91d80793385fcebf778de08e41bc49d1496

SHA256
c472e44a3973941028e3572531b9656e8f3b6811f167cd6fec0ac1cfc22ed64e

SHA512
bed039ed6b0147c45f075fa3df4d6f1fbea0d0601f1a15c07d23e062a69a0e266e1b4e7434b2dad99042fcbb9eaf59aa4a1d15a2d89ecf0eff604f01b3bffcf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
332d907f4aaf719207363f3f26154dfc

SHA1
dda6a9746d09176d413c3c770d237b22c02c33d0

SHA256
f2b5c6fae5f7901a44de2565e190fa6c01c4dc04932e41fa03e9b5f10882fe65

SHA512
dcaee38831a43f1d01f6f6912883d5902d5fad7cbfb7c8205c3a93712a0dbb437754b284b02c2e664531647f3e7052fde2afb512af67ff068004c6914cf5169e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7de3b303729f5624fc18b8320fa17219

SHA1
4b6367bba80f43107006acbdb4edbcf4051416b6

SHA256
868806a4018d5e2bdb320f1936098c6630819267f8e118ff83cab5600b08eff0

SHA512
8796168cd8dfe4d1cd601a5eaf0a35df6a14bfc7a1390bf932d213a06a90f727ee83596bd254c14b2d25b0293061573d42611ed0d48de4346eebfec95568c8f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f3cbd58277f6257e39f72d004d6116a

SHA1
b1082ddce311b846e0244cd81928acfdde0891d6

SHA256
d08aa6572603b2aa0834a9be124213fc8ace7ec281161b4410a2ae81ec304b70

SHA512
ca730a8a6864f6a917c222310dd88ae0fd6d77784233592f66f8ab36d6d5b92e809beea5b92ac8890cba33bcc9323429e887c3771af2492c5884dee17fed907f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67b25737779de7c297180664b6ea3c2c

SHA1
d87fb4b1ec5b473d808fe34f9f9ef59b87bf72c5

SHA256
349a9485f3af5f40dabb5406374c99e3d948eb0b7ff495c895f1d67dd5c07ba8

SHA512
0768653799b00e2946c14e489bdaf9736bf44ba0e4259088a914541b84ec8d3929733ace56cbfc21f8a8287b2b12b7eebd306f5a607bc088dbae36651abcbe09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bb301fcb18a0ed5ec8af757aa0d2984

SHA1
8e8e8d109e360227ef4a2430220c6f94b8ae810b

SHA256
197c37f4d2080b754330ef818282c37e59cfbe91a4c4f04416414cdfbf7c52fd

SHA512
023746ead41d3ca43c6dec58860e71b4576e61093527fc3d8d43b6f332db42c2b89666c7f365c7db5edf05fb5ff16a957005d1883753e1a08deac64f965e2482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffaa2abf4aa09f3bd120e6378610eeca

SHA1
26a3d17c489986b5de8eb8f584acd2bac59bee8c

SHA256
a2afa9ae9c1a08d93c5a9be2a14dcfe12f8931f3a6d978c66f5f3211f364079e

SHA512
bb0adff9dab36cd89fb83b596f81c370c8e101db310603db47bd0ef7e5de2749cb121d65bf1e715a1a75ba6a9e35f6bdb478f64a9abb64ecd7f52c7dfbb76348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22eaa0df03e28f95d6b8e25ff493dbc5

SHA1
2efe6c1a222030a9b67821bd0cb9fa3b8fee24c8

SHA256
c5484939f2d504bd1100026fb720b25ac516bcf6a7c14e86e6fceca5a40cac37

SHA512
69043d54f41e02a93362597479212a8dc10d39de32c8f461e04f14db52dcbf4f344ec5165fac6af20bf6bcbb022d78dd518b3ae9d374b5fb7f252e48e7dbd8ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20449a2ff15f5ff50bd6245b4668bbdb

SHA1
8a0b72be32ea8e5af4da40100e3c041aa80e16bf

SHA256
05c681ffc47919c24636f820472c6d55e7e7c4d8df1db27ae876fcf262926133

SHA512
dcc99c25a13fd968f5a6e3a1cf9f3cc4fc0291dd6ab042a12cc1a768bc7bc7f4c9569037fddebbdced7591fab3067d081576ca8a874e72816e1c8d2f7723ba1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0874376fdd533716f09563660d9d21c6

SHA1
bd47788e62f02830fd5f31b8f24ef4535fe2467c

SHA256
e9bef1500e5ca17a1583ccd6a7b36080d202b4153fbcf3abd14677eb2c32f045

SHA512
00d3cdcbb2a787ab89d4fbc4e8687bd57bc3d0845ab9f20c8ac8e544f280b850391b63fa3d5e095864cedda7973bd6aafe3f1cadc544bd0e76ed71f1ea0d4434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1e38a8ea1dca95f97b42b4503825fa8

SHA1
c8004d6be91ab0916e620d6df2ccec664e741c46

SHA256
8f41b09165cb5e1cac4eeafcfc8d5397ff6460005eb9540b67aabfc6d4aefca2

SHA512
0a382c8cd9c1c6f5817d80920af840409ff23a900411a3e859d2a7af03d8fa3ee8e8d5dac64b1e109f0e91981faf624938f9927fcdc115a48cf710acd4dd7a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36670bfeb151d96224e1ce0cdde9e845

SHA1
6bfd808b8ad00187ea038a943ffbc8971529a4c4

SHA256
af89caeaee4e813d98d669d0ba6f41f3711db2fc9df51d8d1533b5e42f49ad4c

SHA512
295b78be73418339e5c10d7174d27ad2f7d83401dd47ab86f9f6a7a36997d181995e9bed27c64d2feeeb2e16a3e0be595bb607fe04119221df68a5aff834923d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0615380c944fd5a3cb741be6b6199a5

SHA1
fbcfc32c5a0bfc2b114fa786fa6fd41f3d2eec6d

SHA256
aee7befe88a71108ee38602b90eb01f1daa970a33c107d806d4e27f91fe6b43e

SHA512
b6bdad84270aa6f53cb460a9ef6c8fd8008d164935f9071cbcabf1b52aa98732e22523775a9c900c78d92c90832ce3b4885ba8a9b4418d0396d8d45d207135eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
103d32a9a335a65e97b99476ca33819c

SHA1
8992430dbda5dccc362365d3672b6d336084b79b

SHA256
691d090283f33e60ce6403db029a3e81f5d461306cb3480d38feedd4e65040f7

SHA512
11ca10b3c73292d4aa840bdce101d2dbc0c2bd443800b7c15d23d25f72d984842a0101a245467bd03051f1093941d9e93ca41662d9fe902f286b5180cba4656e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
281c226a997839047ccb674e6dcc59ae

SHA1
25309c6fc4f8f4ae989ac50b6ec1fa1973d1f5a5

SHA256
d221668870a2fd971e408a17d19369e3602103beb8f6dd9a583c65c27127b044

SHA512
687241a1729b787787a90c19ed24f688d1be16d9dd32dba043b2b844551b8ecd46bf0d101c3bae2b542a4945ab8184f8de74b6080efbf44cad8bf0b7de1804fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e8d2ee93e15cc7faaed5507952238f1

SHA1
c11717e61d4239eaf1e4f6b5501359dac5c798dc

SHA256
68d298f3d0979c7ff2b36ff3d4af25f9957f3c8d3470f79f3902d17683f35922

SHA512
2d936b9c3f5cce8c30c20a9aac6ef9334a976a25eea0a373815e40ae6b9d620cc51c058f4e560261bd5dc764f14c16671fde8f783be7d1731e787acfaa6e6432

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab170C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17ED.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit