96a6fcb97075a3343c9eb4c6525979e05e3619235e17b697d0dd728f76f8f90e

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91ce09d68115e2769af7d6b403dd77aa_JaffaCakes118.html
Size

83KB
MD5

91ce09d68115e2769af7d6b403dd77aa
SHA1

8a7d4bf560f177eebd42ec95101eaaabff22d44c
SHA256

96a6fcb97075a3343c9eb4c6525979e05e3619235e17b697d0dd728f76f8f90e
SHA512

500fa541098bb43c14f0fe59ca65ddfc3a6192e7af4e2ba35c6cc0e53750f924ddd990544fccc96230150dcbe2e41729c234f361c5ccf98631027571aca74a47
SSDEEP

1536:hpPMlbN6FJbTM7NbVxsYSlSWE5/ezOlSYqKyM4WvsUWZkojNqZnR0pD:hpPMlbN+bTM7NbjgE5/ezOlSs0UC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.network	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\m.stripe.network\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.network\Total = "14"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580024"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1B5C5F1-21A5-11EF-BD10-4A4F109F65B0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.network\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\m.stripe.network	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\m.stripe.network\ = "14"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.network\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2928	1948	iexplore.exe	28
PID 1948 wrote to memory of 2928	1948	iexplore.exe	28
PID 1948 wrote to memory of 2928	1948	iexplore.exe	28
PID 1948 wrote to memory of 2928	1948	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ce09d68115e2769af7d6b403dd77aa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5e1340fc1318776005bf8395fedb6dbf

SHA1
a423e3f11e8d230f8046da80dfc004998a1dc211

SHA256
97995b6c67e62d205c5d1cb686a96d91c845906c024ef891099cf8928f9be5b1

SHA512
aa66972758328c4094db0047fe99c657da7b997198653cac1f63d8847cab29d7793ec45da79ff665a47b2c70098c76174f51f868b3b0a84642ed450435155787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b78861f3e7c7cf5f421c5dae1a0a134

SHA1
ae05b33ecc281cc85fccda0b04b2b5890476429e

SHA256
268c08eda15ab05f98742632318b815360249c31655cd5c8ee8d37805f342805

SHA512
ca758024e16b4e0cb6b06b2dd6dc2a038475e74c80a662caf8c398ab8749784e77db1294748a717086c1a9b564695babc9fbed602eff32494a9fc40381b71feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9862569ab097da8390688ffc0f6f9971

SHA1
cd1a34d7b8744b1e08901751e136478c7a3000c2

SHA256
14e117889557d4481c059f19624efca8244d4d7c9c456419ee8a398b6a41c0d2

SHA512
3ed39d3e9229e899bc2fc99aaf7f64ef83ed11328f7139426f48b6e512180d3b41d9456b83d823e52c19096fc3d6eed2de0cf31dac3484474f80c1dd180ee6a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f993e140721b18b85a955071087a723

SHA1
04544067775cc8ca7e187832fb366f6505328e55

SHA256
73e64919e1b23264cea0f179bc92b4684b7e0fe01b1f14a8981900f8a843dfef

SHA512
b5e3c7d63f925bde1ecbff4ff7e552c20eb20ac48b1db11329c2f356b01e4eb79bb0dc022fc4ae8d2cc6deffaefb2ee2ebaa2c04b0def55fa5d4fb735047e08d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bf862df2b0223f1d36b59daad472914

SHA1
096f14dcbd8e4aea054836be30907dcb181f91f9

SHA256
94dd0a1bc130fabd21802a59b744ecafc3cf7ce94c9394dc46624f4e1549f482

SHA512
632c6a5b9966200929930c2c45494ff2ad0e64f86b73da6b5b3c9c6919653a3cfe8f2e3f2b0d7ef569895ea0024b2f269be92a9d88c1b4c49180b62f617999b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3fb86b1e7b079ecf07703f609e06111

SHA1
a6b3d64df810e03cc4b03c3d2db9a0408a147e00

SHA256
f113e318322940da83599943e43bf533ff68d195719975224199ae7d6ab03a92

SHA512
93427503aced309d2c509f5e5629206e1d8a98446bd8df81de513bae2a6476f1a710a819151c24d2549fbc7c1375a96de97d85c2c55b6494ac63df358271b041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79382a2d5eb99c6674ecce96aa52dd07

SHA1
576cd9d359a07a162dd3f9cda3e892c0e3d53fd4

SHA256
cb5053e9d2f9a46c61752716a7a1aef16b952d56641766d723d7ce340add6ed4

SHA512
28e9785653f5096ae69ab413816328a26f26faae045720e7b343644cf5578c362bad8ed2412a52d157f8856fcabbc4bb42d3534060fc3d330870bb6118ef7ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccc3f99241108e4408d3d49b9c6d3a92

SHA1
baf63a1774f750ac9653dcd9eae03850177f3a2d

SHA256
2228096deb462db076aab118787eab9672c7173690da469ee8c2637bfc47471b

SHA512
9aa2e401684abe807d484eecaf9f0c5b025caed4ef7c4f1cdafeef1cbae69cd194a9e101d27636eadc542543ab34d0bc94efd3228ceeaa8d486ed4276b2a52ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c7656f1562f4802e349e917752c94c

SHA1
b296be66dcf15e7e7e47f15a720a70749851b455

SHA256
1d2be9890510184c9dd4069f7b9098d77a12c89b2c20e789fe55eb9a89800b5f

SHA512
a82c6030c0357161d5a9d170f477b52551db6cd5cf5bfa2b39d0c5cad71948cfa5439e454517fde9b2f004b2491cafef5c9ebdd5d48b5e5cfe77f8f22a4cdeb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09a02103f88fe9f9aae46bd4ead955d1

SHA1
2761c4e7f685cc33925c861d191eae4aded1dc7c

SHA256
28596a13d77944a3ef52d72246e8b1523fbdbedda165061f3c96eb45364d8970

SHA512
53b421726d8a787ffe48374e88a95f79e4384873c953d943e52c1eacd30cae69e9c96ff921feb3ecf17f7a6adf0720d8d073b9b7f8fea4f21b740deb9757af13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2ef4e376722f5ac09dbd560e2accfc4

SHA1
bcb8260b9e265786002630c215006c02804dd250

SHA256
6a3d6da3e908a28a66736d5f3867d8fa7de07896408ec7d087196fc93cceb239

SHA512
460105d8de12234b11129650dbd694ca26803e5b577cb9b53e699c536af50eb6ba2601e5d5c1eabca40ce9ddb255d549bb410854732bb0ecd021eefd414a3850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4ab1c7d5d2ccf624d775ace49fb2c59

SHA1
86ba5a7679b5103328c9c7fa37c8fd629ae29f56

SHA256
39e9ed9d67d826497fd4957d39c8502aceb07c65617af85b59886ee6b5379b6b

SHA512
973eb9d12c65682928fb01ee13b24215f8f7b9a4f7a055006440ca90781b7d881607232d844cce75f9d1431dbeb79b34dd5282573f1268a2cdd1791a519f0c83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd2f268862c6607283ef95dc00954c5c

SHA1
27d1c2147c980b19aefa6ebc964f7fa90c57b975

SHA256
0bd596605def8cd6e62b10897ac5444aaddc76ea9ae4de44e743a8ba408f749b

SHA512
36c0eaaed3b4fabe853082035f1e34b1d9e47e70b6b89618a4abaeb8425b58a5e53d2f8e19f77b0af907a298c1dfd814bdaa094c8b459a1a99535b61b93fb8dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8ef1e8925fe1aa7e5f16ec329b526320

SHA1
ac7ec168c0300747953abf52bb532def965f0b1b

SHA256
fffefddc88e0d89e81f203326efb8d4484a2b0ea3a6932d159794583dc6a3f28

SHA512
685b048557f5856f894d6748631604a7f35d48e43b98c1fc7de36c4d5b91d8d87096c05da5599c952b8317b1ad0ebfa0e3a0e3e42f042b474a77ad2f70de2dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MGK63YAG\m.stripe[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab146C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1588.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15BD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit