269826fe1c9f2ee4458f22af989f1c2204bfe7583d7f640525086d8b94dc30cf

Analysis

max time kernel
137s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 13:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

91eb6be01a8f2f8a1137c04d94ce5993_JaffaCakes118.html
Size

213KB
MD5

91eb6be01a8f2f8a1137c04d94ce5993
SHA1

baa332102a3c39706a3d209a6bcc8f92fa0e915c
SHA256

269826fe1c9f2ee4458f22af989f1c2204bfe7583d7f640525086d8b94dc30cf
SHA512

aa50bc8841f6d88d15242a51f0b376b58bcb59e26d749bbd625d1d49e0d7b2d3ae22ec3f8458dfc84f48f5a9f76ab65e2ff8d12b088dd2df646b9af0cec20211
SSDEEP

3072:SmVrMNmbCLAyfkMY+BES09JXAnyrZalI+YQ:SmOF9sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582484"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C6E6501-21AB-11EF-9F3E-D2EFD46A7D0E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1664	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1664	iexplore.exe
1664	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 3024	1664	iexplore.exe	28
PID 1664 wrote to memory of 3024	1664	iexplore.exe	28
PID 1664 wrote to memory of 3024	1664	iexplore.exe	28
PID 1664 wrote to memory of 3024	1664	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91eb6be01a8f2f8a1137c04d94ce5993_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0a39c368d14107af6225a23eac46bcb

SHA1
0fffe85951e1e9771fd57e9c5224f709e22023a8

SHA256
4df878841b14876dc45362456e0d848c432e812a8d87e7f78591d5c09f7c5df8

SHA512
94fc046e90b64fb3720dfeab87b16df5745e588841fb1073b34fe229b30afb85aa7b853bd6e6fbd4aba55dda50a952b0b7d73623c3b6a92dfd2a06d3dab71d3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd87119d626d61220bc15c107de8abef

SHA1
3888f6ebb161e7546beb024425d0351672579f33

SHA256
e6af936731de7e2954f3e62bf6b22840b7ceb7b96ecb08de7fcf976c3eebc6bd

SHA512
cbb6435d84883adbe013c29e73d1a0f56a0e45a6c1779e2484a9be4d5d51e4aded1f5865f93001f9bbd844baa5862b69947e3d2b8fc700033dac5bf722131bc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90db9a6b52778530a7c628e086ed9dd5

SHA1
0f2fdaca7d93503faea6832c2da37434fee01012

SHA256
2d5f8e8b8e3cc25e081607e09a9470fcdb4c3ff8a653951d0083c021ef0b514d

SHA512
85dd35818ae9fd18efe1aa7193dce7374542dfc2dec2cabd6aba49940de4328e5cdc980d42ba0616bca38fa5a3770038e6bf1cde127152861e9d8cdd0a951c9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0d863d02736d731515eb936ad73b271

SHA1
65e6fcfba6f53c1a7028928079a23873cfa0339a

SHA256
7dc615de15a066a9d62ef18b4e4c2b938bcc325b0ed8d90a106657f892418c13

SHA512
c45c7d2939d7cb6e6cffa542acb6e3387d6ecdd5ad9f12a1256b0be4061c9076c50d913909fa95f784ccd3d6c4a627044b2c478b7701f292e75b53a66015fc68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5aed414ccd87cc7169db6ddbb0555799

SHA1
bac1800d71191d41ad763552e801b9888643f94a

SHA256
c2673aa6a412044105cc0065a79ac32b8afefd16b39acf25adb6458bd77aee64

SHA512
1f53070e458ea517af9135b0ecfe87c68c5585ea4ef393c15a94e70dffabb65942cf0a421328d7a99c7f3b159e813d8f21f6b1ef51c9511e9ad60044a3cd15fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6029ac93c797955190594b19cfdc5775

SHA1
456882fc33fa3bcf710919c25b71a75a280915d4

SHA256
0fdc1d9542103033e0237a138f60d8d5d41a6c8f8175bd180ce6ec346d0a58b7

SHA512
634a11064f0155b6de42a00d8680d8c09414c18467f65b15ea072896910454b1f17708e53dbcf9152962c740de3a86b49cf82c92444eb9cc1895cf2ab6d5a931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb4038cb11ba2d3de5ee46244974be8a

SHA1
83e8e2bb8eca18cc28f3d17631fd7a154074533a

SHA256
2863296d8b6e7dbca8ea5cb6cb3ef6b5cbdfba14c792d7a90635417d0c817271

SHA512
cf7b0838f83e4a2e7e55293a6fc61986231fa611fd85cc0071928fb31b480fcab00cb00108040ed65205a06b00667402c9b63fd001b22fe84037116a684d17d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d54b54bbe87a0aac078534387ba14ccc

SHA1
2865f712218381c2a17965f8bec26c694b8d60b7

SHA256
59581ce542eff45646597d0a3354be1a7a968a67281eefa224192f336ca4ef38

SHA512
c5b9403aff9f30dd342750e4e72898a230b0741a7c90e846b3954ec33fcc9482ad24e0515ee51d9cc2fb5790faaceb39fc0c92a4f8fb8fc173eb82daa986757c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2fa049b22ebf16cc4cd0d87296a450b

SHA1
f3af5ac68b9a6321b60252a870d89b92cd9d0720

SHA256
586fc545cb1d4852ff837a16c6a0da36b5ae77f5f0ca87e700349dff2bbadf06

SHA512
eeb6cdb9a2eae96bb98b34277438a93fc043efe55dc8d76bb43c7613c3d0d1ef8e85794568305290a0685e9ea8ef4d50b586ad0db5ff4e7280b85ed41a3bcb47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
216cbef9093f8a1540dd987d46f78f88

SHA1
3aa21390722e5e409593569d03af3c39ba1a2c77

SHA256
32a390216b2e6970072304a1d4fc3a91723f21d6a0ec6272513ef185e9c6253e

SHA512
8718c9ab9551bc8b58016a912a9523059f16a9bf0f1802384437d4d3c755cc6921cad5d259eefbf83674140effa087a7e5e685060fedb53fecad62c807ecb693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9dcfd1204141ab26f79780f2b99c174

SHA1
065c4cd372bf8070d643c4ea215c2d7815ec3ee1

SHA256
c00cfc3e9ab2d7e05319ff4a2ffcc37f5421e7424e221e9fc070ad96d0df48e8

SHA512
0fb17858f4fc9fc4cc174b8a8095b94c0d92a0e78d5a150384d596247fb2b260b879cddca66e401e60bcfab53cd527925023252896c5e859fd5f4ea2105a4264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b378d54df5944f95ca5f28bc780be576

SHA1
12e11deb04d20ea548d3ca45ff1ce64698b4e568

SHA256
0409db32b3d563f1fe43c460610b4c062bdda04fb23b5ad8708b4332eed52ed7

SHA512
53c9509738ba3076c5ae7859966b4bd9a61c77689c333819493bfa8702abfe6a8a4549585bbf31359bbb79f767aff9399c0658ca98de5c8c9ced665a2e76fe29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a7e6469de187f1578a57f8897560208

SHA1
f55b2e0eb7939392aa5e4eab0dfbd32004835baa

SHA256
6600ea25905f0097e201ae557a4be5d4307bb49d7598010f3a554dc8a6109571

SHA512
118b3b1a94eb761cd0322fdfda0a7e067c9170d80fbe66744271771505f34defc0a6ae7f592e447a28537a8279f0e33fe0a48f31d55ef254c29f1609d9823c20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcedf2426debb7f2bc1dc51effe51a62

SHA1
3ee42542e054a89886da54b49e7a9faa64a14ef8

SHA256
4c82b7412ea27f236374b83bad68b9903405aad72bf81801cd297c833da9c806

SHA512
ade5d02c8523429196c75eb04d25d41136f49c8e4e79b824a6dae51e68580790feca3cb6f369ed7c87c6ee1e84fa6a882d885cf94b8f88d31cb0df456fe8b618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c24de37c4a04804317fbaa42fba696e

SHA1
3456a85f86fa236281ee62eadf32f8ee73257eaf

SHA256
c24b45f6dbeaabffda9422365c153c4a43e45356c3fb198b83ed14e698603d7a

SHA512
ef89a75a9cba6b7d32d5d2e9570f448f1ea7727996450d734e7e10daebe4bc6518eae29bb4c75c35894544b45f5eee9227e155b4a6cc7895e135c23bb5d3876a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4470f4131fb00d287dc5a0669a028d1d

SHA1
8a95611b90def0c3af5276cfde55bd3b349257b7

SHA256
de6ba11739cdf066e56369565634403b6c2dc8515a264c3d311bf612c4010518

SHA512
a718d41166f815d0a10eef9133deb511c83fa6cadb5a168b1b3b4033d7baf8744d6994a340a38c9520e900260c7e2d82f56b9debb36cd9226ccb329906b1e826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11227f972175fdaad7ce4cb077f8f096

SHA1
0d4d6cffbbbf2cc206702758be29c852c593d082

SHA256
86c7f381d49ea9a5040ecec1d5e37002a0bca9a2fb39cf5dbfeb9c362a239e01

SHA512
4cf1e134132699c970e2c0c4898f4923a38745e26afcbd7f79519a2e44fd122c934b5788dc7d7eb1a1f3d57691e37c789056f1c13093343c78a243cde846ae3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a606ec3a9ebff251bbaf706cb3be0e9

SHA1
0163df7effbb427b6e9c5352ef9b4fd4ca242c1f

SHA256
cedba4718a5ed284c8af7157ac982afd1d77e22794d671c78d12b452ba158dec

SHA512
fc2eb8ccf7ab7190ce662fac218c1561e2f72c783852f7278d5292504ea6feb879236fe646ecea4a2c70d94d2924fa6680afa9125345b80f5a1ce35c0ea5baac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab898B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8AAE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit