5a7260913168f90166630482077a963aa5725eef50202f9d888d77a74b63190b

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9248efd5db27196f945f24ab224dd549_JaffaCakes118.html
Size

23KB
MD5

9248efd5db27196f945f24ab224dd549
SHA1

c197e40ba74714f028aa4b714c22f80e65bd242f
SHA256

5a7260913168f90166630482077a963aa5725eef50202f9d888d77a74b63190b
SHA512

9f72b8f4c55e1f31f81009bd73f7f62583490df4c965db6ed6d2919fc3cf039db7e79d5c2d69af8b615ecbd558c52861bc161fee92671ee4957f753f3f5efd14
SSDEEP

192:uwrDb5n9cSknQjxn5Q/QnQiezNnfnQOkEntEunQTbnRnQeGLnLnQtnqMBTqnYnQ9:DQ/4GUlxk

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590733"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1CE3411-21BE-11EF-A7EB-E60682B688C9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1208	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1208	iexplore.exe
1208	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2620	1208	iexplore.exe	28
PID 1208 wrote to memory of 2620	1208	iexplore.exe	28
PID 1208 wrote to memory of 2620	1208	iexplore.exe	28
PID 1208 wrote to memory of 2620	1208	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9248efd5db27196f945f24ab224dd549_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b01be69be3cfb80dfe00ae88ba5537e

SHA1
cd2f2da12f41677216d8d7f176e5d6aa02cdba75

SHA256
44df97b40ecf6876e65ac58ee2772e6a9c14ac2dfdcaa99c9ea02f1ea9de258a

SHA512
c75d5b0e201058b326edd26cdef33b41fbddc6b9bda882a10873e63b27cee0fc22ef5fdb747bd181c685841598fd8762cdb5c6be982dbe3715f8a2c3201a2f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8599f9957046e2056d36a97be041da50

SHA1
052052346a946213a6faae5edfcfd47769cb48b4

SHA256
0b1d945d0ac07921b25ed18ec7f0a85091b3fa5b92d0c6733722022e17c8af20

SHA512
87696e24ed71899d3f400cff501de93416227d37659a597308b2cdef421a0aeb05fff6d2e772c7c1abab3f7ab7b376400e3b9fe629e3b84c725fd696def60fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db4c1d9ba443219a359a71b95bad1e32

SHA1
dcf238176cd9eb7c1ce9104c95cd8cb94f459c72

SHA256
31bac8d7b88ca49275b5dfc4c72185fb038653cf3f996621dc7f15cfeb390f91

SHA512
3b00caceccacd93aaa7dc4a0e99b732faa056ce5a870dd54a95ae77b32058fcda5deb961e5ecf360bfc7c7fca654d932f60fc8fdfc5501f786aaf131959a220e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27a8e7dd342592b577bc2884654532da

SHA1
56f6f77a986cfc03b3f79a24870fe65d09249b68

SHA256
d42b7f0c97e8d6daffa158edd6353e94fbcd9643d7f90de0d13a02138cc73a29

SHA512
ebe24bcd8336fa26f66efc2fdd8d121c90a083007ab6054bdc2f2cae736ec34a6ff210d93f72c528455f2627f988fefdeff03f0e00e279fc8b0c28e57bcaa5b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27767bffed62fc6039fa3289bdbcc533

SHA1
4318672799cf08556a7ab1076aeca5374f08eada

SHA256
a60032a97431e66e26eebef565fefa3aeed0f68222c244d72f81efd09aa26d37

SHA512
a29277628daaba3691fa37db661980b8f89754c73534e12c0d9281fb220850e899a7b29b2884021c1b26c8afafdd267bdd97a62fef195bd481c59910d59be5dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
285394cfdefd3eeb84b4dc8d1d624c16

SHA1
6306cee6959447a9a644545a72b40f0c7f14ee38

SHA256
eb14c7f6c1b6885f9c82efdb098f759e702ccf827b5d63143b16806c5a8442eb

SHA512
d0a5c9ea11b6dcad5044d5602473db86d0b7b8de1e234f3f0a07f57f952a75f6c59141b4c7e1aba7903508dbb06415f0dfb784599e8019aa482d0a8fad3d59b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ada89fdb362991a0f2118e31a9be08a

SHA1
76a37e6b27a3bc0dc52edba98bae6d36453f6690

SHA256
3e825d2911c3f484946b023a9aef49d1b4797b2ebac5ec1f188327c39cc3d77c

SHA512
cabeb658bf4c859ecf8b2883aa1f90772af8fefd46edc7f94d0fbd56ed834794340f846649937382e44204601977ca15a1710d5202f4d3ec42ef56af92ba3e53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59f39a67d9a008144368e5dae1c19169

SHA1
16cb21141a448b72cf1c9bff1b93c51a6cc1720f

SHA256
24c5a432173086ce3b3a358b9caf3b458965864a739d8df4b2d9011b3e0d542a

SHA512
2e5180d600465c15892ed3d8dfaa5630950ef52ac0bd2c64b21deb80e83779c29471eea331a9263a68e7b9ca1e9656b1bbf86f11b9e73b262d7946edb455037a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a68e7816dd7ff683430be67743e2374

SHA1
d7b5a54e07707e0b96c3c3200a9acb2577178496

SHA256
c7380c72684b8a56965d44052868c881547fbe66715c2cd005fc878e14b38969

SHA512
0beb354c39e687654de75c7a3325a46fbb55b5039423f2c4529612a21ab540bf4da2bcd51f24622aa2f164b8b79893e10d1da78deae76cf473dbd0ef7e51b112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2346da0c69b70b7b4ebdad3366a11ecb

SHA1
d0f2a86910a8eb27eee281fcc804366612b16b50

SHA256
c20e58dd15aaef483511676cbbfdab260250332f0ab51bf9b4710ebc1e3935fd

SHA512
fc3c64c6856d46b39617644b0d7942646161be6e3bda9eb31297ac3f3a8acf585bfa6a7ff6cbd7f6f4cbb6cf844394d78cadfce7ea65db388154bc2f51c40046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ec67ec963572253bf520a331ce00810

SHA1
2e9d3597e04628d9c81f04b255092c867c2c4f9e

SHA256
84f6c251115da2f2895ca7ff707c3413ebb327489fc461b13b5ae591c20a9344

SHA512
5752a975965a48cdac646d0ee4634e1e686db961983840a68351b44fb07128a72b17f60c4fd358cc0b83eb57d46c1e603d900ed3a28e4e6978818658c9d3f0db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
caa1e4605999413688ab4d9f06ee8e32

SHA1
f8d0a71ee567e8739a389873efd5b522e180d041

SHA256
769aa828a62c30adf4e6cbe606864525d19b4dcc110de96588c1c9c9e80df1d6

SHA512
febd05d28f189490da2685a8e99e2a0e954ba3cf776c9cccbb85d218c46f89cf2183252cc0bc94fec45177d947b59a2115965fddff48870005289bf68b0f5337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cc77b600560d7572faefda6d8e63919

SHA1
46020cdd727476b8aeefc6605e4cda0451e764f4

SHA256
3dd647723e8a2afb8f91e10256527760b07539b89dd03a84c187b9d5e814deb8

SHA512
e6e40240867df260371131fa5676bb3c161665caf8474ad659ed37968512861a2b571ff137f9ec5e13147ee3467b00128896e5b0357426527f47accadcd35dce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c77717bf84fce86af90321bd00a76a53

SHA1
0eba4e338267e0ce7415a79cebf86f0e26e7e4f6

SHA256
f499b38595e266233d26c734953bab8c8fba82b45d450424f43ff321db6551fc

SHA512
b2101d8afe69d22ec2df4ddd072f934d8ad9765d52b0adf5f34023fcf7ba7202e6d2577c1dc089dfc95e9d142a259d2a5c2c75b7e80494cb15a820aee6151c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A37.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B38.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit