f9765b515b5cda2346a3560591dcf50e902cb7493b51279864a992bfbf1b7f62

Analysis

max time kernel
65s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96a2c126a71dee29e4e1c8845c7ae682_JaffaCakes118.html
Size

169KB
MD5

96a2c126a71dee29e4e1c8845c7ae682
SHA1

aa9a852d28f4ae9fb1440c10befe09c0bc394d42
SHA256

f9765b515b5cda2346a3560591dcf50e902cb7493b51279864a992bfbf1b7f62
SHA512

1c8a57a6d121ac549123b2ec7c0c30a06664006a2f4d309dac091efd83e607b7bff49368c5edca7693368ca4e08ccf6ef7f8140c0e3cf739193e7c83d7ac3351
SSDEEP

1536:Sa8qeeDrGlVw7pQlLs+/hFnyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP06:SaXDOnnyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD871FA1-22CA-11EF-8CD1-FA3492730900} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2176	iexplore.exe
2176	iexplore.exe
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2356	2176	iexplore.exe	28
PID 2176 wrote to memory of 2356	2176	iexplore.exe	28
PID 2176 wrote to memory of 2356	2176	iexplore.exe	28
PID 2176 wrote to memory of 2356	2176	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\96a2c126a71dee29e4e1c8845c7ae682_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04f24fd416c4916d9325b4e0f7b6eca4

SHA1
dea0e0d61388c7e0be6f5de0b66684106e51f583

SHA256
967f83ca699e9b3211b7848c36e119c8e1a10fab8ee98291063ef6baf420a678

SHA512
62dbc689fdfb3b126da2cdb2a835d04f27df8843eb238471c308550432bd3ce6d9dad697bd2cb323500906e0ba87367abea7a88157468b5b3365f6a9949f0601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f76fbb2071a0101ad01d03fd47bb8af1

SHA1
382257490e0af619d9c1cf517099e79d6b464094

SHA256
5c534fe032b2ec0a49da0e1051a9557ddb4345e68ae6b63801fb62b3e13c4d0d

SHA512
ab0b8a229d863dfa0822addb32ea1002d805ef8efdd3c68f550ff7c8d5d69327383600173d34921cf675a80e3a16a27421455498517036f7a2a02bc128df3bf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9077ab88dcbe4ebc75a4642b5b32676c

SHA1
bec2ee3aa465b9edb5553025a77aff3c7fcbbe6e

SHA256
e2747444584fa74162fa162b639b94459530c7a22e9481c29b5647bb12a08cb7

SHA512
de04a02a5b40da06e6c81118eb7334df96739fb5545af4adedea7c4fcfd7c0a5923e9ed36ff130fed549fc977bf801881a704a46b805f800cf0e55caed9a918f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a0935e6891c5a2efa0cfbd7a0738375

SHA1
5ac76ff49fc7fd36fddaa9fd6a2e8ca9a79f5e9f

SHA256
be299fa628d45269d4b396782308d6ed2b12acbe359c40bca5c2151a305b38bc

SHA512
e18ce90213bceafefa481d8c2ea5be2bd2f5909ccc15b63ea6f263a48e5d26a9d9d345be3c8e2c419302f9a6ec4656661c32061efa78ea8b8c64407bfd2e3848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fef3f2c5d66fe2e9f455b5000da3041

SHA1
5328e465b86e9b193a8bb0bb0fc09e9d99783125

SHA256
b25178258396dbfd91ffe44052609d29309a0715eb1f40e7a22ff5e1ebf05029

SHA512
8b565db2075c492348e423c139ed276d409811792dcd39deb6913fff2a507d6e81d1d1444ccdd6742dfdcab39f2935a70479c94517621f69775c86edd66604d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e803bcf5edd98046507d414674530295

SHA1
dc626750eb25722340baae167bab2f6b3386c039

SHA256
f15827bef291ff78630bbbe1bd4f524128a4b6cc49ba9d0f553100846dbec8ed

SHA512
330058b90e3ade22d1e24feb3041a91e734afd13a2aad9bf42b7ebd47afc0b8cbef395c409f6572df6071abc4b69d2b7352ed9d5ee853e06c1244373bb4fa96a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72a3f1adc2b44b3a41fc41893e01d9c3

SHA1
788595c9d0e7f9391651365493b0f032f1e0f6b5

SHA256
7d3933629ee6f9f84dc22ab0dd77c860ddbff5511acb594b863ec82d0681e382

SHA512
f054697eb0c4e46119557862c8f60806fbd1dc1f32dd184136a0141e03b1c8d56a5239ef21ecc92ccd0cbc9f444f41753d0e1248512bbd1351835aa1eac96993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be0654a3bdda9a5569d7c40bdc5c8e84

SHA1
669220f3f1fb9a8be0fbd038a5a510fd88aabf35

SHA256
e085c6e414fcabbf310db344cf748704816c09bf8389460756be81bed3dac057

SHA512
544c2b69135817b2063fece853c5189cb1fe9f37f877fc145673ca867cda62b515d32bbf26a8c4540479f54d1d52bd55bc7a98121902c16fc8f85c299ac0b337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a37c01c9b3513ab7b523db5ebae78847

SHA1
a203a63a7faf0e8b70d654b94c0d9b1632336e3b

SHA256
2b3febcf24c33f678bd2dd838bd305ebdbfeb75ac84eca6bb36cdc6ff5e1cf9c

SHA512
939886c88e72b746b74d8150cc2e284d71705d02e1c00511d78099ebb61a0941e17b07302f41f60f3acb8c7e45b22a956e4efb057fdb89e50cfe91bca5867ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1763d30056e1b432164544c8a0416b7f

SHA1
da263ffb55880c555b7fdd81003ff2885aedcb48

SHA256
39aba546ff68b74ec38d04761aef1c614b9f70092470377bea189797a3a06ffa

SHA512
591622841a5f6bf52a5a908c2902505f0f6885151eae607873029a253a75f6c3e096fb9d9f5df8558d0f85e877b52f77c5b389707858665888c0c297219fd2d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b13f37bb7f0919933e55647a26988d6

SHA1
dada7ac71ea9a28f9479bd5f360b06bed053b37d

SHA256
7f7602e48d5794a79bc95de0ef9333b85c14d53a911aca1e9a0435a33a801269

SHA512
bdda4bd8ce32c253ef8684c5e0bcde2b3a3338abde259259df0a8347955cb32bf1e88f4cb4ee82cc8c07849422e5a29cce9adfd4202ad0549b928773c33f39ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7db112bbf83a1da1fa68f5b529b8bf7

SHA1
bb9fa8f12856adb09e1ee17471033950aa639ad9

SHA256
93dcb540b18eace3c8ce0902b19aa0262a5ad1a03f91145ec2571d3f88bbf5a3

SHA512
067ecb6f7bcd706d557f17128da81cba20cb9dd9b6253334a38cba87e975aeadd95a6a89f2dd37746894932bc84ed15293cec44fd0875cf816ce297a591c8841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15b48c6fc8fff7c141e8d07c9a7b1dcb

SHA1
5822a3cc0bc72a46f2d092397332fb8183808810

SHA256
426f058bc7ea3472bff39843a8d28af6f2734d89953cdf82ad88fdff965ffd44

SHA512
ea25d75aec5b7672e2791c762336436cf1c7f2c60a817cec3f1ee6a2ce00dd1f56bb9597e8b2622e6b62aa7a447e3bd90faec8295aaf7cf603ea3ebc063a451c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea321411a8a7fd2eae52ff23458287d0

SHA1
0494d87227f93bd7e2760f50704d7b6435be62bd

SHA256
68a0729f7754aea97a59fd05dc0ac641dadcbac0b18b11ee9f5df49f5d88e855

SHA512
14aa62e5aac0e6fa776b226631f8ab400986118e706470bc0cf058d5dad857a556ec57adb423555b8bb1f8ed02f7fe3cb40c98ea0b6844240f106a4643ad81e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
298423ac183e7e0994d357948defeea2

SHA1
4b5f30ed036ead0758c370e5e262cd4ce6ef4028

SHA256
726a0cbdacdc42f937b3dea9c22dd96096c2573a80fd56303fb61f59ffd8c29e

SHA512
69ce7fe0bd471d147f4b174f4b59ec9b1bdb71ce9b512c8a0b811e7fba323e50025ac3236ec371edfc2a6fb64b8612cd06e4e40c655f39fd13060c15a365359c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
585282ebe0e94d6b3fd0a87f67097990

SHA1
707ade00731fbd5cea1d012f1476463e3caccf63

SHA256
0caaa18a371e91d2148be00eb7d2c73113c85345dc7ed98f442d8397d424d8fd

SHA512
023d763f9017b27babb77f3b3d94d7882a28d72f23b36f89f546704745a11f6e991eac0b26647ab2948315f0e17edf701720020393942caab5866ac313a11db3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3297f28f6b09fa5ed235706b4f87c6c

SHA1
f283511727e02ba676b54ac23d57ed8ae1c4495a

SHA256
5f63fe568eb5ac17bf9deed3eeeb309e939165332a8ff65e05e688b0c931f2a8

SHA512
942f4f2312bffc629151b5c2dbd0030843850ef2a31ab266661d96ed8e8e3c6f5a45c87989dc516092c47b7497b80e083075457c57586206e42c9ac4b7f35d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9f6428ae424f6412c8f8e0e47d15f65

SHA1
ffeedb80878697cdc8a757a0df8a1ca4178bf1a7

SHA256
1a52c4f3ad04b64876d4aef02a59703e3f48c73b59f64759269e82db4d6ca3cb

SHA512
51099bdd61ef9a53343764e943ae4f307bc2aa203ea311fbba96ceafb34fcd173cd87cf9146b83d92a9f542b5a7a2f2c31e97b40894fbdaa59454c275bd95b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e51a81751e942b2facfe54a476a7549

SHA1
3c262c9957f11197b2ce604346f8d19edf97d27a

SHA256
8d9cda9a4221a808efb1e842829cb56f25de63508e16a85c8536efc4c6b6cfae

SHA512
af1e5a6ba610222fffba7993aa17f37b8e1711db7e204853f5e8922c0aaf610493f9e56c7c8548e56aab0f73e2b6fc3b40e77446e36ffb9a24d645c4c84b8446

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10A4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1177.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit