d53ccde05308b4cc05d9cf9d2bffe391ab297c5521018524c898a505f24c336e

Analysis

max time kernel
135s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

934fadd876977f81326f1575ae6c1faf_JaffaCakes118.html
Size

214KB
MD5

934fadd876977f81326f1575ae6c1faf
SHA1

603b9f77bf23c10138e4a42f6c4501f441edf372
SHA256

d53ccde05308b4cc05d9cf9d2bffe391ab297c5521018524c898a505f24c336e
SHA512

cea29dfea22993b7dc9fa126130b88287dd6ff72260c21a160a1abd793ac59b6b7a9063ebec0e360d63f7d47937f50cd3cf3dee7bf70ac4b96628539d1582049
SSDEEP

3072:ZrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJU:dz9VxLY7iAVLTBQJlU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE34E5C1-2213-11EF-B1CF-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423627207"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2176	iexplore.exe
2176	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2264	2176	iexplore.exe	28
PID 2176 wrote to memory of 2264	2176	iexplore.exe	28
PID 2176 wrote to memory of 2264	2176	iexplore.exe	28
PID 2176 wrote to memory of 2264	2176	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\934fadd876977f81326f1575ae6c1faf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f259c64a0d0f88c3d455735b7c2feeba

SHA1
60acb155d93ce6196e1b8ef6c5d5853dbc4cc89e

SHA256
a1243eafbb981eeefa95e80a59281db3d13dd94b4f6fcfd28a4670f112b2f0ce

SHA512
1254422264df77cd78eaad35f1f48e418cdafd511967aef0d1c1717d3e178c80fa50408160f6baf5d33f9263642b94f1b1cc946fb13faa472e1877700bc58a89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c82c01f97dd6a8cf98f1515f7bb91b0

SHA1
7e63407a99e74ed0f1e55020ca3d4fb7f4f242ca

SHA256
8371063a097b36d94f4ed424000e808542f8987641372321822db51b92b9ec75

SHA512
e88bbce43a884b8c7b548515e0a66aea2d51462de08a5d4fd1e67a60f485e9f3a34631cedb6ad781ccba0194725fbd0168d09ae7259174490f845c5e740cb2c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d9845a9700c96b5237297b8f282ce76

SHA1
87107066c2f73e38bcd64e3e24da95d210644abc

SHA256
5aca2a44619d009a1c8b77c1b3e8966adaaf636b082b58345411de4e62d1b454

SHA512
9ed5563e4236fbe8f7824dbf939d88c3933fcbd8aafea69ad69da7e64f6561ce2362e246a3efc710f0e5089b97de7c370c52a8a8fc3d5c0087632969ee88cdf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f03c74cb70a85edce77de65fbde750a1

SHA1
e6b08eaad05dc5eb03ffd76dd033f59b847b9775

SHA256
808480697eeb06f03b950400781e54174b422b6764e164b67e19307cf95f45de

SHA512
a96527e362d2c0757ddd3b44b8de7e53934b05b6ad1b3499106d27a8fe5359d377cd5693c73cec1f163efc883f39924a973e4a137bf41eae262b890e4e150721

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f43288b57ce200779d3278a04ca9c3d1

SHA1
d90d0576d136226cade6c447a46bffa9d6b9d63d

SHA256
2f80c612b8ae60febe2708e2626b55399214c9bc35f336c628411098054a3b91

SHA512
8db1d9cb1eff503f1f5eaad63a6047df2ec6a8ab7c654063bd726029c8e200eb94878b0424cc3e4ac2904a4fb0cc45a0e820920bce5119c7f72f7785a6e5188f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0bbc5ad04c60ac12749014d0613b173

SHA1
b363e917bc965c9b2afd1f4b6822ba4f89ebd615

SHA256
d0c1bfe76d4a21beae7ae015b6b2532dc9dc85faf2e86c811843fc1b4976406c

SHA512
423690e2adbe071f70676fd3e8ec489e2d8ed0ee4c0c40758d3f0fc67c48a2743a793d1522c3833c6b4630a7d495bdd6a02d43d4efd33704c5277cc763a51f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
295a1ca782cde1189538f41d96ed139a

SHA1
c1295d33c06c2320773f444d245157135952f304

SHA256
7cff89d2786c90ea2d4b33a26bc58dfd1879ef05c58ec720f3bb1eed0ed63c20

SHA512
aa9a77f52a7ccdf66c2e63821b44cd3171a1d2c519e94948df5ba1af7e70075b0f0709a82e22cc12bfb27b64b6f699eeefb931849bea2a59fa102328d04c4afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce77efaf6454791ceed206e56a718001

SHA1
92db4d23947976dbc288b578a6a902c3312b4379

SHA256
740c458c6516c7bd9652535933cd981e12597bddf63df2466f21ed650f5b557f

SHA512
a330d1d98b88af11766b69beb9800e2366b395528499a733d85cd3c0948fa6ede2d1f25ba6fa92e1ee18a1f8833201e97ff9e7aa15905ded73452453d793a33e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96ffb6cfd2831859921e4b2298f75d2d

SHA1
668e75a87500f97ee8396922fa299ed1976a4107

SHA256
7243442fa90e3cd6cdbeae5c8551d3fb1cd2c8373034c84b9bc328717f7a9264

SHA512
a45158d737d16fba5caa71932d12affa8d287ed8efe3c716b0aee235cfb3775af88fa67ddfba20c099200f2e32be0e79a5c20574a965eea934070d411e9116dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56d678d2fc95dd67f38baed70638d225

SHA1
03c3c31f83d1cbf0ecf8ff4d273fbbe4318c7a81

SHA256
852d28f34c2a82e0874a73b38faa4bc20c974a77980e7ab06eaccb6090320b3e

SHA512
ea3622bd46845bbae2bdcd2976ac0522f1b215d2e1ff69b9bd547ab61e191c936154d3bfccf6d334f8dfe426fd5d2bdfd931c37defdd5d27ad4c371d29ee57e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09824f0b5e16a471275fe7736c5d5c30

SHA1
538a96bd6e5ed1b0f8fd46b1ecb8245363e866dc

SHA256
262ea7b790ff541a2889853b4f3039a94ab11fa77d903da452eccd330bb3bda6

SHA512
09a9264a94be02a7bd45e3916ce25a203b6dec84e70b9dbc1268fe071614ad8ce330901e8bb89455f9d109f7a32b1b02a5c8bb8ed0178088e992a9b21e782d5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70efc208af2d775dc15ba27bc3180fb8

SHA1
533782a9325c7cf21dcbd26463a957499d8e39fc

SHA256
f67c0b0e3aa2cf546a61c2fe4d382ff8ba49f59d529dc2e6198f4ac963df28f6

SHA512
5a9e8f9752d75c283428c3ca975066c6f6cbd33ddaafa1772b503948677416e1a3870dc04a967118e3250db63bc027151dce1f5881e89e21468f2b37f5aa0a0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e73ecc6f0df345aeb7ea97b057bae991

SHA1
c24937a62b9ae84d8dc4e3ec376e04e5fba640aa

SHA256
c7f6d4bf83a142f775bc040766aa59a823221efc30c03a40bc335867ffceba4f

SHA512
7d3f8ef90b778224e93e8bad9892ef70e97cae4c134359b8af13a8d88a8befc1e825eb0b151b3f359075e198e546effe87c1d535b1e74c567c691767051860d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b0f06e28599b69bb987d903a418982f

SHA1
e4f9af8a5c0114059ebfb084f3d7c9f50bbbef8a

SHA256
b423f33c11d3034e36a3fa5619ba7ea2e82e657e32134014e142e0e9aba3a93c

SHA512
8af2753f03aa6dc5cc9b6382ebab0a6f196a802fd9eb4d5769ac349cdc325632d35cb14e2bfe19ae3851dd03545d27f2112ff6bcc535ef17b52ff7400b198be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
753161bca651b6741d16a1b1d19ce7de

SHA1
71c7a8e3c0da66f8ca51f6724a1b521b21797aae

SHA256
38f248f931e710765c10b21a60ea043596c619001841eb3c0e4dbde5a8634aa8

SHA512
74990defcdcbaf2883d323e704015efbe82398766665624d3d2dc62cff87ff31208756e68699b45e7f8be2d19524b8d172a3eb7b5b291abbe8a715d51c59bc3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28079a53ff7c5269a468e53dabf5b4e1

SHA1
7af2815584c2a34e4abffaf1eb8b2f479a099cde

SHA256
a8b5302dc3de3fc66cadf0c9079b0d335b28a6fd4567bc87e96ddc3f89bfe24e

SHA512
6b742125a634797d5be9379a45cba95865befa0096d733c4b5aac7d9cee83530f7bbe1ee23c2c84576ae9903a0da9e5655a69f033b096fd987aadb54680b5c3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d1bc4530b39ee7ddff5584ff2025a24

SHA1
f7808569a50ae7db6525c31e3d82c072b7896562

SHA256
05355caf5ebad974dcbb610be2060a0f8403bf43a2d712a323a9801dd65fbcd9

SHA512
d7e28560f03371383600b8541767ddf7a33f4547b1809179dd37c51bf2acb095bae80e8d68012f3a7aa8f994dbd54f2816560e2fe29ec3e15b281324c8fc83b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0722fc89896b841ea00c508813592587

SHA1
684c0c4100396b5d340ba84a472ca66897586ea5

SHA256
31367548bebf9a3e535c92d16bad70d496f972a7fe650142bf4df36d50a06803

SHA512
ceb1bc662a468da4fa0e6e66f60e670f26d36f867d97088c7846afd5e4650c4aa448bbd6040ba6b5c65ee85ce0a428924f2e25afef36fbf288208be041697df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9412268c16a1510285a646f711bbdf64

SHA1
8a00521f6765a185c8eef62d48049f1d18c9c575

SHA256
ab27bc1237411c3b25fc9ee44218c5361160dd92147e082ac38ad07ce0e2b269

SHA512
fad7ecab14a7a5565589556c75b2651da2ac703b32b5415101b31faa4b9adcf085ba77b9195d194201fd367bb4e9abe4ae9da265294860ea509d016f2f462d5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab20AB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar220B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit