a8570a5d9398883b5dd188db0b72011901453e6132c9cc199ae470566d47084c

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94773c371f057f7101dabd0d6d28b271_JaffaCakes118.html
Size

25KB
MD5

94773c371f057f7101dabd0d6d28b271
SHA1

5bd15c1e084bb94f818fa13776abaffba96ac90b
SHA256

a8570a5d9398883b5dd188db0b72011901453e6132c9cc199ae470566d47084c
SHA512

ed8ca29346a1c12d3be4e779f7a37d0faf948d20d61bdce54a3b18e363ffd7aed59b3183dc9052b70fe39069e181f2c11ca457ed698b0ff84ca91ae6acff97cd
SSDEEP

768:+wmYLWK715XaSGqqTCcVNcw/20Qt8l9kAEFO2OqIp:DuK715XarXVNcw/20Qt8l9kAEFO2OqIp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC64EE01-225B-11EF-8303-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423658263"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2336	1948	iexplore.exe	28
PID 1948 wrote to memory of 2336	1948	iexplore.exe	28
PID 1948 wrote to memory of 2336	1948	iexplore.exe	28
PID 1948 wrote to memory of 2336	1948	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\94773c371f057f7101dabd0d6d28b271_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
68ab558e37a713093ca22cfd3c58844b

SHA1
d6a5b1057f28a348ad742b90472f27727b407816

SHA256
7444807aa09fc7e5724b14d1d80a4d1fffbf128dc434ee11545ad8e9e13f2d7d

SHA512
a42a3fdeba6f3fccba3768159090e44a96599999b3f313b5304564667c25d980681d8ae11eddb6d73d16da477f820cb513cf6e4e02a60b5292b95e566f5482be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1d6849bbdc7402d95c50ff3abd988d3d

SHA1
e0613ed8f1880c96f7b4708d0be696923fa1768b

SHA256
e2b17afae440a0381139abde261619ded76867c0a5c86d2a2f1615953c902d85

SHA512
a3d9b3439db8aaeb742a699f113f1fb8ec78bd133ef28b2c459dd7540c89277df4ef947e03f65124873b185b03453671efc118edafe1354ee69644768662e5e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
70a07e675b58ebd6561f37106fe522cf

SHA1
f1566ab2e1d86721b019784d9d2322fd25dc2325

SHA256
9dff8baaa44597181025005fad807b94609294362b748d58b323dd771d165757

SHA512
e7aa5ec15b3ce718db687d00a8ab6048e583d4ddca9ceea686340094f907615a635de66de0e38d5368912b32a921a0c456e11a788e5a07397ea3c4871a77a8df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
532ce936f275f69a6ef91a99dc373304

SHA1
a6c6f5b259465f804edb1c74e94a07c038cd2dd0

SHA256
597ae687182d7609fe5a9636408a22e40362e6de96665b814c6f321f8efcc207

SHA512
24147e98a538856c06d55721b8bb80fc35f3a7228e6a4f41bcf806824419cdc00c4989dcd11c84e22b050c8ad1e12bf80544f7ac1fd5f4491a9bd165fbc11759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
80df01fc14e9616acef68830fb9e8bb0

SHA1
b6578080066d2784277fff87dcb91de727c0a995

SHA256
1384dd03f2fb98f186d13b51b2dd0608ffd72321f75383c1f9c3ba161fbe9402

SHA512
bb0ae68050cc9a5de1b0b2b472a248fd85625189826bf5f16ff2458eec7acdb3dc63b694ae0a541df78a104b4e322c36123b9d005c47322ac6ac40c251edde45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ad1bb998d41da6d3ddc72a206142c499

SHA1
823b1e053160bde9e9d605c707b7bc685baef378

SHA256
d5d384f526eeb5ae2c331a8f5cf598116bf93a22aff0935da0710bce94f0f94e

SHA512
bcb4db6735ed37cde5ac111874575a3cf705aa1ec910296c36e54a361e0a9b78d15c0c6628a3d35213438530653fa0fc043082e032c45d4061b9a5eec1f74e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8e33d2392ddbf3b9491855aa8c78374f

SHA1
4724d19571c9487b8e5ed9fff57073495f61a5ae

SHA256
32422ee8784f2a17883e62f8fd437cbf0f2a519fb6a7d907648118f67bbf8ea6

SHA512
224a937fe8e004631051d68333e210081b2eae1dff42943ff03763307e37db50dd130f852b114b07805a7edbdeffd39b625e3c18fbdf30cd5408cc41484057fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
648fa979ce4433285c3a805807e116d1

SHA1
1e64c4aeb259d3d09f08bf9c329953999c0313d3

SHA256
135e03495d762001c43d8bacc0f684b6c0357779b5e6eeed58d56778e20e8ca9

SHA512
aa4ef1e41533094733cadb233d02897e329aefebf5b21b235427df87ca16316dfb446164714adf4af2726038f04b673393929b30652fb0ecf763a3f282ecbb54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
83901b649b307d56186d0fc0c5570813

SHA1
59a8e822a9190a7b69479dcd7efd5a99c59f7c19

SHA256
8c9f615966460d62374da960adfa4cce328512a831ea2dc817ae392c3fcf0dc0

SHA512
ec60c18f3ab8d925b7aef1c755584f7e20a76a672a59d1d7c50ce8f1e353acf5411ad8f08708bf9813e810e8a78516f1798405b9478d0802279c1f6cdb6cf376

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a2b0c859ed47beb4a19f4b7ad45b4c1f

SHA1
5a8122536de69b20e7e439a7bd6dbbb6df90735d

SHA256
38355fc3e1fe27783543609d273a188240aea26df229120cb4e31c878f941699

SHA512
ccf9f1d27654bca2d3ae334dedee12fd918d1be6fcb8b9ffb410e8f598bd4499c55b097d33baaa89108648a9c19421c37da5b27be4b8596f890f18f252b06260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8152c26dfc0430b53915d3bc78e0713f

SHA1
3e20e954d2df06179feae690520b1d3798c95d5d

SHA256
496a478eea6b229c748aab133fe223e2e13c00e34eaf53993f6842fe2fe810ed

SHA512
684a4d9b8cc4e1825eac9b7bdb0f3d76d4a4ebcb27f7fe38430cbcaf1db0235cf5eda91d96d623d4693ed6e7ec9fc8f370a2ed8190f8e61778385bbb90120f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab29BF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar29D1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B5D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit