b9c9e9cec1b0f9af89f7c357fdd8420938140601ef6c4dd828c8267778d568aa

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94f9de5c0452115034964da2acef9582_JaffaCakes118.html
Size

18KB
MD5

94f9de5c0452115034964da2acef9582
SHA1

8eacb7260d1c79a4d6e3fca742e434427e642698
SHA256

b9c9e9cec1b0f9af89f7c357fdd8420938140601ef6c4dd828c8267778d568aa
SHA512

f3df4c7f8cd9420c183282cd2861c0b00904d1f9778122a0a00a4987220913f6b0fd1c8fc90905de8b8f5dd8b54dcbc64641ee694934fc61a7c9203de46da95a
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI64kzUnjBhwq82qDB8:SIMd0I5nvHDsvwpxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423668741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{615E5EA1-2274-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2860	iexplore.exe
2860	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2456	2860	iexplore.exe	28
PID 2860 wrote to memory of 2456	2860	iexplore.exe	28
PID 2860 wrote to memory of 2456	2860	iexplore.exe	28
PID 2860 wrote to memory of 2456	2860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\94f9de5c0452115034964da2acef9582_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbace14743aa59fa18bb975698371792

SHA1
bde6300c9aac3e0484c22e29ac4a90a9671a3a70

SHA256
28106be4a2a59b7b84a3eadbde52e6dbf08bd24b3794f28fefbdaa9cea6a1e83

SHA512
a3fbc92c4ad20953b80689aa1cccf20c50b541100224f72d4b5a7539881fa89c721bdb756bc431c6b576cdc07c8376d21e3a9d735335d24cdc084fd42119fcd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13deb45a0cdd04d6d98181360b929369

SHA1
32833d537f632bee206fab5c50553ed97e6af132

SHA256
834a3ce2e7c3ccf9bb4c0e5272c075145cc2b518ddd905f9ee87b49642a7f314

SHA512
ec10b29f048cd7e00e379a2c8c0d2d6e054de94ec97f07fbe7789b23d3a11c26c3c99c640dc22d10dfd96a8543d61dbc94795210ef014017714f7514da600630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
013795bc100a58e6c33db2d6c9d6cd79

SHA1
fc6acec9b747250596ba70c93e2410f6d4be0e09

SHA256
b8ed873e1d3cd0dd0fdc1947c1856d71c37f456ac7e445ed848942e272a7751f

SHA512
e4140546f11a543bed931d80c59af33792931c7e63cd9bb3ae4de9da33936e6098456b2164658c6a51dd526bd1aa70552230a3c05324e48344a8f56ac74b890b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd0b66e65aabfc262705d6e1c9e0ed95

SHA1
0a4bd10ea8a1a6d36f5124c921ddae760549091c

SHA256
2326e9da30fe9ceaae65d3d007cb265995476055b2671dd515e54cf80bf22d37

SHA512
a8b7c89fcb362f7a6436bc5c0c5360e73a1a9428d9b28d25918cc5cf23b2f404d9092ff7c8824265ad9faafe623c23de3e5cd1544bb0dd8fe47867202fbdc775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8e62a821e3e85b8713f1f62f70e4fe9

SHA1
354b46e8b9fed01cbecfe7080496e66c0c925c9f

SHA256
a0eddee8fd9d141bde769f935d605f79bc5ef68e9906e4ac2f5b282b8cbac470

SHA512
39281b349e0afcbf27e74818754901f253c3b38967da558ab4865de8bbfed5aed2362c9eefc506c03a99f96583284e48452d0d909b2d4e5da25a8433c816b8b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf6021413255c11d452897e7e4d00eca

SHA1
050ea197baed2881fae21b1888ac5c648d4ebe1e

SHA256
4bf8ae0db85c3b0e97730fef108931af5e0c17255ce0bc76cfdf95025faa26fc

SHA512
dd545c99e988342ec5c97b9021ceca91d9bf27584358211a6094fd3d5c098eb57959a2de9dc2c8c05f14594647413ec9c7178137c067d833530e6812f98b765e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7144f4a3d6c918fadb29527bab81dd77

SHA1
b334cef105a984f1edbe0df8db624d2bf4531157

SHA256
e0dd5ec6329cad8d53a14e149a1dba7df9790e7c91c27ac94dd4e9d4cc67e22c

SHA512
de940ab8f39eea8a80a67a74f72f910a37357a7483afef92f83bdfb5086c9acc5e650b78eac47f1e3d6d1797413fd3a2f19f1361d9437af54292bc9fda20f234

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4b583babf11a6a867af11e9242a071a

SHA1
e6dafdde29e980dec022bc7330671c4554cfaa66

SHA256
28c681e314f1edab0770ceca31f192d01ccd48527c1d35f3bb45f613ae76a611

SHA512
6181f90aec7d9fd5191db6980fdd1303babf92ac83b9c5c92f7261a18fb626cf151f65f3bd25eadf1edb30c8ce937681c8f309674f256034b3322aa3062a5c36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5e489188d675e6c27f8cb4b0b0ae0c2

SHA1
c3b5a431ae425aac5bf08cb49a9274af279c3d73

SHA256
e653e32d6d3b8c6c5e8bb724a088b96e1856f3306c9e13886a723aa8bf29e25e

SHA512
328b487fd0f696b37705e0c18e39e0dbef8b976c8c3fe85ff59ee6452db72545f523b4b1ff860298442012fda2718a9d2c8513ae6508b377ca6407e2cd50ba11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7edfbfae6417110d5455aa6fe7b0c394

SHA1
657908e7fa8689616c165d4c67519d228abd989e

SHA256
d6dc0f5cdb5b9219da210eafb4ff59d9c5dbda9301016903ed389adf6b9703c6

SHA512
3f17412a62c219e1822a657b7ce9e56e4ee23b649a8fb6b3c9da82480e768d3cf4ff2f3d00b98d106d04dbe1a651dc9c7a325173b4ba85cbc27b9a5d0129665d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13e003e54f0a697d5f253bdb07ca26da

SHA1
4dd4002d47e228ccbab1957514eeb22ff5b863cf

SHA256
eca300eb59fd443915b9c22836d5a79212680885837781b85ce2421a5dd0787a

SHA512
31ca083bed8a7c08e58dea24f009adbcb2ea03feb2e4d97f06e8166ec6ba15d8a5d2da4f99e2634070eb39f05b6c798032b6ac655859b761d93351f6c8fcf5ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9474.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar95A4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit