3a454f0e85e62ea1e1ebba28d2c239805c991d3cabf8475eaf6678f21f2529a0

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95452e60cb619398cb91ce87bdf7afd6_JaffaCakes118.html
Size

144KB
MD5

95452e60cb619398cb91ce87bdf7afd6
SHA1

a2e1ce14a4aea0abc9cb1a1d89e86300af65c29e
SHA256

3a454f0e85e62ea1e1ebba28d2c239805c991d3cabf8475eaf6678f21f2529a0
SHA512

038e28b2de860f68b135dfae8801b73712e9ec81660641ccd01a66608321de13f38fbd6c9c861585d4277689dccb844de11bc216fadefd690507f9f4eee40f56
SSDEEP

3072:S/bz82x0Tnix7dyfkMY+BES09JXAnyrZalI+YQ:S/bz826Ox7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423674852"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CC648A1-2282-11EF-8745-52ADCDCA366E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2776	iexplore.exe
2776	iexplore.exe
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2216	2776	iexplore.exe	28
PID 2776 wrote to memory of 2216	2776	iexplore.exe	28
PID 2776 wrote to memory of 2216	2776	iexplore.exe	28
PID 2776 wrote to memory of 2216	2776	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95452e60cb619398cb91ce87bdf7afd6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ebb13188ed401a76ae8051c442b4b53

SHA1
8e6fe9ac132bd8d28722b9f5eb3199ffe7e6a68a

SHA256
44108915a36c177c5b89f69ff88425d3a5f5c781226eb91b311bb645b27536d2

SHA512
c2071f6cae41c0070d5420495cee6e1abb2e0cefaa4084ad84c35fdacb7b234f1d7a1eb4c2b435ca4b91ef1f7ef59f771c766cbdeb2262dbcd5cfed53adbca6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d8b2d6de3d4643e87f02b110c9de27

SHA1
ba6882f1981d32d72651c5cc8adbb5f9dc3b9405

SHA256
7d88cc59451d038d8d61ece061cea10be655c8bc3c04b8ecff7d8f97d25d7210

SHA512
b2564c5d3f04be7126d92120e6e14043a3d1ff1d2013c37201ffd76d36289d9db0bdd4d6aba114ef1cfd8daed6c1178c8d6784d0c6bfdfda3314a88bef09079a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
213b095d43883323d74227c2da1e0cce

SHA1
42e38e2c0cefa2ce90ebaf6545f4cdb615e5dbfd

SHA256
e2a9440500958b9509e9feedeb0f29ea84b9b3ad3079b64a4e4032acc6a52911

SHA512
5338b52b850a128e51b5e74f4573101b3b564ca0f52bda4f6d76bbed7ed7c87c8ff2795b5e6d33572a7505a820be9a69c0af8261d466120be507e4ae3c552ac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d28109efec91816f2bc1c2f6ea4d656

SHA1
a6bf37200770f04a49376bdc7d92603e6982b33c

SHA256
38157ff69990b455c5e51038245ca6fc549bec6ad666dbd0edfc081cc19dbe8f

SHA512
2913d61a98877184b36d758057b45dbd4f23df735eea3d502d2e963a40adc9df9bb9192a3d844ab3c7c2b4cc736b9f1557da2efe930edcdb769e68d916376f5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad51e76b3e48ccd61d33e226712a3726

SHA1
6ff3521422dcf77f6423d067907344308b0a2c1e

SHA256
58d05adffb50f9a5e9e752824ca3bce2d09d51337c4c9a426ca1fdd9455d18aa

SHA512
a70a4f9333636ceb7ef1d2e6f1e6f9ed0a360ce2e8c0ef53c3b1477f228e5a6f7ecd3b3be513411a78c29582a665f025ccc84a12f1968dd4d14a9df2a55dddfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f0a83921f94e59808eb9171644c82ea

SHA1
46d3fc791571d1cb489d6c4162384cc622be2d69

SHA256
5bda75bb7fb59e11f84272c26e068bafc68f27af610dc7a17cdc80e90385b486

SHA512
dacf052c658b84878286dfaf46bab91057990ad032be3462b33aa062aaad4904d962b88ebf3a473daa7447c4c75bc72107521ed819e549e24a2953f35c88a230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dc65d376f3ca4b0867e136388050b18

SHA1
f5042de22a29fe8c1a91d66cfa95c03721202340

SHA256
d5728e49cd52ca0ff19b2fe049c0faf2fbc79d9c9be20e2890fd657cbeb0d06e

SHA512
3fa10c501a10ad28929c020881c368880a33226647ba27c438b5aa419418905178d2da49ee71f1b329caf4ff77bf0ecad98a585de0ea193e6bf81c3570b8d9ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2e6eb8dd307389525f1ad505f5e5f8d

SHA1
a2b439a17c9677144c17337fb73a0d6b260d49e9

SHA256
a2171d872f1c70d982daef49ef01572f6259b7b390795f405ee4839093eae2fe

SHA512
abe563fb1b6b3d82e8b74592d00c8bc3b27b50ddb3d551d913816b871b4867bfe80741cb1ab24984dcbce3601d10989469d3f22713a8116cc28e6f26fb0b5cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98e68c5875bc64cbdd33907be88a22c5

SHA1
bd980f0e56f828873ef28e2120a27d5e4c3f933c

SHA256
c5b7b0f8fc0c26ae01c75e9529a460b6aa49e2f1a8799a7daf22971f7640d06c

SHA512
e5fb5d061f8fc1037acf8a742c9c6edd10e185324efdadce29f7fb2576e3e08d7aa010674ada50d196927acb5518ea1c7998f2b00e0f848096934bff6a5adc45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c50af69420aade034c642234ce171f40

SHA1
3d7920aa993c3c55f81b13d3c247f98b177215a7

SHA256
5da20fbe50ad1852f80dfaecc88e9183beb5e799727ba5a49662f464ab45a9fb

SHA512
0e38c51ce66da14f7ef7c194173cae6ad08c8fe2e628a6ffc1720333e466db36378f663919fc76bb066458109c1d3457237ccc85d7d481e2e889c1646d1e43ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15c7f9206127f2b208775ba98e7a0be0

SHA1
03a03a1ecb018a9e6fbdaffb6bfed1aab869ca70

SHA256
af37183031db09684f4ad90a6cbc3a7052e00f4e0f8d36e4e6267cf1a2ba1101

SHA512
398120a5ac01cc8a4144e51f27e515a94b5ea12ebc0d17c4e83d1fe9c1a1047f78bb336a702865e43fa5fc0608f249226eac2fb51c7572fe5c0e020dca479331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2edeee749b3192024b5ff3fdd0eedacc

SHA1
7806879fdae366505e4d544fc822c56fe494c739

SHA256
7615e3cd37f9f2926f49dfc3ee5540444893c2f672dd37d4bb0dcb1103da8ce3

SHA512
43da590041c0a37326855b04b9d7ebbf41e670b8f9ffcb8cda377a4bb56ede98b230b5d35d5049460558121a0cc45620759d35863fe11daae7412894bf5ad0a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d37ce97d36513a83ea6e5ac6ff018ac

SHA1
568aa2b0f563546c97f64053846d09f7e6b6fb38

SHA256
5df3f72139a72740f0fde4f92d16b5aff89edba8b86efe6e7213dc42279e729f

SHA512
827c280a57499da361a1460c03833aaca44c129b1558f3ed4a6aa116d99eada49d1b755965f24b0ac6111ca7638914ca99e7673d5e7886971790000dfb5980bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5f22523d87250c1d04ea487d882252b

SHA1
b222b701b136d1b19b9b85dc6215faf072e2c870

SHA256
567792330290d3748c7e958ecf3e219410253280d7b4092df9d449df5a721502

SHA512
95be015e8600f4ad35241144ef8e1a9398b4e5885469798662d95df6195d07071f000c2d5969e012670d5430a3d7e0ef740e0bf07a010b66886ffc0880a6f737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3186545535ae569473a45a9901a860d8

SHA1
0af9c2c0909836bd3f37c6931fb0e1eba397a2c2

SHA256
dbbcfbef4f4d720abbbd31726ab4121e01c3094427ceb6af039decf887b480fd

SHA512
c6ec16bd50bbf3922bcd78dbb62227e1430de03f83b72c309185a4e0cb5411364a58d774b4bdd0d3116fbc2b41ae7d1ca781ae0e5317cc3b8113b335c22df7fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f84e0640c328befda08c5a9378b7fbf6

SHA1
5a343fc0cebfc60d0446efe514d12e90a835eaad

SHA256
d1632dda747a21cf93e37892db30a2e89b3cb0b96f0d5ae3729671f716891e42

SHA512
f8db56efeba80543a87c142ce9614740f462cc83d02d69263fb864da6e68d936fe83431caae021921ad1f38425a1a6f28bc44ddab333fd20fa6876dac60f1048

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff09a59aefb76f73065955b25d75abe5

SHA1
638f85c5177ede5d7a5663eed06bdeebeba3f4de

SHA256
13064127f7b78ea4e480809b58126adf584f8aaeaba852968435b946cf754313

SHA512
7db8a542c2c533969df5b3d0e8a52448a0e0ccfcd119eb732bf56ba8ef0199c0f731a53be3be38f3a424c20ee7eb8b70092b1955b5e698508e8adb7a3b6a068f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff81d79c07d73887c28f13d9e8a7e040

SHA1
f7483fcc7ceb0db5f8ff1f7e0fc91cf592be5b39

SHA256
05c1d35d1acd24f9ea9396fd1919ef68c8f7ec9cb0fa3c17fcd9c9f4262d3243

SHA512
c31cbd32ec096ee0e07b2ed838f6b81ecdbde6e5a8b8a2a571d22e3bda5ec0a70b1a0b3aaccd0a84631cc876c9818f1b0f8271071839567dac4230ebfc96b5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab197C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A4D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit