8198545b27aa74d7bcfd509683a688c9ac379f8335fdfbc870dc3febc5778b71

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

956b9f6e0ee7a208afb6118a5f2fb9b1_JaffaCakes118.html
Size

461KB
MD5

956b9f6e0ee7a208afb6118a5f2fb9b1
SHA1

c31cf432c5ba0a96460e47afbdca3a968fec52ae
SHA256

8198545b27aa74d7bcfd509683a688c9ac379f8335fdfbc870dc3febc5778b71
SHA512

0b80ffacf556f84330fdd9c1fdc77835f7ea160fdd68b3faf4d74e5136fefb5a18521594d814317d7b57b5dff65f018aef5fa5906ae016efee7bc80669c2b6c0
SSDEEP

6144:SYsMYod+X3oI+YEsMYod+X3oI+YdsMYod+X3oI+YLsMYod+X3oI+YQ:z5d+X385d+X3T5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006354f6d20a06004a9f5d7809f12d64a300000000020000000000106600000001000020000000510563de5929dd63c23bcac97252781427cd8df92f6a60706bc6945a18757886000000000e8000000002000020000000e84653c527b7fd1ff53114971687fa3190d0a037150b4beb7d808d724dabde83900000004600b59ad10890f455e35dc6d14aafa833cd5aad6a37d7e41a8b4e70651765289d1fab6f8a03ab2762616ef1dfa75b713a3a1be81c81fa382e272567dbda16f37d7ae6cb779840b3ea0c6506d1f3c517411712e80feea03bfb5bfecc95fd26a79eea784dbb3c64638a98f5752bdcacb7bfaaf7007992b2c6cb37dde5f25daf9d4cb0d703ecfea9609fa67ab6124a7229400000005322d3adf15bb8e06905aea55e2c45ac081b2c383101fc7e4a24a5dbfb23a2163c8a9280f041f0f448d72fba70ce1fd0b5071a9c4a8b4dad16c8fa26daed3e8d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423678233"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0ad985497b6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006354f6d20a06004a9f5d7809f12d64a3000000000200000000001066000000010000200000009b37e0b25a7b809db44ffc1a3174fa88ee4282fbc4744aaee0ffada488747b79000000000e800000000200002000000004302d3f0a0b6e5bdcff0ec0c22c71c85cdba1dcf0963a384bfb3417a40db699200000004644d830e2906c730dbee43fbc7b54fe937deaac799c2f7166b9c1edc095d630400000000648efb3ca131255f6d7c109732e76067adc0d7d27bdc934dcd1c2281c2ef2db39bc4d21cc6866d906818056df59547db37980a6fe2bd2c8e1fef986b1c179f7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BFC53A1-228A-11EF-92E0-EA483E0BCDAF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1724	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1724	iexplore.exe
1724	iexplore.exe
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2432	1724	iexplore.exe	28
PID 1724 wrote to memory of 2432	1724	iexplore.exe	28
PID 1724 wrote to memory of 2432	1724	iexplore.exe	28
PID 1724 wrote to memory of 2432	1724	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\956b9f6e0ee7a208afb6118a5f2fb9b1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
811791316db5f583119601fdeeffad6b

SHA1
31486f4f1cd3ae3f0e988119fd05b08a1ce7b485

SHA256
4082b10015ab1fab9bf856047f64f8b125c31f6e51e047bbe4bb7312c3953703

SHA512
9e758c4d9d7e57cba967618babd522cb016dda090c97c1b9c00fc97f26a28ef3f7927401067dde25a77a7fe246ffd45dac8f3980027b7f716bc2d31261ada193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6903584bed9d03e8b14531aa728814d0

SHA1
d5d5c341c809cce76d0ab08682c6c03fd5e25d4a

SHA256
4cc5bc68c5b138ce0d45426b62bec568ce495d3b17eaa519b88008ecc3e68673

SHA512
9efa89b199fdc7765904642a4e537026a0ef6c2ab2631013210039c30f9290ebbbea1eff0e1f84170daf67e3493e1edd1a4ad3b3e3ea02522dcfe06e6d92c268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fb263aa3c0b99fcc23173b36bd9824e

SHA1
5f346cc83debca131d800a2dec72a833a248bdc7

SHA256
8fd8ce3a7f490813d79124285dade66b6e7eb7f4e54374ec3ccfac3af181c1cd

SHA512
5404b7e721ce51400a3d882c8aa5bc038645e1091689526c62cf08062bd23115ec4dea3fedfbc288500cfc78c6ef93229146b49f0d49fd64a4398b851c1d7ea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9199f4d1faa51f1a80fd7e9f3a623f55

SHA1
bb4fb3b45f7bc41996b13b2cc912a270968e43b9

SHA256
a62c751d349075fd31acfe1535df984612649e5c629df0e462af876130624af9

SHA512
4fcf405abb5bbcd28c7b23f7cd67b4217eb9475ceb3181f92b8797f8715cd49b7c5aa5ed49cc3f4f088e92007bfb84b68103fadb0977e06e239d750b8c338978

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56fbb28f7a9a108fc3f0d2fe6f624dad

SHA1
d4f97b72b5eeac9bb71c103f31e1568813412fc2

SHA256
12cef96a67138ec5fa868170477f21ef49ce989babd92fa15297c66fc54d16a5

SHA512
7eaf0e965ed856cb23b0089fed73a594aac2617f712bb5b1fc4795a6962ded27a7e0d2c9b2345651df0b6577edf34fcba195a614149235c43e74e2ac22f625b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92546a6138cbe14bf7285be93967eef7

SHA1
ed23947066e958ce7b9be8c7a06c2ec58af8e355

SHA256
99097310da8b97c8f2e3c8d2851caebdae68f6c5512d2485fa6feb4d76e29a84

SHA512
051766e812050be975371fcb8b18cd1827678409f262ee9624c1fc6c4196a036feb5a163876bdef0787dcb6cb61f42f7b1ce5e87fcf6295332b5f1774834ee50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32bf21a18e6ffdef36e738f95d0df37d

SHA1
61ea40fa115370f0049ecb99f82a515bcc8f2bd4

SHA256
b4257bdb820d7b9be93160af2f4a792244dbb3b83cb0d70a5f3feb2f99bcd8dd

SHA512
28f0f1db211af7bc34411a5d22af49250a7da44c68f97eb0f01b59d773f1454c1ee30ba5a1ffc1b380aa80544a5b44c388b40bce871b730033e4858292398de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
765f4b89fe2bb4aad673e6bcaa5d6364

SHA1
f9649e6c413716f581f4d23eb4a49610b5a4b6a2

SHA256
c2d86388c7ceba7b7cc63649c987a969b861519f34bfbfc197bbc5c60c5ec17c

SHA512
2300159b76fbb684e0029ab4112fa648984785b1c9b3587ea555c86d70abc61dc69fdbe4a74067b158efbe716e0dc25f9f015b2cf144c2bf36e3dd603a61ba99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf771eb27049837a232b88de8f4b60d8

SHA1
ca59bc560b7b5ef43cb7cf81f1cf39fbf125cefc

SHA256
f6c7b7ed42f67dcfe065344d1a3a4606edff4af47a1e6579c12bc6af272de73a

SHA512
9223ae97145f1d8a1f1d82e575a1abbebbb3be50d33a6a87c754398bb6f5dca585113c5757d699384d9f6d84c0abab89723fcb27bae41479b77f9d475ecf1a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06506d3441ffba37164814cd8e8bbfff

SHA1
b3c094c973ec15b0c3e8bf90fc44736bb37b68ec

SHA256
81399e8bdbdc979163c445cd6d0b34132e70efb2a1a36c0c457f9bbecd8aa55b

SHA512
63410bef4dce1b66d687f63a6ee17fda19dc2e12be75934749741573c5bfb4b80f37b96c90679be4f3800e7c17427dafe95ea14cdc932368099ae0a4f19c0ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c73978e97a38ded704b003f9321f916

SHA1
fcb06ffeb06d7d1611750ee4a7eaf9fc3aac298a

SHA256
e45d539ec18c4be54555e706bc3d3d54cf2b01523dd9bedfc33cd8da118e33ea

SHA512
bb6ae8cea685fc5d1616bb197971bf61c7441ed5ded134bcff0de0cbe197b3ecb3296aca4f727ca7b6d65bbfd5741cb0824ba8ea9f8e03987af352868ef8bfca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
902572a94ffe59ec4f858c3de30789bd

SHA1
3c974f22a0cd94ef6ccf2f516380ecf24ed05ded

SHA256
152e00c38954697278dca739950e55d3b222ac3b403785b81b8bce152c52c71e

SHA512
5742b240effbeaa4331f1be509006346368a1cc769806c92ebb93f10e7eb1167f26160eae52da06d81914866f85a407bcb632c1c2b3cdd6f059dc7b11b784a50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78bcf4fc03f7970861efb7ba5f2c63a5

SHA1
af51c0f22f02359cf52035d19ae8c44df2840326

SHA256
cbccaaf18ce7a09566cc806827a59c744e514fb60fc4d5f7499685c7707a8210

SHA512
1abec0c6f22f563277b8f99c43fcc7633214669a0fccbaaeff3903530cb29b6437df5fa47b56389c3d990cce6ac559d266b13ed687face0f9931b004b6b1c29c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08e12e8c37c41ce57ed1cd755d101cf9

SHA1
e33082504d1566cf912e531a12949ff6a32f3ac0

SHA256
b08eb6cf6bc6af6392c828689f902b81701018ea226a9447124eca7e2fe56847

SHA512
22f80e5f1e1d2f653abee70082a79bece774cc8d450ee37970b9da23dda47536c5ae13ff2d11f782e40818653d073a7f9eabd084686337435822437a9152ac66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3096ef84b9bf65285d93a5912b3f2a2

SHA1
c883a4fb42218a3e885ade29e183c8d3b681ba18

SHA256
5881c4eb44cec5aa5908e81ffa27184989fb35b484dd52d00ef0078615dc9b85

SHA512
6d828d5127c2b52d31e63c7aa7b4cdd8c522dda3f4c1dae6f3bf5ffc16ef6107a4f515794de514af406f4a8022752f479e47c064e2ab01276002608f5b797c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e32d85bedec86d91c68d3a3d790c990e

SHA1
826bca9a1d7ea389980f916848e792afe5220b05

SHA256
ff4bd2a932c9e2e15c1803500298128166e95f9a59bc62f53d39303f2227be3c

SHA512
db4e42c9ae0f8be639bec2a366bed0001fb2b2a985339366b024fc1f327e14d52cc4c7d36b4f01dd37c02636f425f818cd84519b8954dabd626a3858841a92dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab43D6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar44B8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit