d090947e27a56af78fbbf03f9ced660399bbf9d071fcac9a3766ce66c9dceaa8

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

957eb4bb4baed73859e368b3918a99a7_JaffaCakes118.html
Size

220KB
MD5

957eb4bb4baed73859e368b3918a99a7
SHA1

075f7846c4aa4ee5abde33e84f252704145b8e11
SHA256

d090947e27a56af78fbbf03f9ced660399bbf9d071fcac9a3766ce66c9dceaa8
SHA512

3b215aa235d1ac66ee4444591989216f622b6cb34e832103338429f1637fdae96a774eb07cd4d7d5da8507d75ea8409d8af0279a60f74a74581419f16eab31b4
SSDEEP

3072:Sw0igWudo01eTyfkMY+BES09JXAnyrZalI+YQ:SHDnZsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423679826"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3183DB01-228E-11EF-92B8-52226696DE45} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2124	2196	iexplore.exe	28
PID 2196 wrote to memory of 2124	2196	iexplore.exe	28
PID 2196 wrote to memory of 2124	2196	iexplore.exe	28
PID 2196 wrote to memory of 2124	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\957eb4bb4baed73859e368b3918a99a7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
132ddf41f81cad8dcf88a9516663f41b

SHA1
5f555e1a3d5cdaf88203abfbb7180938c43f2d29

SHA256
b071c83cdb94f1062cc454317ba242c78204447159e1209d1a56f62b39d9d653

SHA512
d9f9fa0fba275917d0d1553d6db3aed81e886a8bc7f62b05f98bca46f9a604c5c3222c45a9516bb19fae4e2cd715dbe49f6fea4d4fc9bcefe66c4644c232b662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb4a4bb2f65c91e10ac7300c6eabfc4a

SHA1
d21eb05da8f91e70b050b9674b69023082656302

SHA256
cb813b55d0522b45e885a8769bcf59bdb04dd1d2145b492735e9a36fbf16ec91

SHA512
5bf49bc9051a392a3cd09447aa7b8fc610240ca0c1a6dd92b42dfaab3fe6cac029e62c2baef9e49e560c52fd5f6440e28155cd9e9369b63e9e6535424812bd48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45a862f8fd37029fbd8df043b73d136e

SHA1
a185315adeb2425f1465f465630db42087c0e4fe

SHA256
7caa0b5ba793b01f48248a83a778bd5d6d7383aae36dee524a305bac255def03

SHA512
8f97ca36e97fc360e9de0cbd7e788579f8ad514a81c5164cc65997ea2e96c658fb7016587b47db0ea71b2887c06f625cd57a67109906554c7213c0fd472f1b8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ada28870203fc1162d4f10e567e21a9

SHA1
3eb803dd02f527da1e9c2bd3e7a981ff5d297cfb

SHA256
5b5e0a50f71fb860a7547cfc6bd1e5a565c8573ffef86796a1663a7ca0fa3c58

SHA512
7aa0116d1f8b858507d1d6b3e09569d7fdeb952d9e307036a3a2ad740fc68beb2562192f4f29726e77c6510c7846b1d46639fe671be31f053936825ae8734e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
693e90bd8602f131ee4538627de60220

SHA1
89619f6f0250785f9170a07494d9d5437a962a27

SHA256
f2ff8007d453265f5089950e7c027b7f07af6c158868cd58c8a6390a17f9f9cb

SHA512
9f2de659a9bee0af58f1feedf66cd20bbbf604a5cfc324be2e76fd60aa4f99d2c549431095ebade76d4d28f13f6d609da67bc1ee8c657985232c61ee56db1d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a59d494de014f1d8aaa9007c18e3298

SHA1
c95d970e5e74b29ba24801f5acb69ceb383ab2bb

SHA256
f4f640787828dd20990d239e07c1900e1abfe075dcdc875a7797265317ceb351

SHA512
d10c384f0c5f0c28fa93e54cd7c8e7e2d3380da6ecf99a3d8f57c11a12130308bade404580ce20be3dceb899490c45335507a0cfab9ce0fbfa49f9786234e2e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0ec59a86ea913e5010a1f79b170cef9

SHA1
d00764267fe6504c92f80124345bcb7bf473e78c

SHA256
eef7fbfe4c7426dc791dc12a57fd676b3f42f3b5284f882077c1bd179639c305

SHA512
1df3df23ed78cf03804b77660db85893214e16cee2c794c0052a3018dd63529ab5ba2f9b19705d66876e895b02b102bf52e4df81c35036b7a60cf95cee763159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13d635ce9854dc72056f9387f5e4d60c

SHA1
9732bf7a0ea8500c4f547a0eec8c0b7819b7bd55

SHA256
791a83c6b1f0230df79c6b246cbf8d624e8c758c2a442bce0683464197c362d3

SHA512
2bdd63a567c26e01bf74115530e4566802daa49222a42fafbfbef0707599c0d62e4754383b33b5c3c89cef360e68b46e25ee3bd2d74a289981499d425b991f91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32a67c4f8b1c51440e39bbf6dd683f1e

SHA1
62d46951a89a5eec8f918c0dd0c3e3d92d6ac534

SHA256
a947c8f932bf581586335db100db33b09a7fbc14003ef9d16fc8bd4aab2078b4

SHA512
dc9f3e6b425edaa5db4927a62fa9383ec5c293cbf1b571c34f2415ae925e945797b32d13664b75f82858946b4edfc895652efb7379d392872ec872d1c3197bff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10085a90519dd60190e6b5d2786bb2e3

SHA1
e701ea399baad3e66f47c7af4da1b902028edeb0

SHA256
b4503010e9d06f962bf1ac843375fca1535d248814579db07a63b4d19237904f

SHA512
222daaa0a7db3b08166b3ddd0340b05889a4831d94b17ba4a5832294a4b93548f6bf52e87f8ddc8bb0f85d660b03bdf01819c025d60352c3da79d8515cc2696c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
baa17a54642f7cdca43a5f5a35f8298e

SHA1
af306e6c2ab723910bab177ccce4fd398712fd76

SHA256
45485f291039396bded22a55dacc26680c4fcbe89fd10f8cb6d187039a5d46ed

SHA512
102803793b22eb617d6368e2767f564569dd5600cc4de923f03a3e1eb9439aff566268edb88f9dfe2ffe6ebe44ded40c4ef72ade68bac58b81cd9a071bfca3a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aee98f54d5db83a4cb2771545473d50c

SHA1
58e79280f77c0c8599ce6efd6134697969d026b3

SHA256
6edd22bd786f721f057bf1e15cb9b869d5e580bc980b0f407c453c58744e4088

SHA512
cd246eecd0fa9309db74bb38405321155b13c7a8b7a09e9bb8fcb4ab75fd11ee2fdee52b0fd339aef30acd8477098db729c66ea62b818ea6124155460a8762af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de1ea0f9b169e63ebc1c864dec728bc6

SHA1
65f061db956b4cfbaf2d20ec5ef7bb9ce7e46879

SHA256
618332ebfb82265fe8a46d0f35b08a8ae8f3811ff909fa5842f345af46479545

SHA512
36285400dc1fb76a68a79f9b71b64397c858e821b850d301e35f73e647811a485a0e1b310ed5725113a879e494666e4adbacc7d14a390e362ddc24c86f724158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e241fcfc354fd015642f948c606e643

SHA1
36eccaa3ad5ee6405a34f35bb08309d387b79d88

SHA256
269cc73e2f6bef9ab3b268904c046dcaa3b0b0e8e5d69c1bc7bac5e51c83c246

SHA512
209c3b6e16de435cb171de17784410c548231b3b4b76b263dd7cf967a3c16f71e2727d8fc00dfee804bbcab8f59cef2f3d79df47edbbc7b00ba31aea0717bc31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75ea52d4bbd774cadb9d8e8fe937fdb2

SHA1
2f507db577fce50d8a7265159c60cd080bb27d55

SHA256
f57f4d0dc29ef5664c1842e4eed1eb70465fa1c64bc708423ead54cbd50e5429

SHA512
71c01098bc15ac7d7e51bf0a7597f8425bb221d399c23786c4c0d74bfaac2b1d9596cc6576ee8965248ba41c6589619570936b016f46d38c0962bd1a17842eaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
906292994fa8cb4b3a19fe2b6ef796a6

SHA1
e127cb1c8779d540afce145f6006690cd445b8a8

SHA256
75b970982956e23f6bdf77991a2ef4824bb6736aa3fb9a27eb1be56a6c7fbbd3

SHA512
1a5a27ad23aaa27e607749eb010990e31b50e5fc7ee00e96b7cc7ce881db31f3c6b4ee92d52cdf9c16e321e9b89669df353c775c6194c6fbe3404f9e51bb7682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5692ecfa7488452e8eb1e9955788bd8

SHA1
cd4584e52e55a20af02850950fb4df0b091d28e5

SHA256
6cf736d19ce3acdb41599666feb4d2d62e6d446ce02b186b28e8909cdbd06d76

SHA512
ee40005a114266e6e7d2f63981701f00744b4843e4ec702db561506da75300ca348066c5290946e82e1f9b9c7a71242c8b8579396be1d206e8ba709c4b2415be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12fd2cb02c18ef9ff258332436b25cab

SHA1
2d7a677368023e3d701f92651e849e8adf22121b

SHA256
ab4341680dcd9863ef6b8f8c006a6fb8ed0e70af7593c8e8e555c96757191cd9

SHA512
c23d09ce57117891c54e9db65126327b5c4da7f61142e749309cb357fa93792238a0cb7adade80e9c0fd1c4dcbcf10e3bc595317cfa1c40fdb9715645af51705

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f8e9824d30ac307bb3076ee06e451d5

SHA1
1bebfedae782d056c6d1288300b7dd31216d47e0

SHA256
29c8618a5c7293d316f390d9b6d63008fa9a3efe583364e186b668c6589a78d3

SHA512
10134f16705808e3992f94cf0188d88ad6cca150a37ab741a6de8c4a30d3a575d1667f93c2818acaf761bde259fdc1df4f0beedf3717743771bcbbb079424ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B3F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C50.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit