48ce81e1cc19a1e596ecd8b31649252137c11813863142eacdbecc55b576c61a

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95c80a41bace4ca8c2a457f662b4bae7_JaffaCakes118.html
Size

103KB
MD5

95c80a41bace4ca8c2a457f662b4bae7
SHA1

a07f57e29b0ebb05ac7e27671b59ee1019f28d31
SHA256

48ce81e1cc19a1e596ecd8b31649252137c11813863142eacdbecc55b576c61a
SHA512

dd0dd145086cce3d6da1a9cb2d17d0f38c19d06d852c9157b68f5441d78e243be23c27610e4ee9af78260964c2c9e07f116795bb8109b5da86a8f14d511cf296
SSDEEP

1536:9DrOj/2qtjgbbbbbLLLLLLLL++++++++rrWWtt22UU6611HHxx55ooqqWWvNs36a:9POj/23/LrJP9ae4H74RxGNFuaT

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423686184"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF330901-229C-11EF-8804-E25BC60B6402} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2856	iexplore.exe
2856	iexplore.exe
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2976	2856	iexplore.exe	28
PID 2856 wrote to memory of 2976	2856	iexplore.exe	28
PID 2856 wrote to memory of 2976	2856	iexplore.exe	28
PID 2856 wrote to memory of 2976	2856	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95c80a41bace4ca8c2a457f662b4bae7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bb21539b3a7d91d18a9775f3b6409056

SHA1
59aa87f551e02f7938ca430fc48a5df679f88d29

SHA256
a4724a2156bb1fc840c8e8a7df8f8ea85389043c30e4cd9ff3cd144fed138c54

SHA512
4dd0dd5f236e513668fe3a98dac1ffb0f3d742e1f53af31977ddc7acc732ffa581f373ee13ba70eac191f9c4ab082bc317e66a9b1610b880a439d3ae321a8f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e6c86977e8469a8f0cc0921099e39a1

SHA1
005143a0e6ff4cbff2ea15b58765ffca6f94e886

SHA256
a1ae8c32565fd9614f0785f83dc1ee75e5a5fa8e7d478ef863702f6135ea21a3

SHA512
acc3d9c6bb2cc685cd8cc5059bd6aec5b2f6b7238353a0c6016fa84ebf0e9ecd409d492d3a80fa395c58d21020a2306fd2abf25bd9d9959d77ac0b71c9f955c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a7ae2797e9a6379d78c35ef53ee6af1

SHA1
f4b9b87abd7cff4ab20687533fdfd9f54bd08c0a

SHA256
dd6acb143d38f926f1af85e5ce14efdad4989c78aea88f8ffe7de20869bfdd72

SHA512
9896cc22b07ecf8bf31408eefa32acf8f0d296d2a6da9d5550c34262d2873c67473d08edac4d238721f16f339156e38eeaf08dca755d5dd1b251e444b59b4159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a1604554c5e7fee3fc7b3263380cee1

SHA1
d3e9bf9da70bcf3c904d79de4295a66254c1fa7a

SHA256
9300e6aab040a43e8ca7e9d8583de73f23a0aad968c2f2e4f441696f2282dc00

SHA512
6a1d9cb0dc0903301977b502fde61733aa86195f49dde56d8303268d2bceb61b0d71d98de417622e01da4a43b122ee174aa52f9fac848e4c0c08420c1e084f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98afec1c1f5143448061dc36d6b81e1d

SHA1
5a2ba6602af4195bff9c19a7c9435644c23cdbba

SHA256
eca2356c4553c79cbad028b640dabc30685f0be4335d74c91088570eaf19c010

SHA512
b983c612e048f6c82338f46ff3858317b249098da49765f4d6e4f6746913f55052ea0928ec3b81a0f088c26d63a8b51052e55be636f89b913ae638a883e62b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca6365fe27df9f0e068b3c262a6c990d

SHA1
d708b184eca687ccbb8236fcf244cd9b3cc47998

SHA256
33c9ffcd9bda7fbb6819906e70319e7a9d997dafcafecdf49372166f4fcd0a0a

SHA512
38ca2c1529a23c93cad9cbdc98be97b9810a7fb74a526b7d773769b8c94518b9762bbd3a54d69ddf2793a0430c4361d127ee6db3afbab05f9a7ec391557a8ab9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
862d6bc63844183a41b9e2beba21bfda

SHA1
3801d00e5e036ec9617ba2bd6c1b274b8d040a46

SHA256
9e85b6c8ac606252a60a37738f14be931635e9ec211d8db781f43c22a799f244

SHA512
02fdbf96a86c6077ac34ec47910f21876c864853f17563a637340a6ba8f6ec2f066723e8b36e4ef5807e7f3ab42a5b6f15e95b63c0c5cf617073a0c3d39436b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c58250fd27774f8ba276a4cc8825817

SHA1
597e5f9248aa139ed6d77d7a220b1e1896885e63

SHA256
bc966499601462c100c98fc9f1a4abdbf397ae945446e4e9811f4d7a4dee786f

SHA512
70d6ce9b3c0780279fa43bf2bca6fba8ed718bbcf7712e7255454dcec5f1c01b6ac9bcdcf3eee49f5a218e23741322a6faa2b051e5df6b41b89c60fdd311d5c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e87c60fb0b7ee31c5ded84857a6b2e7d

SHA1
f1f6de4778e649f26571bb62482f3e20cc15fa09

SHA256
4fde9daf499e94d91b68dfce2237db1b08ab7aa9197021cfb89df4db6642f92e

SHA512
359e36d7922453497893b9c8cee90d322f5c8c49e451eb59c4fdcec52d261b92fc3e9508fbfb0c82d8f7678100209acd698c05d53fbeb608b28f5ef0e6b7f868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47c1d77743e5f81b11f0245e8a736ee4

SHA1
7d580d0db062270416e09b807706a2ab2147549a

SHA256
31264cafdb57aac8f5af047c407aba1a131088486f37838b440a5e65c684c573

SHA512
4ed9f07432cb0508b464098d45d06c98005a408d1ab08ced8e02697a394ff65f9d68d7bca6dedf39646f166517ba538ba1cd421ac08318075ac0f2be4f5e9f59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
253329f8fbe1c611ec10a52376e19e1e

SHA1
7b7e958c6cfbd8db102c99ebaa90c27e2298dbdf

SHA256
4518645197c4e527992e1a47ee228463edb50644854263700895d155286b88c1

SHA512
aa6d5859a976c0e35489206c38bc45bf2bd590b2aaed3ab8be76d4d1979de7a4ee01623c84429e7a0aab6e0f9bd9e6d261d89f1164aa83de3d14361a75cda243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
767f46e3b411d8fa28ac95e437bb80df

SHA1
c9c97837e7571fc7deb00d58aeecbd445594eab7

SHA256
30aeb1cc78d118068cf21bfcffc7911367de00ae582b5a2e41258060f8414fc2

SHA512
3143e6e92229a7cd43b46516ddbb75e16492e56ed1e00ce432bb3f9499fa7e15a5ddfdbf2d8214b8f60f7fc6262e468d5b5c5d6bbb56eef688dba2be3365cc2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c2abf481e04cebb3247a145833486307

SHA1
fa95d2e8cfc91d6e21547bd1f62214fc5b430262

SHA256
5c1b3433227e32a9db75d9846679652136d9e377585f61a1959990c0eab7d904

SHA512
9e1508eb2fc91135f93642c86b305d2c2e2d91ee3dc37d0d4e5c22d3b56d256d21a5b481d5a25f0fbe7dc104eaac7c9282cf9127dd11587256be76adce7e6239

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1620.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1702.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1626.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1717.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit