3b75691d8a6cc0342feca0862afb0922e879c50ee4cf367842fb67e70052cadc

Analysis

max time kernel
65s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9969cec3ba8302e2399fcd3a7aae1ab2_JaffaCakes118.html
Size

14KB
MD5

9969cec3ba8302e2399fcd3a7aae1ab2
SHA1

398e4c72013d3f3c8780192541d78350535b9d1b
SHA256

3b75691d8a6cc0342feca0862afb0922e879c50ee4cf367842fb67e70052cadc
SHA512

4f97d4822167bb8adaff0d0dc65661379eae13dca842c9b50c0d2906f201a4bdf1b67cd2e6c1da3b26a03bd49af229723ac87b0811a4465648fe766da996b826
SSDEEP

384:wr+6r6WY0bIwqf9SnMTOtUgvzdYd2eSu4vEtAsB:oPbI5fCtvatbB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B7D8FF1-238C-11EF-A140-5ABF6C2465D5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1632	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1632	iexplore.exe
1632	iexplore.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2852	1632	iexplore.exe	28
PID 1632 wrote to memory of 2852	1632	iexplore.exe	28
PID 1632 wrote to memory of 2852	1632	iexplore.exe	28
PID 1632 wrote to memory of 2852	1632	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9969cec3ba8302e2399fcd3a7aae1ab2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4cf9c86504427210e8b9da34ed81ac5a

SHA1
2c3e364262f1d718fa22af7a922737a4ae773a6c

SHA256
26e03a2f9ce7797e87714b2f397fcd1d5f5e1bbb8f4ed763b014a70f613dd26a

SHA512
e48832552757620e27c240ad4cd4783012c2c504d16a6a4970349c5c5fd107813d6e4fc21a778bd18939683c40c15e72c8b8e020f8d4b0f15e54af2ba7ec94bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e17d3b7bb937707c7e0d95634fa4135

SHA1
d3d871e6c32d5cf9fe1df0bae8eb6e91edb28ce7

SHA256
c4c198fd05ca64288aae3b89d2260d16d95140fd398419e9af7a34e680fea372

SHA512
d3c58556bb0fd39af375b03b2c04243c7e78a46c8805c0fe8cee2e030448a3cd7c9ccc439547a797fea34c007c6e3a1bbd47cd7212616e7720db0d7d933cff66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
043abeb2c847c546cd82653542362ab6

SHA1
55960cd894474918c5d13f39fcf994aaa811e382

SHA256
afd79c292d4b875c8b1e8d4f2ff5a9d8d204b41d343bf00a586d9e7c4c108d3b

SHA512
6276c396731795bc2d76fb6c2871f342bb8bb577c58c9914695b923e35bb491b76fd1f99f834afce0874a42148841de8858c2963550870246d301125659ebc55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
105c1c789babee0f36b67dc945c38794

SHA1
2ace18a11b7d8852e47786a7249131384d6574a7

SHA256
d47068acf5489d367a335f77bec46b5cb324025713659dcb75172dfb33d6a09d

SHA512
87a08b12abb4224df43823b4965b24c170413c4634993c8a2de06e866b1bb867fb6fb360913c309d82a981d5172ef38c45731257ccee343250dd375cda5f9107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e33126c395e637c363e9703172eef36

SHA1
c598b89f60c4c1678eedd5ae750ff2bc8c1bbd1b

SHA256
ec3ddb0455f5b7a62b026533cbafecfafec322db997558694708cf0b811009af

SHA512
093ae27aee1941a8282903163b125bcfd6760e00bb0bbc5d4210d5252f43e7a76a980d5232250dda586e6723affd71a16f0f6f638ccb26973e15efe90c405032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
add4f537e59355b34bc87accc73cea8a

SHA1
154f090b04a241dd52c821c4b3f7b76025ea3abb

SHA256
f944da6dc9365a80befd408aacbc60434817d0acca88cd43e750f31a8a005be3

SHA512
6f8e000465bdd07afb4286ed4ca37f6702f49723aa228a43ff4a7518d8ae697ee60a9e491ca5a3c220a66641ee4674085e8475ae209c929e92ada71b5f069c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b228855dff41a47f6103045ade535e17

SHA1
667c145e94fe64fa69581c11c5cab91a4618f763

SHA256
d9de5a3e8d292ef0fd0a4bc0fe3f880693d5830b88f48c5e2a335735bc2002d5

SHA512
acc0bba7de2f71e54498ebaba754742f1ce4fb626d5ee967319a57d4ec29d3cfe122e6030354415f04c73dd2e8db067062519803cd1849b1df801feaf7209774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
190a7cfb8156b998a62ad355c3d6888c

SHA1
3ee07bd12943535f439bcdd3d015a87c97355f85

SHA256
fc3c06d3ed10a3d5df3fd80429f255088fb2ae29176ca0b521c87acc3dc2eceb

SHA512
c5db558a466dc43295bd6c3c2be28b3e7c9f4e21c6d66ed709e4b26dbbb7ff49d8e969e9b88adb3cd6e6dd1f4fa847ce0f733a9ae59130b7cdfdc5f88759791e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce7e6c3686df0125459a63a88967a704

SHA1
4e017517017533bbe4e3bfa075bafa5beb195d46

SHA256
8712b8226b7841a6d587310e76f548d9ab65d10becad53613f0ef6afd462f249

SHA512
7461cfc7876b21459d3f06d7dab792044c4f2f974bfa805d82f7c4da50c697d7aab7be0d3c40db51bfa956d11174fa54d3c0dcd03d7f89e0d036a54a1f7036ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
163fdacced8e1721e15844f4b819e35e

SHA1
5847f15a0dbdafa4b40db3f781f3c3cd2cc8daad

SHA256
4c58a2311209517eed562896e7fa2e159b338a16f7684734ae92f22f87e356b1

SHA512
a4c73ab47c67d8896c1f298b97bae589204d35875b62cba5c4b92b58d00748ab874b8f384caafe02473edd60c1ba4f6521bd62580caae640453958efad9843fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc029376ef8d502a29132c5d00b60a72

SHA1
7b4f1c99a30527e00898d35d841f52a26eddace5

SHA256
da3778759717f202a269b3dc5aee0d9447612301b51ee9e4cba23ed6da46f3ad

SHA512
61f6eb7788f8631f833d5ef488165a13d9add009d4480bec2d0370ae36e8ceaf7a1340f1c535b8cc5a55d76100202be4c0dbaa03e1e7ec4519025854b9f09482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfa5f10093fffe09837f9b51ce913519

SHA1
3d3354f629d137b40805deb0acd3e23dab4c1ab4

SHA256
85002ce95d8399120fb50f892c78d1b69e1ca08ef79973f3658c78e2d9ed39fb

SHA512
35b82e490fd37b83ca848f40e5fd7c04c781e42527b40b5848625abc6a37a57663e2262beb0ac23e1bc24fd4a3bd39d365b15e3ad3da31cae994d3cf38d3bd25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71f270b1be64354116139a133fe39578

SHA1
5a160dcf82b69dd83208dacaca91f1d100e3f6dd

SHA256
307824d1b3b7731f34e305eb49fe3bc174bd9ef26fb3d76196e66d9cbbe5061b

SHA512
8374fdfd7b0bb01e2ad9084f1d2f08fd20a4a4422ad9c3a5209aa7d895d832d13aa6add3b2f550392d2520f24b07d809f5dc7609f51d615df611c9e686606711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eec14842991ba99d00bd35fccd2acf1

SHA1
f110983d5fabc051ed801229df81632ac9bc9882

SHA256
dc9a70e493f0ff0c5287f021ce84d97e18fd5cc2ff99358ce384519751e1eb32

SHA512
407a41d6066ea059c27c8369802c81fe7d45d2995c334381cd37ea7b00735c7a2bac85f20dcfcd08e47b103e97dc1d0ef108a943a91708ce2a0fa1be9d7498d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
722bdaa8fbbe3caaf1f1c68e69009c31

SHA1
f65d4e12fe0796d1050bf4e11069c52cdf6e4d9a

SHA256
7d07c35d9a0ee988305399d9702c213838ef1296fa3d5bdcc49b62a411c5a711

SHA512
45c69ba07ade37856815b305d09fedc13711a5a3c07462afb375020aa9be526a59e5ad408d4406e650adf2d5c9b5f929a9c6a256f7de504981f6a3641a69225e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba8554779b975567afdf5054dac6aaee

SHA1
5092dd35f71753a6a69f91ccd3a85aa4fb663e49

SHA256
241c3844c3d362fa6d67501ffa8f897c68fc11e7708f72b939a327ef392caf42

SHA512
30a7b700d7cbe38e85f3de0ec5aee9ecd282dbd40da113b21a926c9169df1fd8abd4b8df149e41b3ff7ff5552ecda25434a8cb776828d414643db294a418acd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c316d1c48bb2a30330f98c7ebaf9a60

SHA1
6b45b013053f6e45c98c943621f6fcdc8788d124

SHA256
83efdd1bdcc6c5caba1401444e9820daf95cee8fd3149d6ba3920dbcab7f4a27

SHA512
8c355f08696618d6a1d39d46d32517c5c8dc5d6ce60e9895de805993b0fe316bca6cc9e49a6fb6b08f1189b77a42c08741849117c1d0826e943c2713a66a34ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdcdfde318aad665b9f3120590d5eade

SHA1
b53c4615467ee6398d502471a7ca6706e4dc1250

SHA256
081c775d7d360da8bc71b4a2b7fb425b7d5e1823a6320012477ce1ad95d95477

SHA512
968392d6d81bff4d63e4b62aeda19757936280dc4e4b3c83c5be1cbd4f3499c9c629766585e573e4c251ab84a998f90cdd61c0c66d1cf59e2e15d8a7242ea476

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f4ba9b317fcbfd8a5075ed9ed15f453

SHA1
3df423f8fbaed67015ab3fb7a54f022955577386

SHA256
964467f0f1619e586e49c18bb8d6b1d2b53e2a8b30515c5cb41d1b0778174d62

SHA512
3b056b36efac8a2938d24c2020c006f8227bf6c84efab69857e82b675c05c4d0d5e7ab207587d0fe624b149e57cef9cacf0c1d1fc95b63cf1459be507364547d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dc90e445d505f44c650928785d107e4

SHA1
a9f8890beecacecac7ccc14a7955846cb8d87ebe

SHA256
a42f25eb140b709fde58176f80ffefa4f0ef4e4ee437ffebbbb2b6ca014ce310

SHA512
fd603c921ce0224a85ccbf91bc23c5554e5cffdd052dd7db95f7508561c73f16b0ee55bdb8ecf4736ed254d7dd2e7074055cc16a5d6f8612667c87e12a9b9aca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3dcadd5d8802415dc1e50b0f02329533

SHA1
e1559e71866e61650848286ec3d576c7522394c8

SHA256
1791efe1eb5e1a7ff6caa46f03c6c27d2760c724c9c7cba35f5945a7c05c94c0

SHA512
4b1b85522d3c0d89d9db1e97266be0f3c8e2768624f2ab5fd852155299db5e167566e99525c049dee3e139b85023f2aa5569ee8bcb587d2b46c9422e9995a87b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D65.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit