be851d5e8f2231a0c8873356c027ca4b2a69baa01254fce4cb9d67182daa0e8a

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 04:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

973bb12b527dbb4d7e4c00c8ff6c4ed8_JaffaCakes118.html
Size

19KB
MD5

973bb12b527dbb4d7e4c00c8ff6c4ed8
SHA1

f73fbf6aab82b2825ba0f03bdebbf8be4066063c
SHA256

be851d5e8f2231a0c8873356c027ca4b2a69baa01254fce4cb9d67182daa0e8a
SHA512

2d882ec000df403fffafd134a6c18f30e3ae023dc1350004f0d4db8e165765ff55f2a51c52dc665f0171220aff59d72dd06192dbf0e6fe6757fb3b3ae10411e1
SSDEEP

384:D8dA7gmDAnkmo+BLwDn4psVNTfjjv/9u11WFOaPbB4hNrJ4Q+ye+G0+xx+Vy+i3r:Dcew6Tfjb/9+1sb0Ur

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55E1B5C1-22F8-11EF-B35F-5267BFD3BAD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2140	iexplore.exe
2140	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2084	2140	iexplore.exe	28
PID 2140 wrote to memory of 2084	2140	iexplore.exe	28
PID 2140 wrote to memory of 2084	2140	iexplore.exe	28
PID 2140 wrote to memory of 2084	2140	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\973bb12b527dbb4d7e4c00c8ff6c4ed8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
341d15f8d0e02516eb4db3016f2b2faa

SHA1
2daa6de6f0f010c12f352f6c397dcda9a607722f

SHA256
c7e57b3ce2d6b052c5f71768c1df007f5d0b8712725fc0b136ae9d1e4a1b5e79

SHA512
cc9b74cb9ac02adeee7a4c0b2853e0b145f4d7ca53179f5d8cc71dfb4deb5ce0db6ebc65c9b4007c4d511ce365429fcb561c61057bc0daaf717f7ac13db80a69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6406b7ee3a0dc08ad906cab85f6df4a2

SHA1
1bb08e205fc237ddc11eb5f67432e2bf03a3a472

SHA256
82a968ccee938f608f4ef7cce0071ce24333c90149e52ad9012fdb7e84bdcd28

SHA512
ad53d5ef30e4de37b96fa1ec7e5f918ae27222c0a61993551617539db217aba20d1c2ef2b1a40edf47b5676b9bd666b87202f9cdeaa403ac0b3618ddd5509f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
964ddd324a6591194926cdf89a9e4de5

SHA1
375abcf87ff6cbfcd109b5ad8d64c78cb4d59cea

SHA256
1f096e1f40ad8dc9dad0214638d461422705545a447c400752893c9469e6d4a9

SHA512
2517f198cb34ec32ebf1e89e1fe57fc379343848c1ccc20360e2a942a8d617bf1c06a11fa7b9305e26033fa963bccb745e136626c4ecd69c3d84a9f55342d3b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c85905084aa0e432b62c8f5ae62cc0f

SHA1
56d116820401f577db17dd8a9af141d94bfb5272

SHA256
cca097020df3ddd9eb1b423363c8f037a8bbd1bd938c8fc6b52fe08cf1174737

SHA512
eddde99c42ff1f9b46088d2ded2ef58731708c8671cc1375003bbc47bdee4004c8b71e53d9f7ec89956be0daae63c39d8952e9c8198f2ddec4f0530a6aad2cb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7426e09504984bd83324784285d494a

SHA1
db2cf0f31c84583d0b04bf10ea57cca586dba754

SHA256
7d846bc48100f4d6482d34ffc6a1e2f13f0a5101643e92303a6ee5ed5b47eeab

SHA512
6610197325c25ddaa812660c9f3b85d79fab62fed4f9e9290c799b53ef13a1b61eead13467a74af54cff380495bbf674c00e9bc4bcb20f5e18e5393318845bca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de70f7c462eb820002e7af625964de41

SHA1
335f3e0f2526608503b5fa937d84229bb7975cf1

SHA256
61269e85262bee3e28e8c2caf74f9fbf2711ab8f74ba5d26fd84902322fe3267

SHA512
6b34cdf26bd2e54db119d5416422e4b4fe77173475ad521358129afa4607d3b0d9e1040fbc6fe3eb9b5b124a94726529aa5228d6f3d01b0260b0846112ad025c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43dbca39dc2f4e51cd35d84ae4941806

SHA1
bd8fd94266fbd5c48825a27bee6a6c2131133c79

SHA256
2c666e536cc0c396a59685fcfc6ab64cc431a9fdb568016f6d1f379909f913c1

SHA512
54083b3fc5b1f058c8706af4c06e28eda2240e7da7c67d25d5011e71315f192a3a4ff7802db9fbf9b3382b4ec4aba3206bb8dc8615ca90ddad1c779f2caef548

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c31bca0c2f6e175078f210fcfc74e074

SHA1
b55f17b41cbd6a86972a14b576328aafaaa3f75f

SHA256
a341c80c8f49e544d5a143c4515f60902b237eb3e48670cd8290b1bb41af6d8f

SHA512
6773bc2257539dcf4eefde1fdd9fc064ce425e12824889e36b3c2ecac5f5c33d38cc132c3a0f04916e35e9f245c619cb7c8a10448385677e79e662574f2fe821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d036c4732c87c76c9dff2c9884f39517

SHA1
8c218c7c6bc8cfb0fe5af6040deecf96812c8c34

SHA256
d2f4e87d9739d56ef8853f6119bda261eab94fb950b0a08041633a31c2ae200c

SHA512
bffa2b67123e383cc395161f2541c21b6d7cceb68826f30a8d611ae02ce21fcecec0c0378d1d23dc2694b851d69b7a4aba386ed635b45af7995da9a5fdda102a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bacfef42dc7e929148c4487c18f87b16

SHA1
4b733e78ef06a4e670d87e659b6f9815c7a00805

SHA256
00783c70b2f691e7f52816f2bb2fa05318267373b059dfdaa6c53fd1fd38b661

SHA512
fc6f3e1419bcd9541f04e0cfd7b99408ea8171884f13a6dae59441f4a07a7b34e71c021fc38f915eddbb2569a957032951dc8b620574a7e4fe5e86fe72349b67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea47f1fad2ba7f2b70f4eab2a0b9d101

SHA1
da5a5bd3031c67a707eca5266b231d35ff6def3a

SHA256
ac5f7c7c7199030da2fb48afc2c9794f4a7dd1adab0fc8de355d1c757a55946f

SHA512
20dc3fb803e61a683e7e8343f0d6c4dea22337dd5199b195416a2897b091d58c4ca73e0d416b6c3dc43449a7898089ef60e8295170f3ca684cc66cc12f70f0b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55c522c96d19a9e17d5b5259e2b6a4e5

SHA1
bd2924dfd4d2b17db7fe1c4a135cd6077bab6ead

SHA256
e048c5d2ba580d2fe7dc168dfe3326bef2429372c42f4b3d560548df363d587e

SHA512
a2c4fc5b119fbc0572d3df22556786ac8f48614b38cb26a6238d7c43cec0618f0a85b118d9e54e2f2f2374f1ea5ec257277cb36bf483f6017216e4d266e50c40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
937a22719f916e12e2702922e9e1d5b4

SHA1
0779c5a4ecb41180f166fb0071962d8a29e27c96

SHA256
f0ab24aca81e71623d1f9a637af33fea04c36acc622ad8fb41a63ee1a156dea0

SHA512
e7c4605939f5b59e54d1efde05e4bdfcf2d862b397dc5c0d280f5faee22aac46cc3480822530565566d7d786ec6b0da84063ca74e295e1c3437c10a0b7e3d1db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0324722966b39a238fac2df402f9f025

SHA1
3ab9e766c5abe069d3c40099348919403ee51ad1

SHA256
02d31c57cd4e38e2a3d03911e0271ac52b174721ed46f5fd1044b3f8c5779aca

SHA512
fc3c7899855b1ca020681e88ea672384ad3b4ac8ae26306fa777bc760c549a3008c1c82c55dd8a77c16d79dd45d2ac53ca3d6768f9a5217f0251fc06b250b531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce3b12f4606b1c453d685369576973de

SHA1
13a0013a40a551bcc687ee3b26ca50337a9eb5f4

SHA256
567560585054cf99dd1c032e2d676215fd71de37ddbb89cf01f468df0b7768d0

SHA512
9e5fcbac63754f77ff15c96ab1b03fa79a5083283e09c5036691c533dfb62667151a6058b5a5f019764660d9a4b987a73d95b7a9d083f26df700bfc0367578e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81df6efeb9f9de94a592b0b695dcfe8f

SHA1
f47f206590627c3694cc14cddc36a7f244c27ba9

SHA256
7aecad3d9193da4660ba05fb6ad044bd4ce175cb9ed1b4d3d19d9b6dbc5cc55a

SHA512
b1fb7f5c4c565c4ae11f4fdc011b331ffc77e3827fbb669cf5686f74c2b85a488b23c2a06d703c20b9ac1e8ae79c8defe6130795d2bcc6495ebf1e8756f02390

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4da76b717638b045f4282b4e9dd79abd

SHA1
e910329636a8ceb17f346355464ada58d997d3b7

SHA256
e262b41865390577f2377493c862b65e48cc90cca9159c5c1698615fe52520e6

SHA512
f5decedc4c3b8ae16cfe6bb752f06e590809d1c308015843a26fe73d1e80892d226cd194c57068150ab3bfe3239268677088c9331f8f31ca7a278920dd3ea7b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6da896acd39edcc8e65b0fe1787902ec

SHA1
800f4f64dfbebc538f420adea07580cde5195941

SHA256
3d32ae92ff9dbb2be4b767919bf8513cf98f78b20ed683e7180130be57555e0c

SHA512
bbc9c8cd307805a0d163ad593426d4d544cefea7c283845a0a524ac1d939275d37fd07e17d8e9da03021a236362a51a961ef9342e0aa73545def1cc88199469e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4b10cbe6e355be496a4d0126aa8aa63

SHA1
433071c6c8c77414f2fae901d1765975dc87f849

SHA256
b0072648f0cc6587e9d37edccd08abf88df2f3962c9b2e4aa9a4998bcfd3250c

SHA512
ce7ea24535f7afede361fd8453d3002ab71d1a66a4b93bb102dac057ffd7696d0c1f4852f505a2a05a9a7de0685130add36cd8034c8f25f1b7993c5dcb61b3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEE17.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEEE6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEF3A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit