e15e9eea028a6c6c15a4c9d2c590cdc3a8f25bca837192f9680f5437a3110ea1

Analysis

max time kernel
0s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9741ddd6ef7df7ae050be2a8da375f5e_JaffaCakes118.html
Size

213KB
MD5

9741ddd6ef7df7ae050be2a8da375f5e
SHA1

4e991d30d1a7ffde2909a9a9427d290bdc8323b7
SHA256

e15e9eea028a6c6c15a4c9d2c590cdc3a8f25bca837192f9680f5437a3110ea1
SHA512

7fffb7712ff536a99eabb98a260e3f5a3c51b9ba683d40e33bb9f2ccfaedff7f485abff7c2cce5ef2ab562ff94331e823b624000d3fe7d7d0102e58ce6c611cb
SSDEEP

3072:SudPXqoZ+T+NyfkMY+BES09JXAnyrZalI+YQ:SuFfYsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D5C80D1-22FD-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2032	2164	iexplore.exe	28
PID 2164 wrote to memory of 2032	2164	iexplore.exe	28
PID 2164 wrote to memory of 2032	2164	iexplore.exe	28
PID 2164 wrote to memory of 2032	2164	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9741ddd6ef7df7ae050be2a8da375f5e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0371bf81368f5c9135c4880b40f4236a

SHA1
59cb7079b2bdef94c7c79f4dbad3f6e49824078d

SHA256
04a54c479e4ac91607b36ad982ac8f1e956b7cd9010cbaddbe3e40d8d02464a6

SHA512
e7c4eb5f4880dd827f8b55b6fdedfaaf9c802fe9f0ec4e79c169e36ddf0913db8f91108432030fda72ab095cf5ef6c4943e3b76fced1939f5926737a2ccb5751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
487482cc3f3f1d5baeac1f8069da21c2

SHA1
1f750d2461058834b30ac22c1aef2f53adcf5c76

SHA256
5267b0ad32885422d379ff586919f9f785f10f982d1e16ca2578ed71e662d6f9

SHA512
e265a4b239d0bf30d2ef68d3fb34a18d4d306ff9043f0f18a952f7b5077c4d41904ca8b018297253ee6e3a2b7c0a75fe983488577e5099e059086110c1935be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4447a1c824b84a01ec217c25340352ab

SHA1
49886ff189cd3b79a7e42be898ac6083840e35fb

SHA256
77e3ba9ff44872beb0f52ec326e5deeefceb7aa8657b15a1603f68ff90b37051

SHA512
7d4804d05d0f3dbe73c53c8eaf27deedd7e478d8eef2fdfe644221ee2cfd20eb3e3bbe57752cfb5fe4b12e62f43563dc29a3c700e9eefe8f95dbb018209a4ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8b4e3ea11180bc3af0634d5d3e9cb5f

SHA1
d661c007f53130242bdf5ced8a84b86b5a7a97bc

SHA256
8c0385586f44e368e3dc2cc1c354b7fa30a4cbee208c76ceb4bb81cbc25aefc0

SHA512
ef285799937fda99fb91af6d40f5f973c4f47d4fdc7962dbeed4f0795b29b6c3bcd5a029c09c393972bafd8e9f5966c180fe4adcabe0c6e88047b376adff21de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee1b5be898ed7dd3df66f352b1f9d20f

SHA1
6197815f66f55b05fa5ea752c2e861652676630d

SHA256
73bc7adaafa1a595567b360a7431cead77d51add7649c17bf0e3ba6d1e9052c3

SHA512
3cb9bc68410de9e86dc2784befd55ff75df35bf79c5c16eb029816097129f407234583de37644feccbcf7dcba17db3e27d3d9cce5356a89e5b4b828bd1cd06a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3d2d97c7ea1d1029bb79c94ac7712a3

SHA1
6d7c41e099f1958560887116f8ffa567522b2db8

SHA256
43c5448d1137f63ad67c6980fc7255bfc08aee58adca87351bd60d12b0df7669

SHA512
1dac80f5f1b92c1dd9aaeb3aa5bbedeaaf5a12fd9c5a8f87bc3b100ef45f4e46b30d9c948e8e04a7c1dcbed17455357b4d5245211a95a26f79256560427d6001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
184d42c86e1170b91da8066fad7be52f

SHA1
c0fcfcdf3209b1f1fb8b9a5f736a47b50d94b7d3

SHA256
55c9cf8e849510c4e67b8a03da35a35ec1cf5b1cf2dbfce947c5d1fa3e61b3b7

SHA512
c43658d9dc95c8550acb5d1b4c6b2f2902c6b6f600fb7270f670af80e49d4454c82ee65bbd968fa8b2d0012bcf77ac1671331b0d267b1e6bfe5bd4445423f665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23784c9c77d3a12929f7b1b2bcb37681

SHA1
177844440a5f3b6adf2a727297cd45cfd16188eb

SHA256
b197a9eed8e628eded7facffcca9807810e356c19c8e179438cbc3f6d29574f9

SHA512
02503b72d554fce9e5898b618d388cd7c847dc4396babf5e6ee71d2de40b64af215c7fa9a62be180530da649285057c8030e5bd911c061e32207efdfaf2cf734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dc544cafbf087f8e16bc2192cf13597

SHA1
3032ab5fd28f6e5c2246eb5a28688896c94762a6

SHA256
ba195d4e352e87716d50f22793fc6f96d2eaf3d2c554ea554057ea3af05848dd

SHA512
dee96fddf15b0243d6f6725ee78dc8bdb46046d780e1594898a7038dd884ca88e1a60bffe7eb5c5292200e4588fdf3fc1831c0f1d100d2c89a48d51426be8763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e5d475d045654d7d586e923d9c7c416

SHA1
9e1144bc1d751ece946e70690f1cf980c11742a2

SHA256
af7d7461cb9f360568b0da170044c1b65dc7036e161f7301db2e35811f17d81a

SHA512
d558468e7850ee6f145d25ca65810dbc2b355df46c10252f23a7a9586db08560ff47ff60bfab35b84e8af6506522cfabca7fa41a71733bb108a672eb57c89c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64d2425640bae1cab283834e871f303f

SHA1
8000a65f93d3c3a3f6febb5feeda4f71c4ed192a

SHA256
75c072d963ab02fd1b153ea3c569d746142d3f63011255ad7381217859e7d122

SHA512
25f022d72818ebe85e865441c17e3858a628583617a547368afcc85974afa38d19369852a2b277d6f8c034871fb46497fce7241a2176ad0f73c5a48f70c3c879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5248df41f0b90894d11818126440c6c2

SHA1
d63038854cb3917e8df16b0c937d1258d71311bb

SHA256
85ec498daed04a6fdb01882b0831e9518aec912b036bb5c73ddd39d069901703

SHA512
b23f04f1973fbb8feb589ef951e0ed1310c8ec15ea20095a305e8bc96be50d93b739c120a97d288ff14311913fd034976c3b2e1933cbf2a9a447fc13570ba4b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a91fc68bd4777fec53135599749e4d7b

SHA1
4b4344a9ce3920d983d41cac6423ee72c70bbaf8

SHA256
a95fea080a3c08c9920bee729359a4a5b63ebef26f5f011e05920615b6c51fba

SHA512
b8a33c63a533ed38d53f5858247db3ac65cec889972717fc1dad70e5baee41748892c94f092cf7b98ef9098713b826021377e0618f634b89e06f95d0ac9d9df3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6750c87fdb2b8cc8d1f43968e1d0a14

SHA1
6810c67addf8eff540c6abc2b18fc8253fe96279

SHA256
f31d8438937335d6b340e408957dd54a15b4423266563f526db4d6d08a9d1f4e

SHA512
45c80f6e1ad1d79d6777d9f74f92e76ac9bf702df8eea1fd49dfd29dad1ed8a741d71acd14c6b65c585c9cd7a81b146e0fb24c10caec0dc67d062f5385f8e947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f48986f6e862f1f2e90a5151f8e9eae

SHA1
7a840c3a5ea37d4c02201b59bb511404d139a479

SHA256
2052bab29299384292fdbf34b962e2efa89f61d0a3a4054176b77725309bf1d5

SHA512
9cba64ae0020ded5bf9d5edd0b69ff60fb252e6e8a7d1d6607bca6845266c575e841c8d07266aa5bdce138002f1547a9e21e85d6ac33172ea8feebcc5ddbabe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
523cb5700e2d01e54e12825cd1e932ea

SHA1
8c9ca4a26fd53635332face3b8201e6edd790886

SHA256
7e60b72cd68bc4ebc4a3b780375307558dccd601c23b2d3e686866e16943c9ae

SHA512
99a756b66d1cee3da1e669ec6cf0456798dfb467774c806ed23166d8560ee04f1d6460cc4639469af5a580877e13d752cd462f5a71f84881e4f01b53f1899ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1586f46be0a9302fc5d4b9a71f166c6

SHA1
59738b2200ce096c5b841a195c794f90057379bd

SHA256
6143aa511b1068b945638a390cf0462c8aab9d2f14470c1dbc0121e996e79d9d

SHA512
d8e1004a1140528145296bbeadf4ddfc261c5452e8d25e0eff7552fc4f582e5b84967cdb7ad01adc866773fc4012cfc5ebbe3de8c1d88fbaef41070459d6daca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84547363aa4adaec349bd14c8b3c56c2

SHA1
5515d3aadfff1a6d34ed4888f13699aae78d6e44

SHA256
b68488f899451acb7a40af1278f33e114d8d9ee5a2fbd5de62fe004bf2aa6d51

SHA512
7f1af4a8a6b1cd98f2723b81565a8cb7a47652779d922e822cf7bfe8a434141a2be5537f35b052dcb2290f5b2de387b0d33c22bb7e5a95b24df65d7099537616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bda3b1a9caeb14bb98aad547bfdae53

SHA1
dc15198b99223c130df4cff58e2ea26862c1c6fa

SHA256
8485b3949666c8cfed902d1c9508d47f88f96552fb1d26825663fdffbcf54fe8

SHA512
35ed119ca436e8bdd0203fdc0ac5c932763d990ef23240ff2fd492be06df55ed8d9983eb08365597a638286a347299957d5e16f718035d54a870930c8b43e459

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3120.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3202.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit