9959ba28503ec8299b81bbae0e991635ea4d709ca276219524630e19277a2453

Analysis

max time kernel
8s
max time network
130s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97abee40d44632e39825a8dfb1168623_JaffaCakes118.html
Size

87KB
MD5

97abee40d44632e39825a8dfb1168623
SHA1

bef8fa8584f09cd63dc18a0efd645c6494d626e6
SHA256

9959ba28503ec8299b81bbae0e991635ea4d709ca276219524630e19277a2453
SHA512

bffdbaad88cfbcfc116923ef746958f9a53b12e9cafd89f588d00145099ed42f97819fda42537f5330a83dbabd77ec7d125f7a0204ee0f7ad972981f9acf4c55
SSDEEP

1536:sYtpPC7fPIDegdSm/Q5L9z5Qdi0rdGkDeoFyE3lGZ0s5JgLPYjIxvBbRcSQU2d+B:g0DegdyB5k

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A159CC11-2319-11EF-8B6F-CA05972DBE1D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1728	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1728	iexplore.exe
1728	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2712	1728	iexplore.exe	28
PID 1728 wrote to memory of 2712	1728	iexplore.exe	28
PID 1728 wrote to memory of 2712	1728	iexplore.exe	28
PID 1728 wrote to memory of 2712	1728	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\97abee40d44632e39825a8dfb1168623_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0fa2edcc062c7d445f0719699c6b7af8

SHA1
e29f49d620df101c32188a456e45b6cd2e9f1ec4

SHA256
f79b424a5d339b5d6792fb079750640068edf4a3dfac9260aa8c5f2fd2d23ea6

SHA512
2e98f5aa8307dacb9ab5abc404780b76e1e80e6342c0075e75e7a1b9992a58ae0418ce5a5d523d89ed063b505b64f0d0fba3424b46e8e3cbef61a6cb7d6b68bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5a146c36873df3258b9bfcef0b1f873

SHA1
e93a549ae1a1057b190e8156508b9d49c22aa558

SHA256
42658b7f1aa1b7b85b969e5c279a02f789d23ce59e77f20d9ecb8daa47952db8

SHA512
694c42511b763fdbe76fcf53ce05b239c1549da01798416d01f87eba7bd409b348feaa8108f7d60bba23cddd51216a3e3829b80fe6e11bb4d1210ca2912ed0f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c3ce128f92d3f0bd7a3a7c59361a804

SHA1
560cc62b9fa885577792caa36efa10c6bc173477

SHA256
d5044282aad194afea373ae9d7f2ca276f1220ba7d2b03eda755cd4d6714c1cc

SHA512
19a0465a840258cd134c7d0083b532e2d0b080f2aaaa6dd81bd618eaf0a82e8c13f42db5f1484264330ab1ae97e8543ba2b306599c449546fbaa85cfca25abaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42a2f71e5ca51bf3d56670ee4330bec2

SHA1
ff4b3908135efee5ca590f240d076b768a1e5f7f

SHA256
51806e8028cd2adb605975d7534fa39ba9596e075297fe8142bf146029eeced2

SHA512
d7c4484fa724afd0461f1cb9c1370cd224b9035adbf888d6702b96843aef086aae1e757891a5120aa118685d2a9fe1cd2c41b49541eeed054d4c4bbaefba1d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d7f6d7fe931f6d4f7232cf22b167084

SHA1
6b5b40fd832b79036b502e9168193d29b034e147

SHA256
ba5a31961ca06acb3ac5a50f4c267ab239c4de4219ad48edeed6e13c305fdca3

SHA512
4d172e11d07ab66da5435462f39e3423f6051bb23b265252c558923f83e35af0584200bc8e0f80e9c8352f66df9a66fdd3b6d54a42f39aed945be779ad62b41e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eadad21212646aebd64d4038b747fd4

SHA1
94fc186fac135dc73622df533add12634c7d6b59

SHA256
db9f2cd168d68b44febd57bfb3b28e412ca51088e2f74f1f4ac17d9f966f44ce

SHA512
7c32f362e47f29846a86d1b2e59f43b96faf51f250f816ea3a221258cb4fa10c7bfe855fa94be88f9cc580c5b37cb0234607f54aa54c609cf0551d1905566a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71f526ddd23efb4791c23ececdd8e425

SHA1
d1f2c1b06c5170b7c7ce4158b5a56b426b811e60

SHA256
d73f8512b40028792e6da196d16ec982249a29e40e8fb692c380282b5fb33cc6

SHA512
15095db9f25df385c120d9f0dae7e69c492b3d851949ebe02abdeab3092540755f6d7e751779c3f4979203a365e1ea5350f41c1f464034d2297dd81b349fe744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49178263c8e0fc015a463fb1291dad4e

SHA1
5af6a1ad1962a8108c53943e2217a6b1c858560e

SHA256
7b0dbdcac525c9a98f83229d27b8a5e50c20c513101249e473079dca60c0f334

SHA512
731363370fe7a8193f26defe0dd22d30a0538c86eb3f57fd91ea8367b817cb5362482cdb89db4c2f111fcc121136ee3bb1b21c3c59edb8febaea6fb5653a8fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdf4ab6fe98cf31d11554b2ecb95efb7

SHA1
e956041110f341e6bf510f7aa81c9a87f4ca5b41

SHA256
c08592e6bf4ed08a53cdfc531334948bcedcfc9c5845f0b535310e1d6b210aca

SHA512
1120e5975c761d012c4364a781e79d89fedee090de1dd4db0d4f99d9469222c29d179d8f6b04ed86657b3876378b5df7268d2469f330f6057ff60094ddcaa871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c8b76ebc0ddd9a21659991ca745f91

SHA1
c0acedfbf436145b3c62e154f948848b19618460

SHA256
ae0829cce23a40d4c4bf2b5155c8ef6403cc68f3885df9bac2f8bd1e26a3294f

SHA512
21a1fd8c0dc8de922f473abe885d4ffa7575dbc9a529cb2fe0783f0af9bf6ab5577fb115a8c46826e4601a48db79e161d0c9207667bd1fb0af2028ebff7a2575

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5142fb5760edee42c5c53f4ff1fcb5e3

SHA1
5f2f50d40b3bb5713ec5faafa07b45d09584af53

SHA256
046e59d6e0989fb50bfaa7f34db035290f323cae8efad6c411c5be56380e2f4b

SHA512
26f8a4004d354d9bd1c7395e9c179bbce4acb032d3dedd3b039020c169cbf72e0919eac74a70c2463f43a5a6708ada0056492853aafd2ca44143c45dbba57dbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d1d780fcd479fcc6f4c0c15d9bebe5a

SHA1
890b8807baff6d8d76befff33182d4392c249815

SHA256
225fc1e970045a39fc66bd6a2327eb7d0705fd97e0db140fbe07c0880fb4949c

SHA512
a81c4c7873a10944d355baeb6c257df34ce2213553e6dd2d1f629212557b529bba9094c5df794fa4733a3dccae67bbde1d15b8066828756b83d4e1bb212b5acc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ba7d1fd64be98ae0fc3b7bae98552935

SHA1
f572831d7e28e8d2879951972d0c216578a74ca1

SHA256
a5abcfe3748d982d27f88e7b885b54086dd3d7ae8d4b805feb78dc29c6e33777

SHA512
eea8055d5bc19b1f003278c352a1704cc79a903f94b56d80989af298e26001ef70c4909f75e707b90a3e2631bd2a185c25b06220766a1092bd1e3df5a087561a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab33AF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar33B2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34D0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit