7d2f690b091386501cd6791fae89c11666a317263ae8007271ae94f74b45a516

Analysis

max time kernel
0s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97b13179516613b968efe1d3d56ee218_JaffaCakes118.html
Size

4KB
MD5

97b13179516613b968efe1d3d56ee218
SHA1

60fdf094d281090233e0d52b8894ef10fd704516
SHA256

7d2f690b091386501cd6791fae89c11666a317263ae8007271ae94f74b45a516
SHA512

4ebbde43eb426eb094253f86832fab196dbdb8aeb3495729217a69ef939d282560c9ba8c8232a709140f8fac2d9f5b834c062cad902ad19f252ebe176fe4c083
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oeuld:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F3FAD81-231A-11EF-BEEC-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2476	iexplore.exe
2476	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2484	2476	iexplore.exe	28
PID 2476 wrote to memory of 2484	2476	iexplore.exe	28
PID 2476 wrote to memory of 2484	2476	iexplore.exe	28
PID 2476 wrote to memory of 2484	2476	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\97b13179516613b968efe1d3d56ee218_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6bcbfd2095c69a7ac495881ce6bfff4

SHA1
eeaddd9d2bb7b1ff17f74c7515b39c19babc34bc

SHA256
5b6e4b25ec3f86e70aba2d80c7deb2ada90b788f2552431a4ca4f68217b2d2de

SHA512
0c0ef748a90d9485df88a9c3d87ff62f9f8b92772d5a6c24bfe1c707520a950ae125fdaf96b60b91a855425313e00da54075a732b5cfd7f134fa62aa9ea6349a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e30b0a189e2d495a76e5c0b102b0a225

SHA1
f3357929ed4f65759b4a357514537787b0012d0a

SHA256
4769e97804d96509a519f92d21f67ceff3eff1fb9d36af67b81105fc853f2488

SHA512
53d967978300fe3e9fabdbf72f6e733b1a91d2325bded3197d785b8b7abd0ca84db14db3eeb6802e2a5e181e82d4eca7a534d89da1fa1f0eafca3646e0300263

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e58d4bb15350f84d30c38ca7819b1486

SHA1
c7e9cc892e051c353324d5ff6b11071a09799bad

SHA256
1c6ff33efce9e274dffefe7b63ff4201815b7df1188540be1853a945046f8473

SHA512
d6fbe467a8f7c02558e4af9a5d34f1abe05b7579fbff33756f92c9c0c917d3ca7430cd99285354c0ae3624b73f17b352094b9c818fc0af6ee5a2baa933d92b73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5634b199d0425ea09c752ea068b878e

SHA1
c66d74054c68abf17ffe056d499311be28d6ea01

SHA256
49b7c4bd49579d2e69160114ddbda02befd2466c7cd22d3c6b97a701d4abfd2d

SHA512
91ce2b634c9ddcd16f458721563387162f13f0b36dbf6618e303970c2839d12ae090f110308e984c7275d5b96878eeb2d1cf497d0878739b04367be206b3a433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a4573572a2c81f73b29e5fe3953baf8

SHA1
e55e92ee6ef75b6d2955697bacc2a48fadd73b0b

SHA256
d702c688ee109d7d37e7468ddde2918e8ce472bd852aa48ca16c8451533f7186

SHA512
370b0c540367b6a1edf05204757748b28214a6e0a8a4baf37d3765a81716dfe0458ea8cf7728555e11b6c9578ec7eaa9cd393c7a962eeb8070ee8e82668c8bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1567679524ccf01b3c6840ae7811133d

SHA1
33d608bc5bae598bac10e66d179170cf0ba39b91

SHA256
33f1dd86722f0f0dcd62b9250db7e08912abd64766d0a4fadcd1a602ad8c0f9f

SHA512
9998f1ca452a100d7879064d548106e42a796ec05e4e8141d106deaf74fce6836e45bbbc085ad39cdf26437a2146dbdb6543dcd81c0e9de01de287b1a2746080

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ccc3eaea188d5b8361230127ca29b51

SHA1
ce2bbe44e74dc5699d25e9ae5b4a88e568de1ee6

SHA256
2fc5fec5f51ccac1e8034a1cf79e412060352fba9404697d84cd4ff43f10fc0f

SHA512
051d8cf9c713cf6ce4590de1331a49ee7533e0a77b5b6cb9b400306e7b84cd8f254bf8c4cd4a0034a8d9c07382ee23e2ec42cd41893bef3ecd8198b539f09f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2c7aa8bf741e7f60cd94a451c3382e6

SHA1
ee8ab144a5709ed894c9e1dc91508055a79db944

SHA256
c7877157421ebbe58d10c2226f683900a1067e4a36effe10f2bbb0f18d56bf95

SHA512
0948c33795c44e23b00e9e77b6db887f03be05c030ce5e145e5f38d43cf1a3a7b1d28d67b0acc53e641f8ad2169c633c47be5bb15d9d1544d08c2aea4bdceb22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d3ce43ecc418dea2f62db0c5a4fdfed

SHA1
3612934dbdd102ec09e385fe574a13d33c73bccf

SHA256
4dc0591fc8271b29f1919e2ccd3f08466fa8b8723afd3140b8b3a0afccf56f85

SHA512
89a61c20a0b22972dd6cbf53b9354ae09d6d78a77f787c21321767b0d009eaec6cba25e4dd0a3425e1ce76357ed407aaa31a0d0702bff46379ae93454a231b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35599e0f09490559bd468446221ba2ca

SHA1
247048e21428e5bceff0031e63e360cd1ebbeca3

SHA256
6a24ba9747ab4aab736adc9a4ea244544769406b7834ce77effbdb344b3ee933

SHA512
b4c972b68b695e3d72193abe3f5c5a3dafe14ab4f096da58f3a3c0d0242a9f01672f1c9eed49ab50a13388846376f09539e9efa5ee1f812f51382bf34414e36c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
699860c87a1d4e7d3384bced5d2fd098

SHA1
2d06694bfa2b2e1b84122314893c1fd0636faeeb

SHA256
54f3a091d1e8706d7ef8faf9519b49123d3774f7d275e8388709470f96e87aec

SHA512
562ea0b015dbd9e0d53127380e777720b0f74737a96f8d52e42af6f6322a86007f0b40a5a99c569fb7078423038361252dab77415748c05b6b21379e9b69b044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c198d9e0d54af6b08c9b7205b8ca7bb

SHA1
b63fc68697dc506fce49cfe15c975a2a11ab4f49

SHA256
725b86fcc8288722902d8f80127b5f50b424dec30630b45847b1eafa57392ca5

SHA512
e5b6da9b7ac1ad18d0f149f545c3fb616e3c1d0f6bc45b03db40a5063f425d8e343d5a3c4cbc281112c5d3c19e561a786ee91dcfec5f7125712b42b6b616258b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef335bd209ad57bfa91963f8228a286a

SHA1
5d8a7ff466053dcfba4f4f09fa959dce279b7ac6

SHA256
5181cad11eadd0a1dc91ada2b20d912f7bb2289fc93b84287b34221f3183693e

SHA512
0789ad47e643d6e1ecf819f8c2f65442ecde1c211fd4b42864ca31dbe5d37ff9c14689266cb8a1d1a75c38af682bd5636010ad191eb3b1df53e834e00871decc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90507f86f35a055305d3e504051d5859

SHA1
aa4dd961c6ffbdcf885dbf2448ca7efddb0d9424

SHA256
70a9271388ba956db57f78df3f6aa756e1025d9c166d7ad8ea9468bad76a03f3

SHA512
d56e6edbc15d745c3cd1beac9822a492b65f1969d7e96fc724246c1589e36ff14df187208aa3f94031b19d417053560917dc360d0786080f1569ccdfc9a9e37c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d66f24d08308c5d5706b42dcfadf7451

SHA1
fe78f3080efe4e999a0b67aa6cb3c1da1049d774

SHA256
62b6e98d52e16d316c2854b29c0a932709ad68b0ca58cb318caba03682b18d89

SHA512
90d2d117043c3ef212ccacccaf5589f25670c654be31f50b616c416d35cd5798eaa76b0c79d50f82a47e20c6bcaaed26b573f16bc46cafec14af8bbcb52157a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44f319aec6f9812d1466f46ebb6d8c51

SHA1
ccfd6691dd0a0b85de1525d151db97f2582b2c68

SHA256
95cca69dae3e98833ff31c6709b087c8747aef251cba35825288c3a1d145322a

SHA512
3112b10304c8e86c964dc37d196cb6bcc1c976a0010cf216673b11e0972eebb810453fccea3f845e4db2ea839f6f9c47fe9da04de905b37cede83d4080551752

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1349fdd9d6e6413ab25edd9c7f128433

SHA1
b0e34ebc26196e553f938c9ad15764690574eb4c

SHA256
c5938e6d872167c58bf3443c1503600ea1caeca5ee2f9aa1837d9e44b975da83

SHA512
3a085283d8da1bc4fd8cc36db92d6775b8626bf29b913b6f5a8adb4815299033f9e64815db3e41200c3a8e01ae645cf8a4ab6a7554e98e90713d10bbf5eb7a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
634bcc592f9c38d1d1c31a01f3eacc9a

SHA1
2f292bc96a0d36065673d3d6b2094aca63f851c1

SHA256
d8261a41a79ef04e4f6d3228766cc54a3ea859cc301a76fc25a96a1f80f783f7

SHA512
86dec1a2c346b40ced390de8fab98569845f760b182593ba2dff8f5cfa7be0f076d7b2a75da1a0c313f910b8a5ad16dae23af5f4df153544bb9e71c863449fd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9fc44453d708901eb7561655d6a528a

SHA1
c787370946ba99899938a5bd70fd43abc3374216

SHA256
fd2f6eabc0693720fc920626ca254ddb75aef1afc4f0cfc584db681120efb927

SHA512
3d3f843969a9cefdaa22eb2b4796fec3113282313d601b181160e8e60d20bd52444fb68f5ee3cd702188a49acc1137a7470a2daaaa0a4c6473b96f74bc9b6f9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2073a33f0965d214f76c897aa1196a32

SHA1
b59ad15496a514d4065a98c2c696fecc213b0e2a

SHA256
5c7fd6aa4c608d1858635a0d79fccae5d77d056ba660e4dbf0c9b96730c12485

SHA512
a442859bcb3ff74c3c08311f02a57405304fde4900141b31f797c0686ed68cccf1155a5f5debb2512501330b64121fa0fe4231f5d9a233b20bf8bae8369b704d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B27.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C0A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit