430d7aa0b81b22d733d9d921de17995023ee73ddcf585c3f588008671d2a4cfe

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97ceb8ea24ca116a878b48ed3b816298_JaffaCakes118.html
Size

213KB
MD5

97ceb8ea24ca116a878b48ed3b816298
SHA1

61ff1edd8e2d0767d91a3ca05c65d5ceb24227db
SHA256

430d7aa0b81b22d733d9d921de17995023ee73ddcf585c3f588008671d2a4cfe
SHA512

0ca045f2fc5621dadef8e4e3acf407106caa2cceb4e8a99ef1998d1832699cd1e3944952935801f96a86f578e9bcca12e31db82171c62300815d221e5ef88fde
SSDEEP

3072:SzpFftnoydT7wyfkMY+BES09JXAnyrZalI+YQ:SzmQtsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423743511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78373171-2322-11EF-B1D1-D2EFD46A7D0E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
1768	IEXPLORE.EXE
1768	IEXPLORE.EXE
1768	IEXPLORE.EXE
1768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 1768	2756	iexplore.exe	28
PID 2756 wrote to memory of 1768	2756	iexplore.exe	28
PID 2756 wrote to memory of 1768	2756	iexplore.exe	28
PID 2756 wrote to memory of 1768	2756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\97ceb8ea24ca116a878b48ed3b816298_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed2832b457073c0650dd32d7432bae9a

SHA1
918e495a950ce1bf25e4f3280bdcd46f3e50bb82

SHA256
bc1bea96533d1769f335fb6da6627b4c599eaf1049a7d214f8e89b70f7ef2de3

SHA512
9fa94915d9a7808ebc209e063c6bcac34960b38ac8c61516f1a0ae3d85079d704daec6afc96fe90532e35adf9767e0ab55c440f9db2dbcc67cbef352424e23f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d2c5a2496a52ac3895e1c39857d4fe

SHA1
6b015a2bb3164a9d49e22ab07b457a5b18bbf41d

SHA256
a022e4d073083e2aef31db2570bda57585ea94d92d57feaed4af332deb2376fb

SHA512
f0a614dee6a3cdd7f81aafe0394eb65265a3c542e29634f4f8e79ae245a84dd0354f6fcd11b677451fa6a7105b86fb3e619e0e84254177c2286f49f7f3bb69b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee684bde71fb935c74ed90d1f7f0f584

SHA1
ae618b0af9ce22bac422f57ced21d1730f529840

SHA256
5a561f9dd686d593d8df94054edf4a44dcbf2f03c8b289bb7f6d56d257c98c27

SHA512
2eaf7a63fa0e905dcc981d0b3fc8d0d0a3012b700bad9aaddc30b265a8d8e4e771e229aa4044e389e78e5260b8f136ef1c21f271e29069629763f5fd7343da69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0404f8e7fdb75d2b310f109d6b6604a6

SHA1
7843c2553ca9872ef4055440ad11c68f90adbe99

SHA256
67cc23ab4e5d5953b5e08dbbfd633227d7587e8f232fc7894bc0bf81f07ecab9

SHA512
f4e5af07aa547970f00b519192b41a9537f3b67f9bbf5139179463afb8cf9c14ae3bd45d1ff6c4a650b8f3bbb229985d8e05ef5004bab857c43638decea4710b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
614aaa3cdb8b80269a164bb9a9aa17d9

SHA1
ee8ddcb1951c5786d649fce832e6d245b24f738e

SHA256
006f49d85b67087f33aabc9665321250183e818fb1cfa3018cf4ae537749caa8

SHA512
9c7de7f928122c54f8bdb8ba3bf83df6dc461c321d34e37f2205ccbbc66674b6ac732b90fc71073edaf3a0005ef014e56ea3c8f8991a2382ddb2ed5714fcdbaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2a4416105813644a9b6c7228a1f99ff

SHA1
bd6105f8c4826fac48d98290fc86aa55b8e4239d

SHA256
7215beb360b180edfecbf6fe49252118067e66748df05d481cbddca89b0c25ba

SHA512
4b02f02efffdaa9db0b69341348c0f762023eec6ea8cfd0265af3bf848fa64515cbd9d7b49762b9298499c6a71d7a109547ca4873a6539bd88fe9b396a7440b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97e6bbebe7ca1dbcf2fe7b8e9b65e74c

SHA1
a764f4b57f3e8f5be3bb27e37f07c1494a281576

SHA256
fefa832ee0ff27b78e82f528efbd3e89ef7ff029b5f169bf3f988f548e129a2e

SHA512
09538a71e2ac6c8c705c02863fd14b6859bccd3a51b79e5ae0764456d2dc11e6dab5f577e47bc2c91b61129ce2c806b815a509bc3bae11fb44e69fee67ebfa42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a2f6b716b227d56820757cd18d9f03d

SHA1
9c92411fa717c9ddf66ebe958310a2a3dcc0a33f

SHA256
ef4e31c338f89307f40bd5fde11d59048d5111f740a65f988b5719ba094f37ae

SHA512
19cdf6e0745479e51c34940b591f8383360290820b4bca1ef281f43d17503527f8f7732f76efbfe29e9e462f78b2b472c30437410d3a8fc55602587f3751ad65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6406f50c321d1b6722a439e9ca84413f

SHA1
551f61b3e16bce70cec534e8a16be2733c622779

SHA256
4e04cf2ba2abe3417b99110873b57142569a482937693a5c0263d7bf7681c082

SHA512
da3a9474fead7fe347f803dd1a26fcd148041a99a8fc477fc3ee63e8e8281968e72b7bd930dfe649d3df9f1f1d313779a0e2797ff1774944a3eec1ca672d139d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af4c04c8374bd6ed780b1bb61b129392

SHA1
7d8a964044565321266574c9fe8b0be6a7219842

SHA256
09018c8533ee463a02ac65c35863f284a9b39ed749a6ea1d1803400b633c951c

SHA512
0062e5058b0876c5b36f1bd9d89f270d77c70002e1aeb9472592ef550175aadc6aa1f5243eeb56f9115d2c6b14571ab2d3f462c52cd571faa5ab1c5b19f5f184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d8707f86552f4b8ac92caf5818bd6ea

SHA1
44e4acf63a45e5834dc061e18a46fa24eebf0d78

SHA256
ac6b4566886682289f20708391f6a9e658982029fd303e617013d9f7ad05507d

SHA512
32650247feaac51118fec0e9c97890f46db7583ff0aab1f9d21b48cdf53a7c441e3cb67344606c3c1040d54413eca92e12ad34236e84de61576460691abe9c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2521c0a754331461b74380468b8896b

SHA1
c94fcbf461f272e5d00f7e84c92a1158f491901a

SHA256
0615c118fd57a95165b970351bb5bcf2dfce61bd5a7a43eda23fa7fb2a011d2c

SHA512
5b9eb07bf920343a4662f807bd0b77d2d0fa5072880d78c7154d83272e80756a76e5dac28d859d2ed788f4c7d3a9e34b8527ed98231b7ac7b16ee4246e6273f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dc9af9cc730ef6902600773a8002f84

SHA1
7615bc91e6aa8fab973cf5507c3f6892cd7c88c9

SHA256
00873e75f0e0ca4187cac9aff111c3b5cd53649f13e24b0393de8e6d26090e47

SHA512
e5ff4431a8acd0ed59264352d6515a8e56f8e9f7981807081abd42e48ba1c2bec8d5978cd5f01a13ce08a5add07443e520da2fe9978a8f4e6227c94ba9c8c027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
811a5fb6002cd3a985631f05282ff14d

SHA1
87f1198788f1d4aee2300dde8e56ea1107c4a88b

SHA256
e40d04a815522155679d533583895f1be58d3a936f756f6100eee8761b1893d6

SHA512
6f414e355c9efed0c10d60280cb7fc336be3f70c51ec83e81fda7d3716d1088f1f9e44a0f0dc50d3ab19f65e3a9f82b35fa7ea48ba0b506c8de23973268209ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35090a83db404b3ea701369308aed129

SHA1
9016798042984b726c345162bde0371ae02b05e1

SHA256
d64e519629d7f50cd72c69534d5bf1241bec93f9e37a594406865414793b634a

SHA512
a8647e7839ef38fb6ef635f6188af68d1665a1304f87055692a162337595be41c176a25498f0382d2273a4690100b90cd04343460706c030ecd0aa91955653de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b125de3b210d6d9e06dc7efaa8ed5a2d

SHA1
d7904ae1923d4ec4014354aa751a98da38ba76fd

SHA256
2fbc66a3b1625c1d94bbdf5326517da21146c922ce395edbeb6c1cf8223e40b4

SHA512
71b756cbf1e386425e50b0964c41c4dd067893cde41a46796733ff81c3fc3482de2dfcc0660d01ff37eb03187ff786c593557beb15cc103d195d1ca64ee15fa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74a8b92e75556924c15cd3721d677474

SHA1
501f7cb0b1364896cc088ba1652aa6a76a220a68

SHA256
a27114e6989a91899650045908e5e6d1f2979557d27c27ac186c1a53192c5884

SHA512
081dd37078cf5dba8fcfa262c52a4aea661247c5e8d883d10e5718dcf52a1b26d2c80423d1dbb1ef13e5a1137876881a7b2072d089986b8222bb3d1e066d5585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bed1561adef540d1dbefffc528d53e19

SHA1
2e6b67c1961935ccf992d44d6b1ec3e41ab97ab8

SHA256
1bd782c83d1d728c85980e71786b7ddf381d8a43b57eabc0c7f04a561ee889d9

SHA512
bb395aa3091060bf84a429917ae9cb7a9b967ae9794404ed4a3f0cb11d22ddf9041b9e439bfc0b0f1929cf9922ebda9d18b80f5b3d0ee699536264fd0ce33706

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E6B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FBA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit