4b6baae8728bb224cdc9a94ab9438fe5c0b9819bf200eeba22d9225914a9d186

Analysis

max time kernel
1s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97c1f4710846d984b3651747a902ad0b_JaffaCakes118.html
Size

3KB
MD5

97c1f4710846d984b3651747a902ad0b
SHA1

f5463e616c5f2c002fb2abd9dd55ae15eac9c666
SHA256

4b6baae8728bb224cdc9a94ab9438fe5c0b9819bf200eeba22d9225914a9d186
SHA512

37e82d383a6647d5a3d82e25fe7728879464dcead752912674f99865528d245c6e1666268b97954a1e6ee4dab9966bb27829983e264d6e2f32d198d8ac543b9c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F74E0FF1-231E-11EF-8C27-FA5112F1BCBF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1548	iexplore.exe
1548	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 2560	1548	iexplore.exe	28
PID 1548 wrote to memory of 2560	1548	iexplore.exe	28
PID 1548 wrote to memory of 2560	1548	iexplore.exe	28
PID 1548 wrote to memory of 2560	1548	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\97c1f4710846d984b3651747a902ad0b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98acfd321d76485b6a44c05844c505c0

SHA1
e650cb8b8ab9d75d3038c43e126e1bcc4fb888e6

SHA256
a1bc053ffea660ed239c427689670317c08175ec7cf2c6efd9ed19787e51a3b0

SHA512
5b3f209f2910a721e4e583417e5431569000c79314490b505f963c9ee81c2c428234072558b6c48efb036ef015b5987d51240858439facef5f44b60ded5d8e3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3abc9b754a62f5e15836372742e4e590

SHA1
09899c6113ebba8c860c0ae9a61ba221d6cd1bb3

SHA256
9d590e28bd9b52ceaac7955d2e3721b6107bac604d6f996f44c9e54b3fa3e982

SHA512
1018ecef172adb8992dec078ec75559daf9b7323c08274533e77401073dcd4a01490fc03e5edf5939f5d0bbf762d85450c6efb635d1e15f28522fc1e6eb14a71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7e06b1bfdc01ff390e1247b4cd53a90

SHA1
de32ed14b0261ac0fa3eb0f2c78a3dc9ad9d32bd

SHA256
7b85861b3766ac292afe67988e329ef0276a43e568c993f132eb40aa4411b19d

SHA512
147f8b07b5b42c666bd12fcb523eb936a03d30e6412ef24961478cdb50702e9cfce1597fa76ceaca71987f1202562b1c39bbb374128d455d5ebfafff848394f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1855c7fbebbc4f9ab7529221d38315c8

SHA1
e33033ec23704933e74b7d0ef36c9a8f37805526

SHA256
a7d985305125831b7cdccef432c89b19e62c2234f8af2939188a8005af130d92

SHA512
416c906c0bd3f9407ecd2718d5f49d0ebd2a322d1970849054f92f6cc70e92c3fb908d1f6c0ce0d4d87b3c8ea4628b71d9cacbb005621f7b764cf9be6b9fc756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e042db50d809994c757a0b31bf66c11

SHA1
51bc5755bd0be96706abf7468c3426b52c2b356e

SHA256
11a816963f7af43c6ab38edf37499e3a78a5bc5cff97b572a9853ef23d6cc31c

SHA512
35a487e96f2a9fc54ef791e53dc15f6f9081452cba62c3c2d584f424debd15c8a51be46cb757370959c53a4a3d7fa48ff278fbd963678de4738d139ae19a55b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2671e320f0edfce2d9bd77d3eae5df3e

SHA1
54134c0268c33628e409752efd2ca2da6f6ae36c

SHA256
94c3a27df0233fc4d2a022862d67d65f5d11a5e08199c0cdbb26b6ed20da265c

SHA512
8e48a6adb83bc7b761c92b43da37a6603b1b42bae9509d607418cad204a3e78eb8ba3ccfcfcc25747af66ccb7802e7675b3a77ddcf1e6a12b831de12a90bd1d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00f924ce505a2cfc2dded751b752e6c8

SHA1
963091d8551d36c04f07ad43a7259519792db5f4

SHA256
8c67d30b051ad2f5f92c1ddbd89b01046a7fae097a6595425046afabcc3cc124

SHA512
f8d14c1c292d82e29d90e5e60a033a0040e54f6f0e92d39beda8c44c5ab0b00eeb8b9379b054ab6a39dc6d0fc7b793a06f275e7d4b84b4f40d156b84419a07b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aebcb37625bf8135cc36a2c96f1988fa

SHA1
cdc978898bf576937a5bd5b117d00f361fa9f2c3

SHA256
0792b71b8fe29dcff69f3f1c6083d96c16eddc71408c290d875ed399b547d7e8

SHA512
a43e13a30d04b75a32bc979f6f4d4ed7d21ffddea0e3bf218605ce4e9e498e4c601c5490363dafc845f276bbda2553ca3743580092337d73fbfe186f2b062e7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b0866d0429e3bb464e1d5a77c490bdf

SHA1
b29182f0f9a85cbbf3a1c34d4d4c80b4208bd8c2

SHA256
7f1b00fe478aaaada71fd8bcb4abe609dacc23eafa3bf1a2dbcae38669c525fc

SHA512
286f0a8cd0806980bddbb60cc4872fdde67e8435b1682a8cee559d9898de51968e4c0e8802bf258e8d6a41aa77d2c2dc16a3a4f207ae8f76e48300993a0d6b2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c88a682c385ed181c683556d7339372

SHA1
c924af749b5d23fcc3af431f28b584ab7e231c17

SHA256
681fae7009ba88a5fbc5b88d651e61c14c2d15caace129664d537727acd82127

SHA512
94269864ee82df89c383d88daefbd45d238011df84fb6bf580c539a7007d6cadc4ccd8962de060dbb8eec868a5f968b43e8af50eb5e3b65e7b4e21ddb16e6419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88a80f27fa1d55482fa3785c83e84ddd

SHA1
26cb2e0edf978599900b54cc360fd8e3ced4e7b9

SHA256
8e6cf80b5dbda324f4ff72a40f39117af80c6aec6c15419987dd4026f6d9dbc0

SHA512
51d6b012dddfeb108a5ed9892ad625202f6c0d9c8283d3346940e3096235f3a88304aa3f27f81ac972555d35e4a64211e35dcab84dc7978514f869937e16336f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ac759c8cbb23852ae323506ceada411

SHA1
74220223e7e8cdcf7744ea5052b30fe48d4fc2fc

SHA256
ecede8fc74356fb07f2aaf8f543dbd02b8c887bd2d5cb71791018c85a3ef0f46

SHA512
84587d9c7875eaeb5ac1943fc3602b65d9863f6bb668cd94ac1d1ed2c2af1e30a3198c786e4d61ab7df1c33d38f9bf085adc4ca7467337c16f785f7dd57262c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
696a2f8849efcd6855e27b44595dc6d9

SHA1
1fa549e87d0e1bb649646f91c32b64c90786cc1f

SHA256
3f7a5c76144227896c86f42576c3be41b6f4aff5c2ec64bca961fa7bbd2f0d3c

SHA512
80147e1f2bdb76c703298d607c10608838b3a9ac51098502a8882cc19bf67515031d00bf579beed3d288a8fc552e28fbc97eb14a137d767f9c08ba9b8b96138f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cf3bd764f9767f138f2feca197a64d9

SHA1
faebfccac721df647405d4862c3a0777edaf927c

SHA256
2eeebf481ef4f32d2144a9b404036158af1152b2d28a10c4ec6f3bf3cdf0e1bc

SHA512
7ccd70f375c3db152ef796b38976e301f05507de0ce191a40f2a82bab5d875b337ab2ad3f4a2b2da12aab7b692aa202c4f1783ad366c7137c468d100c9d9070d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e523c6f23ff6dead7b013ade40fe633

SHA1
6cf879e437afa96c2cb46cffa1c763747e904f0f

SHA256
3cba4367a919f4b4baf7ee5c394430babf2db6a64502b791beb9e823ccae8e90

SHA512
e797290dd89d512f1971e1dffb76c023896f295a4a35d3a2d4ed657c156f5daa49e61ea51aec5a57538792b7e3b8d4491d000064ff0a6e655237ae57cd713af7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f3d07321658975db06241b129dcc08f

SHA1
61723cf3361e53920a9a1e85e2c64096ce3866f1

SHA256
2e32c2aa0f833d574d9d3fc083551944cf3c1c6dd9423e7d9d31260a69c2b082

SHA512
ba681b6d7476437cb91fa28c6bb98fae042c515ac2725a2dcc3076dc973fe54074aa0031c2d98fa28e39e84015afc39ace8be51e7d1ad09355cbac5eb8553f1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f23151b3635900c49841ee8cc0ea7b2a

SHA1
425bf2e0fd5bb50a731e9d98d56c21dc576a60a9

SHA256
a6f129f2733e2400198dafe15350ca70f27f05d118fad2733c8f32a74a989d2c

SHA512
7de8ba7fc8e57d953aaac388fc39e943ea4d878b61784de0ab16553e3b573c9f3d36a302bf5f16503679cb7915154aabd4d2d217fb474ce7ebd8d434f37503f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F9B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA129.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit