8b878679296527c12f420e2d723e0dfa1be9d49d05f192138a296503631c2bea

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

983d9bdfcc701d2dc4d7bdbdc7ef95dc_JaffaCakes118.html
Size

17KB
MD5

983d9bdfcc701d2dc4d7bdbdc7ef95dc
SHA1

b5495ebd20ee399632fb71194613cfa799f8bb79
SHA256

8b878679296527c12f420e2d723e0dfa1be9d49d05f192138a296503631c2bea
SHA512

05bc5081be2117f4e57db60a5f5b6ae4d459693e2c66c6fcf5e4495668575b794bc834ad8241c4fec68d5f5bdb2ab156337beff6bd23d87b4dfdbaa1961f3452
SSDEEP

384:qZezjzg5Zgc+RPoW0RX3qFBnk++HvGe1ZtZv27J:qZizg5Zgc+RPoWa3MBgP9ZtZv27J

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 20 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E20C0331-233D-11EF-9267-5267BFD3BAD1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2152	iexplore.exe
2152	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2356	2152	iexplore.exe	28
PID 2152 wrote to memory of 2356	2152	iexplore.exe	28
PID 2152 wrote to memory of 2356	2152	iexplore.exe	28
PID 2152 wrote to memory of 2356	2152	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\983d9bdfcc701d2dc4d7bdbdc7ef95dc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d4bc2ddc0d5b4e417c4c359a199d13f

SHA1
ac18f6202c37033bd8f6e5579551403cc180a537

SHA256
cca534c5ea1028a7b89f89041d52d1a2e3e03c106eaf910a559e41a4deb20352

SHA512
86f82d07b66ca662fa333d3251c089ac8496536a0ed2f0533ce36c655e0a63b075f4b577fe73248d3e1fbf936fddd8f9d9cf66cc4ada4fe0be4414231ec54009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dc5fe8f7d83ae50f408a07a25cb8f5c

SHA1
cc21875b1b5ef3fe5dfb218669856ae47cb8b5d2

SHA256
a10e71d2539494331dbbf4f31d6529fd8e409c584b35b74754f360c714e3fa18

SHA512
549294cb7d97fd71edd6f20c493b728eb31b6a5c10cecd593b5be3191ebe8b69e4ac374b546ba6ca65160e9f86d8c95dce27f500624f71dadb99af82fa4bf138

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
627a23213909704dca9e0040cbd385a0

SHA1
36d02c841e44978256fd3c48bc54fb57c2c70ac6

SHA256
f74502028d819daba6c6a3403166ef8a4a19f44e84ab323ddac8b408ca09cf25

SHA512
0a47b0861d1741469713fbd95f9a20a4f73155c8df044019ebf3d97bc6ef04f0fd0977da73b2505ce2882631e3408ca2616cbd432105c1a083221cbb27293c8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c32ca3120de886644b4ddd59e4279ce

SHA1
8b4b92d7d84b4d83a282e3ff28467befc0a37c53

SHA256
5dc91832525131a7fc50cb7e7d3f91698094932b13b09a317b5134db28736637

SHA512
a8364a996991fecd3967413741806663cde5715d54948ea5081b1b3d5c984d73e47dcc31e0a48acbd22d81dbb420359ae47f89fa7c1e4c719a07943976135601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23efef108c20411f5d29efd34fe6e6d6

SHA1
625198842595cd029e8e6033b03403d0b431a794

SHA256
83077c94d92dd66fca2f644a9109e664a2e1cc5aa99aa3d929933bb32b41cdab

SHA512
962a00909460b92058cecf7079865e305abff985c4b55b9a0653b646dfc8a50fb1140041bf29a828a740c0bb0a6a142d51a0e2ea2aa617796b0e5749c5836a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
835585ac57398f4870f94b883086251a

SHA1
cbdbc3cb0a0d479e37594c18ca37ad2b60a2eec5

SHA256
524db57c6e9e6827c385ef72f41a4f2580621d05d3a6448da4b67e32b56797cc

SHA512
d729cb554328c602c1d7fcc7598bbc6afef832f8c8b2c8b9d1fc7704ed90282a21ec1a69389b2a61f56d2f98b6bbe1be1f374e49ddeb144ee470685da6e15b96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
015f0c455e8f5b21f1669a6e0bbf9645

SHA1
80fe7bdeac979166321aae9f1781ebbab7ee3588

SHA256
d797f271cb741722148a926fcf64cd0a9feaaf741dc4074b01e8889061a145c4

SHA512
4b9d5ca4dcdf8667842e4a132fe5b783c7448a74f25058154a5438f1174fd7d833a41f758858728e9717dfd6c206b7358beaee0467a24fb9705e966f5e025884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be284befe20ea349d7f8e87d4819d965

SHA1
e09fbb9b9e249e2879abe2199e8d489a4ddb306a

SHA256
61438986d218488a6b3c9611c30a632027d7d6a29454e8376ee9b215239778da

SHA512
091083ba38eac42af21535a5dc301190439c66ab5fbb14efe4efbf14ddcdd1a8a56e1e975fdd3543457f3671c6ed90b411b1694a8ff623799354c0f35dc7a665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f31b1425330a76552833d9e3bcf2d021

SHA1
4627098b52ce2a10811af8eaf85aad6cc4826b4e

SHA256
5d4149af4c61494d0cd732eb2f72914e52463af0d443501bc5978a5459627cc3

SHA512
4c206cca5cdb0b33d137ea76290a8d2b50ca402555ecc4e7703ef8c7639596698f39faf4af2f69cd293abef05dc7e14856a769a81a5b3b8b51193d70ed1cf847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0c102547f5b2493a7c017802c106991

SHA1
344feaf97340559cd40151806b8b12cd4cc93aed

SHA256
63bc5949f46302a2abb4206f1deb21b335a59f028f9498019abaadd4bb239916

SHA512
a6a8467431eb70e77c65c42fb6703d851f21a654b0ea3809cc1088d1163c30d124388c792dc2e1dacf1704c36583193052f82e1912325c37eef9b39c7b13fd54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1a106de2744d0b8ecc217734ff2d17b

SHA1
ea1b4ce9581438fbe8f22531536aab466b3123b3

SHA256
166baa971198ed8e247606bacc9ceab4d12cf3b58d4a8e97f49ab307d68b5ddd

SHA512
0c2bc4250624ecc631537b8ecccb993749997d631d18683aa161ac962f51a1d74429fa0f92aaee297585c308dd3ffdcb68a4058fe31ed0233ba2c6022d865ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64ae764e00d9fa15032844c48f8983c0

SHA1
ff1978d5a35ad247fff8d6b441f55c96501af078

SHA256
d05fdc3021e41d0c3b57ee6d5d05b8c487414b9dd6e882bedd18b6296507e9b1

SHA512
125bb5e5ef8edda25594523ca21de247ed4b8a8b756a917df3f118f3ed98c630726d67c3df00bb4d2977936af99d598bd4dcce1eeabf4f9b7b1531965cbf7e6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
028271a94fed00163066020e01015e65

SHA1
d299311398c76a467e9a906c9579ac866e014e00

SHA256
152fa76597dfee08e77b90f69855b867fada5d415803ccbc5626b10912918a7c

SHA512
690117405a369744fd448b7c9d0cc32f9e90e6c2befdf9205703e4fcb0cb42c871b9bf48504f1f5c04d0e5a306199caf7a5bfed82185976c321407a77cfee71d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdbaf733d93215cc2b679741c2c38bda

SHA1
6734f2e3e988c9c3b255067db37c67d749762f35

SHA256
266abe603174900e449bd7214cc3d569264de6371c24aa30abe9984e1b3ef009

SHA512
0340a30d299001289b1ec4d22b8b97db42fc5733ece33d74cba83d24c7a565f0f42184082ff8523d6f1c7a8b250a3e0a5ffc97c00da7f08c289fc6f40a7d4f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84fde13528abe3d7d0746fddcfb2e119

SHA1
4fa91458ba4a8b6fee74506408fb895a7693a72a

SHA256
afc6e6edeb5bc53bd495ef26266b4dc44a56d071a01c4963a00d091c660a84d5

SHA512
c446ac9951438d15c0f1f4fb81294344220d099e38a27350f5302668034219e657b88d639a4f7c4d241a25bee96b587f964f4beb6c3e0f2402ca998221852011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54aec401f357d031e2b02a8819cc81a9

SHA1
2e9e80b3a60d5bbcc3b42afcb7b605a645569952

SHA256
7fb956f94aafadf0e429454566ccb32375d638254eadf33c22fa4def44bd6fab

SHA512
16e2b9ef51eb38dfb843db50fbf5ded4031e5e026944f921e7c860cc10ae87186205ccc52ef5a1fa0831676823af144ea07ea816064c60a4f79d81ed1a69ebd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb7e23e1eb0f73da0684f50e63f76930

SHA1
d8b4f1337a8c3063b944d3e540f29f5a03ab0195

SHA256
70b952a2b62c686ecc3007bedc0fa02274a5367129e781ce08fad37188e7d377

SHA512
dd3db25a28f937c8fb007b0a6a0dc93064530043d1533df601664a684ec8b20b85438685a1236262ed9f1d4cf1a7215651d4ce3bd41a3f9a23f8ddf6af2724b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c81c96cc46bad9b31072ce0eda5df1cb

SHA1
5a11e1f7059d46338c7fd1838b94db878a8e4b09

SHA256
c8d3d2748ed7ced163fa401918a115a653fdc9417fe09355cf3fda0ab97547c2

SHA512
bc6c40d57973dae6e0eafe97b8430893b0f59a4f98c07f2ae63c09f646986ca1fd5a755d788c2138bcea41f9097b6182d459a29864e6052945d70c762e111e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f19e339c1d654007613f375a0e9d0137

SHA1
3df1331cd01793931f69e2af6a2f5786176f32df

SHA256
6364b4331d01ecc3af9cbb47fddcfd2f8ada3a7749bec674a183641e9786abe0

SHA512
61448f77fee2737a2e239ac3e5ac783c9281412b6c8c0187a19908dec384996c21274da64dc80ae54dbfd37eff6317c63e29485bb91e7f5bef7c41251a295df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31AC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar329F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit