e4fb1e4e16775fa7e3c24ee3794a4ddb020631c8406e999009368deb357d6752

Analysis

max time kernel
0s
max time network
138s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9840c1ce878612d61c17b757b0d3b568_JaffaCakes118.html
Size

214KB
MD5

9840c1ce878612d61c17b757b0d3b568
SHA1

9b231ec65d0a128d7e4b641a49b7ab2cb83c1599
SHA256

e4fb1e4e16775fa7e3c24ee3794a4ddb020631c8406e999009368deb357d6752
SHA512

938806b1891e8383ce8228b0781208717c57b0f1fb0b0624fbddd23e470534ae2314eab601dcacf971ce4df1f2f0c1c53195de6e670438e49e201063414f0cc4
SSDEEP

3072:7rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJV:Pz9VxLY7iAVLTBQJlV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0BD0C2F1-233E-11EF-8554-DE288D05BF47} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1684	iexplore.exe
1684	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2144	1684	iexplore.exe	28
PID 1684 wrote to memory of 2144	1684	iexplore.exe	28
PID 1684 wrote to memory of 2144	1684	iexplore.exe	28
PID 1684 wrote to memory of 2144	1684	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9840c1ce878612d61c17b757b0d3b568_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f32564354227cf45e5a89c313272ffd4

SHA1
98184b850e00edf8a6db1aa8d20fa842c51f90bf

SHA256
a04b965bde40ecf8381cf9fe2846925e11f6607ba4d11f77f5f92221cfe17a16

SHA512
586858c4d401cc01602c42bd58a5ecbd7f5a700aad2e82f61a013c2043524fd4962b19bc7c87eea20ec63cfeadc02d72262148728e0e952cc511e1a1358ec4c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a796b4533bdd05ce84fba390deaa9a03

SHA1
dcdf045fb97954f3ef21be34e8c05075905d5323

SHA256
be0f96b0c48b9302a58cf3db1b91bf3cd1519c5dc5ad8610921755e0a1e1d753

SHA512
edd98e7289f874ff19a9aff8548891e6dc2c769cff746e04b86ff5ad2a5eb572a5af926bb1413f1163886702cf1981551debf0497c27d491dda3b4b10636e4ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f63993653b87875452aeeabcdd611a8

SHA1
f53c8d2945502fbf74d829e0d5252a4066189725

SHA256
47722dc1a46706190eb5e8ea9d7af82e329d6e56071196c317e819a49e3fbe5d

SHA512
9151ca1403c50ddb9022a902cda29bc8e71a181d8d825b901fe04c79a8fa03ce05d6ff6d5eaa3e1fe90cc3d03a5e83a4b2823bc98df3f9021666d6a074481ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4866bef160a2e2147662fcac7a276d86

SHA1
d61f7c0fbb46cc67981a82210a6c096cd53730ca

SHA256
7be54647c4bbe20110dc574464fc519cdc0c43a21a6a5e1f1b3b87cfc513ceaf

SHA512
1f1a077bd6e2894cc85907356a124662be43433860495b28ea87ae60da62651df9b9a89444f7b44d8c0f6e97c3d0908e874caa7a6030db34172f2329115e37b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a38a5c9b7e4f70065fbdc9529ad1e9bd

SHA1
ff9693e0e22f9889fa91b46957db1c618985d127

SHA256
595a9409bd08c70ac5478a5a0aa37624649627c7524db0fdcc4bd545b1f4e540

SHA512
c695b6367a5353a893a6738ef7fae03df8d9bcd00914526258f4e0a5cbfcc12883c26b53bfbba1a36cbffcfe38d6a0e290dd9fe9975b86b4f79be5e8ee849d6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85a1d2b45186c656295dfcfc237e3732

SHA1
7b62fcb5f512a4668f6b2f41fa33f60206df6e5c

SHA256
4fbf136b0753a039b1f2b0c176e041093f218c2f24fe32bb28126fe0ad04fe01

SHA512
e2341deb4b81cbe51b58047680212f6cf48072148356b09ed186a9aab6a081becbc73f31708c653b5b673e94323306bcb3a7c94e52f3b06014152f3cc8683f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a06912a83c2cea8a82d76562ecd4626

SHA1
1c705cfe35b9162909695912027df98082b9c55c

SHA256
d40af2163d2a57bbc9117250ccec2c35b92d495b561c88646f40e524c79a099c

SHA512
ef1955375c76f20877cb71d07ef26a5f434c393cb93da6539ad4c0f504488f6731e2e731d2b681778b5e63247f222aba78170be4f6adfaa265954edf0cda5172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20eb2cf12de0f2aa65739f25884d3313

SHA1
18c5004f15f233c93611b3a4569fbb4132b53c63

SHA256
d794469d912421c9532cb1ffed45af5b1b17b5662555e30f420ae3a3a8e3e295

SHA512
f74060722307eba6a4bfe6279c6b5ac33415474a628f4a79bcab449d437497bf4c227406fa8b8874c8219dc070c06fc32f782252c9a6434483377918d582891d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bcc8a291cc3e171091cdff4b7438662

SHA1
350d6d6acf50459ebd32c1dd09b26e99810d22d5

SHA256
5650abd54972e2480961e4c9927f89aa8776df3a70c993cdf0c4cd33156cc56e

SHA512
6330f567ae3bafe1372ba6d5360f70880ff92dc06e7af6134ad0d0dbc7884d9d768ffca7ccbdfec5d118c3b267ede7a0005fea092fecae8658955187bc6fdeca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a00588879a62a57b7a66d3bf8e9c6480

SHA1
c5e2d5088ef9501960ec927c18d900d5cb8622e9

SHA256
98c92557abc855f282d05a853209d67df5bf68ae3c2093f05690d2ba4b0aa91f

SHA512
cf503e7b02d54636e5dd0090b574b7ca0a0e53c7e308046db24b1a4be966453723f3a0f2c0546bb37aa347317be03d85f0695bdd8e78ebffcf5e0eda2e7b121f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a30028349d5b362fac5fb7311f33005c

SHA1
873962b4916931468680f488b8f3003719e86697

SHA256
24351ea183d4fd40fbbb1e027e72b5c2ea3d09a452df101c108e2cd777a768d1

SHA512
5cfe59aa75b84c0b0f217db27cdf032c1a351b625e7355104547919aff6e378c1f74b142c74caac0ed0596f1fd267aa48eefcc0ff639d3147b133890c3a84c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1da50b2ee8c721b01261b64c712c8c8

SHA1
90fc2b6d06937c65e334080dc7aaeb61e7ac5cd9

SHA256
2cc59ad2a04c23f68fd26d9fc2b744af4ee4405567244dba1afb35a0c6bc5d26

SHA512
7dfa76a78e4a7ad81a53937d081d3ad59a93ba19895ed57280a3eb72628c3b2913509b151ac7d970a904716006c9ffc7c1e8549c885abd3cd0b02ecfd41778a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d3b350730919c1cc9f40a614bd33d09

SHA1
f7ab5be5cbbbc310ee2e2290c60819ca72f46d2c

SHA256
9147b189567211a4a8420f87ffb59f63e34ab5ef01956dd72c8b62a0f6c89c77

SHA512
4848272e7bce44ccc612b1883ab74e93d34a1a32d2857528a9fa471b462691b49fe6269ff042908283262ea7b773ba5aff9855b87e2455f1d0e411c8b50345c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26644283ee1dd3c5aa8aaaab4095eea6

SHA1
0a2b880f180481022fd9d557ea970c1414b04e45

SHA256
8930dfcdfd526d40eac62c6fe32005ad7b9af15989dbb1d0331f4fd088f11b78

SHA512
63d496960f85d921afd2c5cfe0dc28d9011bf06d86e923cf378475bf87bfc70b2b6616f31c55fe25eea69f352cce7bc70a3aa3ebdd5945697f3714f8e3998c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f27bdf0dcbe2ead8525152d745df184

SHA1
a7399b263fb0586fcc3ad24d4d768240c928c42c

SHA256
c72938ce2e39f62937bbce0fc7188f4abf3f70616ba4c9eccb882de06423733b

SHA512
449ef3568ca02d7c9dd5b2188ff9b08db8ff75d572bbda7e344e6d8ecb67a4b9fd35c4c17baf9afa68bacd820098cb56f7dd5de33690ca48dfc88c3f711ef4e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45ecfdfe9b5757fb72fa98503f7a2441

SHA1
c36a3fae98589e9049f97134292fa611b229d57b

SHA256
aed38249b56693836a0ca4706e68a5d3c7d0811fb85f1bb499998a287bf81baf

SHA512
a6eb33df7e999695c976cc035592a7ff8b4cf9b7e92a95155c1a022970e86925cc330208ce9bb9bd620b4b51b8b21b48b2584c96a7f5c4aaeb88a9a5b2874f15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e24b345c1ff073eca34fbd4a492a172

SHA1
0d93305f5645fd634ba5669631a12842883d7db5

SHA256
34a754dcdd315324dbc9718ca8b7dc43aec0d4891ff5f748926cb452794e2c03

SHA512
e751a605f1ee28755f10eabd9420d16952877fb9e37439c386181177262ef8e4395496d659aceb97420d8620f6c2147fb56578a0045869ca9f6e598b527cc776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75621a83fecd528917b9e7b3500d6f28

SHA1
5cd6c0aff5ce6af3614a541698ae93b654f298e5

SHA256
9f8283a4cf5511c938e407a631f5b2b001e8646b615955f0d69f2c8f8816a23a

SHA512
24cd4bb50f3cb3fd4918e2532f630fde866a925b996aa03755ae026eb28a4335585c5c2f6e8bf2656f24eab4df9b4d7502679996f56f33a108187153833ae066

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA40.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB31.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit