08382ad207bf5c9ec34cd911cb5c215dca06da007f1769a8b11fd406abf11ca5

Analysis

max time kernel
1s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99a0c757e55ffa396e415c817dbe90af_JaffaCakes118.html
Size

71KB
MD5

99a0c757e55ffa396e415c817dbe90af
SHA1

5f4acd3e92af77437ebc5f8bf406595fa4a8d2fc
SHA256

08382ad207bf5c9ec34cd911cb5c215dca06da007f1769a8b11fd406abf11ca5
SHA512

94f85eaadc18da26e70f50868c9af5a5301faf8bc9254434b9ab6136b2a3005e6cf852d6e13f556ea5551785d2f87f6a3e3e6033f8cc7ac5e0489ba481ebb2b8
SSDEEP

1536:/8KFabSnoCjySDEtpr7SkII9LbBLuPHXhCuykLVgJJgBdR4J+Vg8JIcA0:/8KFabSnoCjySDEtpr7SkII9LbBLuPHD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5EAA801-239E-11EF-A6D5-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2236	iexplore.exe
2236	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2240	2236	iexplore.exe	28
PID 2236 wrote to memory of 2240	2236	iexplore.exe	28
PID 2236 wrote to memory of 2240	2236	iexplore.exe	28
PID 2236 wrote to memory of 2240	2236	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\99a0c757e55ffa396e415c817dbe90af_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
  2⤵
  PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5db043f9c9e886b2862d92ada7f03a2b

SHA1
34ac7c105418668430e89800ed29af1def5fa0b4

SHA256
8007b60d17a52e398afd5da5725b1106cc929ddde8fd09c6a4a585b635ee8a2c

SHA512
74c7699b289df5007fcd1c510396a7444177c836f8deaa65a0f4eed1d3e69c8adcd5380291a371d7b8beecae9226836ed363cc72b28f8e292ecf34e7fb618128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
074c76e24d2cf5f215bedbca392c32d5

SHA1
4206c8428a1654c2195a93c1f99f94f5fb77c485

SHA256
22e3ff9bb210c6889146f86f3a9105035facb8670ea64087269ea3136720ce2e

SHA512
036d9ca8509c4d4bd64ee08b976d801fc342ac29e2525264b77f22d4f0d139c715ddae941ff9fdac59e10c125d7d4868cc80ba66a543448ed2c4d6e1a762a503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d909a15cf90be5d19e5b6878266799c0

SHA1
860f92617d9be77148934c8625611215e787e94d

SHA256
93fc2298a2b404141364897c3edca895bd6df264fd333b8e244156090adf099d

SHA512
0d259d5e17604bf7052ad4b6859fc50ea9c6081d708a38903be973d3a467dcd121fc6327d1af7abd1b8267623f76eafa65bb94a9f642a5d3d55854bdcf309a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7941ee55524d518193f4d3777146e6f

SHA1
d4c12b64b52d9047afc88b23a2625821901202f1

SHA256
7e6946e0850192dc3a5982911ff2179d6bb4c1ae070f9b2ca625ae5420904540

SHA512
8e8352d876eb3a06f438bcf65a93c678ddb07b41db6fcbcc5dfcc9cac1d86d3faffb2179e3e1139f0d359f52bb5d31a4d8645d7f8171c21e99cba1a679730088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d511dd9c35b702b3c9313dccf62794d

SHA1
9a5ec6845d2274f17b4eddfc3114050de4ca77b9

SHA256
7ddc0ca253f5c4e245a3be1fa7af63a54f42d2a5695b33c4bd37e7fe07adb33a

SHA512
85ee627d65ddc2648c658c45c9a67aac7d9aafd1a0271d9ce20d6b9094a7d2f04d695af6d4aeafbfa964e1246ee1eb7910d064c59959eb8076a742184caccc0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4c99841446850ef06a8bff72173aedd

SHA1
3c7e416b79d10188b16a6f0aa09f59f5f4a3b279

SHA256
4dc45c3352b45dee603dd54ca77f74f40e0e3d80c9ef8dc8a64232ae00991b0b

SHA512
370da1d3a23ce8ba57ea1b68bdbe4ba87237987079f03ac8ef829a33a6777c522b96a06b8918463fe7d5ffd94ac7ce5368ff5df49273175fef8495f021fcd023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a83e731ea2cb57156b6085918b07f0dc

SHA1
46767658c7e27e50c6947e119c9e2f10e0f78851

SHA256
0deb82c74600dac2ccedfd2f85a89b4799e5a09e533b57945a30395e9917e917

SHA512
e917f5babbac610d19319c3fee91ed80e8df6dcd87e4e262b3e0e7e0f1daa388645e77c0ec50b2deaa4645f1d92011bd6a12a9a5dad0987ed3070666047b32da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6677d5bbba969abfd5ceeeab0f99d718

SHA1
919482310fd621f115d31166f22d9d873ed3ab00

SHA256
43f437d62074fda24d360bca0b5e37e01a250f580fa45860a67532a06b097f61

SHA512
435c423466576c291b58a495169adf9232be0910aa6db3412fb5b2104e5537bb9b09ce6d36cc35b582544076719971e47a9f3f38f01aba90c02eb7accaff7a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88d51808f13c073a97aa1ae4c3241e29

SHA1
aeb16b5a46f0a7401dd132aa4838b60b8aafb3bf

SHA256
ee5777d3392868244eb1f9eaed27b2cb6d67eba12914f5bbf810a3c1fadbf765

SHA512
c434046ab7d3c8bd6f9aa6e960c435f1ae4af9692f4df987797ab849dab2c9af6d28070292417792394ce62f856d4c4a5552b276181e06d3b13ff1ea0465e02e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f3a726e8321d380a5bad69cc9508712

SHA1
558fcab7faee2142c6005b749f731744ea39a082

SHA256
f7827c2bf4339fd1436302f4473c7f9dc4b3cc5219e61fad078f2f431ac9bc48

SHA512
7d175867460ada0b7de608ca0a2052fb9e57d59db730509983a280d0d5646c65bc0e07716b480ab7638c30e60e07cb0f95aee57bd9fea3e8718817755e8ec5d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
553244684488087d097d64e9faac9203

SHA1
5968b55b35295b18cfb054d729c2765caf15da3c

SHA256
414fc3fffddc0064d948e9a9ef0468f2e682e7de4e57656c322b724e4c170108

SHA512
2bdaecb5d1d3675e077b43b9965472b02695da3d5fe51854f91cecf69713963ae70cd112280868e3822fe35e6c7bf2d141d4fb8fbe1a27ab140428355196e615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca8dbef63e064df34fef8c2fefbbf999

SHA1
653c3aa90d069a0e37ddded7f858f7192582ed4f

SHA256
8c5bb2d2d0a9571feb8c5d29b77dcc44a7d7d0f88c4011562351e718e35dd291

SHA512
41f69bace60ecf65df9f5aa619af19c88a5d3ec1652e13878975ca72923583b659bea0992929ce28ae9b628b1c2994f7e4b6aad60627a280b3f39d91f5108c52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ea3e5d5be1f22a55cb2550aa6eb57c5

SHA1
79aa92fc7d28e199e5362d8f93bcb654f7da5407

SHA256
f0dd56c82358b477788b459751c8052b96aa78319559c8d875479a56991b4e2f

SHA512
90688ba52d18b0c5f65f27622aceca1b6c4312d402c46356058e39eeaa18eb677ffc8baabf768a29987ea57bebc2778d287f23c6f24c4223770af7cf770486d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
893365f2fd06a0a6a825e2627735f8c5

SHA1
7c9591d9ff059f5d4b428d1510b2d3d0878bb2fe

SHA256
00b8a4b24fd417123930f520841463225b62d2926a1fab59421eb517b4c34a71

SHA512
5569be1e930b90da234b9fa97d9b8f21440dbcd7093299c79448a4be16cec852e65d1219f64f805bedf196289c43da17609ad75dbfa883160ff7bcb24ecb5ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f624e0b19a2532f58768099791a0f93

SHA1
f1a75e9721a8d1ac694bb8545fb3a2f15c951b2e

SHA256
dc902f4e8d353c15c05f4ad867773780745c3bed3c9c82b01bfbe98b1cfab2af

SHA512
a176abe9529b277651765ca89c39918879ab07f5966f99074b4ec48aa9b1f8318538f21fe899817a128e835c80644d1e4a17b2f9598c4580fdc3134a7c749709

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bc063a52e422c2364c1e7873f0ca742

SHA1
a1a9eb9b45b91774cfb7a23cfaf663e06b56ba11

SHA256
b4811ad3524179f2288335ceb41aebebf7be943509a6d80c22e99d62c049968f

SHA512
9062baf647e02e1231d36bf6f616513cd47737ba248d84dc95e3b09a76783402eae6f020271bfe4874b11460aa0b9803efd406325e5efe87470c7f7791ba68b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b2590933df35f9571e01cd42af6bb2e

SHA1
a640045bbd61580d60e0b1f985634d2ae1c79a11

SHA256
82dd7728683bb46347131a3228ee27d7912e23eb7be587dab9c17b3829644aaf

SHA512
4e2a6479041c83033aea6a94f20fd990ea25fe3b5705f69fad8584cc83342ccb979facae0aede986cae6a3da960c2bc8b5624f81cc8428331f1d59b5ab5ef212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c64caa4529fdbacd9e2f5246224be986

SHA1
3e626a32f516f0c6015a15a9f135d7100d471bd0

SHA256
fba94247a83aaf0c99fdbd4926e588e0918f02c285470b86b0d653db1cfa714c

SHA512
2cd5aa14191184962e2c6ba8bf9b3d875c8558f3d0f7f4f9817bf95551901731989ba80b192f6e61ac163b0803a10f4f524ed0a5202c74f05535704d911b6288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df342d18b0d13d1a1c0442770ad5ecb0

SHA1
2d9ef6395822824665762704832f717e4a6ada31

SHA256
ed757a43cd04d61161406512fdb82617fe98391208f15c6405eba674d552f064

SHA512
02add8699a2699acf59e4269244dcaca8bdd6da97f6ba89c9d6b16862b3b716dd1b70080a5372f6db516389b2e37bd5b98d302d854fc2e8750926bce0ca31e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\builder[1].htm

Filesize
785B

MD5
5b9785e5a71d95814cd9317de5e26a89

SHA1
67ca8fb043468221cfb744435f31165c1b6b9e69

SHA256
1fff6e7c7831df5f84d007df0c0da5b5f0f39d223cc149e71df6180b9f85706c

SHA512
cdbe56c62afa8dc1980ee4c5ed56740f42f02d094cbc9df556135c3ae6b036550ff332dbb81dc96ac31a0e5ed22878f719be2fb65322284609f2a8e721c2768d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF806.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF913.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF988.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit