2a81d25f89193d0a57ed8dc20c3084a6a831ac8ab843a5a3b053e18b159c963a

Analysis

max time kernel
0s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

99e68037b5dd35f7d6cbf7f882713783_JaffaCakes118.html
Size

1KB
MD5

99e68037b5dd35f7d6cbf7f882713783
SHA1

138f3cf6e87b8c40cfbb20cbe721952bc4a463f7
SHA256

2a81d25f89193d0a57ed8dc20c3084a6a831ac8ab843a5a3b053e18b159c963a
SHA512

5499cacd5783900c9f75cd10182fda0723c14535029b0d3188da82f2bc415026d44511f320cfa074bb59687d5d3eefd71479efad3e852b4571fc3327d8242a21

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{289D5181-23B8-11EF-8303-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1464	iexplore.exe
1464	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 1780	1464	iexplore.exe	28
PID 1464 wrote to memory of 1780	1464	iexplore.exe	28
PID 1464 wrote to memory of 1780	1464	iexplore.exe	28
PID 1464 wrote to memory of 1780	1464	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\99e68037b5dd35f7d6cbf7f882713783_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1464 CREDAT:275457 /prefetch:2
  2⤵
  PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a26efaf51c71dba399710813657c97d3

SHA1
69e3ffaf54ace98f3c482d2aad57b245bdc16ce4

SHA256
80f854005e429caae730ca2582286ebae2a1e76f7791991ab2aeec5315811faa

SHA512
8b3e1f1b90ee685c6ac1bbd42e25de419dec39f20a0a22cd74531be851f6cfd9d1bf79b88dcb1fcddc6618ccf218f1cf5c30a9333f154f09d1b2ba61d712c616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
678908e3791f0ca3cbf74ed996d1f628

SHA1
3d06854ce443ebae9aa7aed41a40b776092efe19

SHA256
ec76a51fc113490cbc563c7c1568cf95076c7d13db4290e98b380da5d120b5c5

SHA512
893037b67d48172f938222bfc30e500e15c959e17b5590ab756dd5a35ceb780f9a2db0ba70a995b65c1d9aa4452d619c5f759a0dbb3329e5a2d8341be10fcfd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b677df32134d44500da8d88b73f279d7

SHA1
fb3235cd6da39bc108c2d7e5ce003ac0a5b7b118

SHA256
7ecb5e56eb283de589c3b9dea2caa32ec529c60790063d354830b5bb1c2f1329

SHA512
c306a600c0ef942ecc2cc533aa126a29fe882a4f372132adcbc076e4f540031e1c9e93c35f6abd583ecc16430e33d679053b8a4b266257ffad672a32bdcecd14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fca0825e27451d3b8965232b6442a508

SHA1
d6ad66d262c87c0c3ac308200d063e36ed7d4c61

SHA256
09709e6924afb13aea780a5436d15cda8bca0d7b807144e199b623b97ed7ac6c

SHA512
6ca07f6826f9502674c95b5829ef7232469bd43db48955529a2829f72b0a14a0865b0777872e2da902e8ab835e6e1912e01b169abffbdc1575c160a3f88e5b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
228402719c3dfc25ed044659aa8307e7

SHA1
d23e14ce78f25751c9ef731add7952958c29284c

SHA256
e8a55310e2052c86e5bf144c2d86f0503543b08bda27498b2fd85ad9a4df0649

SHA512
b1517363063d81051d3779462eaa06aa844569c58e2d23e10b7bf6b2c2c95bc915484803b0bb92ad6084df0915474bc784895fbf3a360c22be8820e1baa15927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2239b2bc257ec525e6206414491d5d94

SHA1
98acfc28222b5d2c2e0d87ab672afb7d5b4718b9

SHA256
8fe0cea8cda0bfd39d5d800acf73bb7aa8112f8f1d6651fd83aaa5cdf8ee728b

SHA512
7fa4d1acf36399d12999d9520ceba293ee08ff3a3f627cd6bf56ca255db7ff1d236954ed20b01eec684e6283e612a381dfd580fd80f1539a439510ce82dcd226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c07bec30c2006e0f2d80788e995af1d2

SHA1
241b4b3468a5599b9cf705b03b0ed1db5183b9d3

SHA256
cbe99da409f41b169452da2c685fcdaa64c89bb8bae0c40e8a8046f8c82396af

SHA512
b0df5137ba29b72957bc30b38175da252db2d80c35072dd58e591d93453c588ea42fa301a1d15ddaf8a84c354f87f5c0a00c6d1f18f9502637a4d4302f85efe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef96de7b14571749b9476fccac1e1a68

SHA1
a22eb57f78bfdbbce1bb967a79c32a021770e706

SHA256
974cdc3409b5f649ea29644c2ce30cd53d626168c88d769ddca66902c2b697ca

SHA512
bc1d181a4d202f56edf38e52361214001f0167574c294693a7c772125fdb8c6f0b60c26497fe41c2b66e9e59bc642f9e9971e6ee3ac29f3187feef8e78b0b0fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4345bd4edd7c451605fda1509ea34c86

SHA1
e34d236bba3ddf790f1df24e07dbdfe358f433f0

SHA256
4426f21e596c6f0f39b6cd922ec3737ef33cdd6a9b008a736fda2780d83acd75

SHA512
5baf4fcd4df780b8a71104046003f31d4dacfeb9b5e051203b05373462ce75645624dde1186eac10dceae6a8192144b183119520889e6c3f7fea370427ec723b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56f059f61f1d06bf0c730f476cd6c811

SHA1
a0f5cd975ed61b2de78b24e666291e26c7a76efa

SHA256
7441f7644f1ed1b042d1053ff8fbe07e0a0f1252809df9072da794679f7a0649

SHA512
2c53b431d5dbccd75ebb8e77ba5b9c1a83d464f2e781cd2f1120925fe8bf166d008043523807c33ff863ad86faf10b6bb7e7f3fafff6e1bdb1bed23152ae9c43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
383f6590a7858e5d1119aa7b3da850fe

SHA1
e10ade8fc985a6fa5ea2925ff002d854e0780758

SHA256
5d74ef80cb7cbbdd544c300ad4c03bc127fea1d385f693618e1c5672161c8de5

SHA512
8e2b980f56aed62bdf6c658d4b4af0ac5622fa20cab25c9f3da88bc7c1f457d0fa8cfdd8686b3d7363203fcd576119b39d72de942f8accf3fbeba820ede25ff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abdec6089e8b145754c40f8571b25f5f

SHA1
f691d1aa26db76d4841aa36aa1e062803670b2d0

SHA256
130541f383591f63069725af466baeed0b46f78a087311688412cafaa3707b4f

SHA512
394afe015fea2f4538bf421febf2f936a92aaf732c853b0422fef593aed7972b0ec5844090e8b47beb04514392ec780ee8f6bb65b11e9f601fc4ac35e78512fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdbae3ea5f6cc10bbcc00421bc9fc9e3

SHA1
c52ffd7c11bf5fc0fdac604f11769c39774641cf

SHA256
afc6ae042f7b96a4cd1204591266cab247cb743c07ac8f3754880c22fbe36ddb

SHA512
447383af8aaea188bf44895fef20fd1a74b56980f987ea5eaaf51e1450c9234587c6c5eb08120610bb6007b685b5e7f221f910830c3af8b4c4600b31c8823530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d0d850bc39a0e5a2744a4d1a4bbb1d0

SHA1
e5913fe890a039bdf4be902f698f0f03589f7107

SHA256
66d13aaa153993bc2997d86a7b6c95188b0743dd1b89ab3cfb1d092ffa56f3e9

SHA512
3d918a5527b2477ab61dc887cf7369ce1efefda4cba8c6b61c6af6bb2057751e9eede87377a7a300faa60dd8b63869cedb50f4ff793bd6731e383fa3021ee9d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc27b17a214d877befb6172d5472e88c

SHA1
eb79c276ef3e432bc2968d606f1a4e739ffff47f

SHA256
285a1380d44304a71803e513ceb8f3e86f7329341443437a919efd2bd4f06d13

SHA512
afe445dff1c1838f48f4f5368dcc0e54c1cf468618d4f684cfc2bdb10cd6b39e00bc064554535de5c8b63b0f0c48022a0d3915d48fbbe0294a9b305803d1fd4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb86ff93847c886c884ae3e0241ba107

SHA1
7f24683394198b3e2df2cf9093d41f9c88b2a132

SHA256
497aec4919b278771c10bc179354f352ba4d1d598054d0366c5ade9ef29f30e1

SHA512
a4689623a77f253bd8c1ad94d003e55adf9348d39a4d72d011d368557ef623f734b8e88adcb2023450bd7416ceed28367a70c9eb07bff07ca17f9b24d5333a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0d11fe48e77a2dd9f85f62698259cc7

SHA1
f2ce4bd808a71d9d8017b23d9740dff34af89466

SHA256
0964632e93f24b8392c82882e2f5b764f0782da5c6c62adb680d8663ed543962

SHA512
ae34c5620fe11835f81bd578c0619fbfb2ce7ecbf089303f790320dc483cd018883c5f727edb48f9c10aa874f71b82c7422bd8a36e9795fb84b8773d87f0df85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F91.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4093.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit