5606c88bf2d3235fd70fe9218803977e1515ed147af076e2ab9936e9374141e3

Analysis

max time kernel
48s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a6164661a03cee2c3ecac42ad648871_JaffaCakes118.html
Size

431KB
MD5

9a6164661a03cee2c3ecac42ad648871
SHA1

3816d6506131ae1bd87c2495157580f4f5048a51
SHA256

5606c88bf2d3235fd70fe9218803977e1515ed147af076e2ab9936e9374141e3
SHA512

5ae8d36ab1ec5ec9ab51e5f04a8c5ece5f24c285069f7626bc8f73972bc9057a9027b7e45adc0c5f49cf67c20b287f9dc16745642471c0e31e95252d399d2366
SSDEEP

6144:1z9VxLY7iAVLTBQJlvz9VxLY7iAVLTBQJlq:t9nLYWAVZQX9nLYWAVZQe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{877AD571-26E1-11EF-BC57-569FD5A164C1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2088	3024	iexplore.exe	28
PID 3024 wrote to memory of 2088	3024	iexplore.exe	28
PID 3024 wrote to memory of 2088	3024	iexplore.exe	28
PID 3024 wrote to memory of 2088	3024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9a6164661a03cee2c3ecac42ad648871_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
648aa37f6fcdc359158f162ab6cca624

SHA1
cd5753a1a50ad629f08e2cb949622155dccdd355

SHA256
9f22b69178e033d7ed0b8996c9d5eead9e1818aecef819481e2d18170c1a1aac

SHA512
7a5be55e6a325de1052cf4311f97f3e87bfc7535baa1a5f2ab733f8c028aa4d98dfde7d73257a6cd799a5b7bdab4f478b9e6141eb4ed13ba3af46497ada24b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92a94a53dbcf25aa639b557dcf8d33b9

SHA1
a674a9f36d096cc8a26de2d33206f9561853ba82

SHA256
677d6b6240ed7a5d7f18af36eb8f1051be065a277e9ac8ca62054fea92e4c1e0

SHA512
7e919bd82f4e4f5418f0d78ee7f0f4e9bfcf6c986024cd673d2d578c6f182f7853fff12eaf4b4e1c54189609b5539432da0cfc8c5681f0a85b213777c4e07f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11a6eae3ec14d6b8f62d3b3ec88a6e95

SHA1
5e3a4ebdf23b5fed51e2e0d29ff7672f907434cf

SHA256
b6342ee4316e22f8255c624b9ad7eddf0632912494ccd6d9fd9eafc9798574cc

SHA512
d6d735c2121edd245268d7a30add3fac914e68512fa64d3734cb8b73d1c53728a64cb50b77dc12aff3233668d346af9c2f22ae162504bc77b972f3d434351303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f634ae0ef573b86d0fa3c13f6e7153c9

SHA1
55532ef5e6f8087e95511d0b126e1b2bd01126e3

SHA256
cbe2a4f982824a661189217f67e1d47398fa8d04f65435314edfb2809d92ffe8

SHA512
9192cd59539397353c2e58957e5215d5c0dc0be63370c42786c5e1fae92a00139862408df1fe7a46d1d25c3c296c2a28da12575da0d91393d4afe54d401f1a18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c5678f05ab6dd8fe84af59383cd73c6

SHA1
83cfee86636fdf28fc1cfcaf9f209a2591a18cb5

SHA256
b25c1b7d6f30a59c80c2cb7695f45f612e7c9b8e39e70f859e3397213b7dea23

SHA512
0c4410f8c40b7a9c586b3d790f304132bd4a14b6adb49a03930c2786c1e6622f828d6a6b9dd1e2eab73fdf44b71bfba89f53a24304719010e5f4d85c6b1a9d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b8f247bf2021a82415e933788d4e0e4

SHA1
9e8196114ce2811ad6e27d2db013401601e81c9d

SHA256
d83a3e45f182a1f479b738b70da9a0a0582eb17c0ecf4671ef5f165e15e91ff9

SHA512
f45e22a7b88eb33a99b258cd9166cacbe7210adfe4536b4e07acc7336de49750b08c9a47b13907f9823343abfe13ecea0bb50131b19df49b76e7cc0c5b99bd05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8fc77156016030c87e2bb0c55b60802

SHA1
b9dc1dfdda7dd499e1c9b8ce1e6da9420f081b2f

SHA256
bdabf00fa7add355d9a224cf8a8da57f4de12092d2d1f28c8e154ff327bd9481

SHA512
1b4fe573ca67eb2331d4789682e3da7a5a8c35b78b120bae201b040eaa37bb3ccd7c338d43c80197a46bfbf517fb1b08f2a92ab8d947043bc2939784cddeb34d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b041fbe126be6290a98ad76a10dd014b

SHA1
6b418ec16120e337e75b7f228506267bb900dae0

SHA256
48f0bd2e884b118e347f87b3f3c6149019bfe63d2441a1bd5a8740ee447c0dea

SHA512
518a5ce6e991109fb6f10033d6da770ba76645c050e39e7e11f47126f923438b03c979e302ffaa9866de3b79e2b1453244e75b7adea5d127f78a6721fecba4d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f8979f8d163991aed7b0cf305dc8c01

SHA1
356e3d4e1c7fcda0d18bf4af0cea36a4e7c941e6

SHA256
e8a8003f4479598b661d4efe4eb09f63cd640a529e7e1a6bfb233246520c73a7

SHA512
442c208ccd979a73d3efb6d4046e7a97891e56546f2b8c66cfc80703f3529a4cffc00c45b013ef3700eb22daaee1cb776fde80e8b3bcde4073249fb3f93dd78a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14302f03fdb1fb6fada749ed56617163

SHA1
9cad39f42f8a9f559bfa88d98605c09dbf622c77

SHA256
4f1dba510c367d39e4a3e2f00084713279cb76fbab9eecaa6886f9764d5b7178

SHA512
8888c971fa8649d79cd91a749bec2f16aed2c3ad958545ad3c51db66a5409dda6ae87ef01edf49be0790d4231a99c78452e60c4d5436b06c79a24eaed51ae382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f2c2ceae15f69393ba8063488a4fb84

SHA1
3f04720d228dec3dbd7f81c756b639a70ee00915

SHA256
6466de656634b417e8a0093b41b46d20b46269d5b78db6d4200ee3bb38c89d4c

SHA512
8b984fa63586b27aa9f70e15722ba19521d0f98be3833517770442997ea7d375e1a582d1929630112ec0b7839aa0e26b1e036f7cbef02296386529306a1dabdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29894c68199242da567d908132df1532

SHA1
24ccdec6fc2c9d38f8179e137206e25d1dca9dc4

SHA256
c64a99a1a489c188d4f8a8d9977cf25a393765f6775d89987cb9b7f7142550ba

SHA512
85f078f838e97ad36c40b10674f6f18e28f5c5ba8ab287e14b63374d5923c540ff0bd34ccf21789c27421940b13c6d9fc37a4d61b6ce0f96f0146d298020c5e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c09072f4c63767116f5145376204c96

SHA1
00f70c230eb0cd6c56a1ed8a27c3bfdf6d287a8b

SHA256
c300b4dda82dcf4498593704acd8d663ddb2ae9d694861175e1a72aff4be28fb

SHA512
944d2383a03f8875aa108823c43be01db348ead65d89b2b40f4febc90778be49fb941bf0350a67f594e09aee052f7227a44bd65615e165294f076bdad36a9781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2788abd9421cbc61df459d5a6ee3a096

SHA1
87b49e23e63b4b805e97a74f830aa8dd4a40557c

SHA256
853d20156f8daca3bc705ded1f77ee990f1a7d1adb335eaa251036493474b2c4

SHA512
fd5d64a78816f7af77b5fe10a254865f6fc7a55b4c45b465041203155ca2ab60e66859bafb3cc63ce7e4052d44e71d4dfb25905385c4248a055b077cf530801d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3af3705c447259cc72e3b59f24e73ba

SHA1
6d61b09dc6ce81cf06b643647661e998d548a87d

SHA256
cdb51ad4e729a9e7d26666d835a7c726928e453a2debbda8541d5eadb3406441

SHA512
6a3d872d7e3fc61c0af6b99a7f6c47121b8198da0346cd7147c093baa752866aa53e4affb5e7967b6da1a563b1504b2a694518dc990334fea10253dd42856133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e091ae1f4e722aa63735f7d5f809ea3

SHA1
4e54031fa274d979eb0afabecb4c96e57fecee6d

SHA256
6acad64e158454e9cc1c45d5126869cb8257f5fb029746afcedd73d18f19ed45

SHA512
b78654a4fe23accb7527cd4270ac15e041328c13f759d0b52f732fbd2f5c5e40de1513bf5eabb8868bddf2182a50a58f9d246f0b57d35173ab764210a26dc103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc645a45ab0b7be16b809fcd0726e949

SHA1
51811d3ad44bf2012dae9e7cf88ea08d032b38d7

SHA256
cb08eea27b1961c9b3383f9716d37cb6cb8be8bfa7298744f0f6aff11ac63e0e

SHA512
18d377e133ada8db968d2759a7322439f3dfbf927505323e4a055376408c9d3a1a9bd3df25b61e9f5e5ab85ad9b9f3de87c94cc50abbb4e89c8a211e713ea1ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b6aa82d64ad097b5a2d5f4d48cdb129

SHA1
e857696666fee998b2935b996c13e76764e4fc20

SHA256
b85026091275137304c10cfb008f97b2c1eff3a6249a60d7d0f342796fefd5ec

SHA512
b0136f278acbf8690569532cc8c0b4fcf9f59d7e252af3c40298861066da3ebdd7a628befb0ff164efb25d13402acbc42f2bc8420d2c2642500af73f0263f9e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5f54e68ec75e0e395b6afee6e5413ed

SHA1
b8b669af1db60f8ef37f815a6eefa8a7dcce62e5

SHA256
ab55cb0990fa78ec2e5984fcd4219308b81c6a4385a5099d5b78dc6e6a967a3b

SHA512
9a3c94d20a744413f68b4fbf09d7bcf8ca929879e25225904639199074076153d9f2adbb0aceda2ca5654b36b0d17a8d417c2a90b0574ff76afc4bcd126a1f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDFF5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0D8.tmp

Filesize
128KB

MD5
eb6c5d133e765f60e207b0f0d73b3e61

SHA1
72da6cf3efd42a6368c43c04d98b033eb12b70ee

SHA256
7546ce6c236d3710f109392fe960bc1fec45b5ec535d7d3c1beea6ed5bffc756

SHA512
0e15dff61ed7ff5cd094365719a9e5fa37a51e3ac3d57776e87637489a2098e99739599a704516ce10f20ccdcd1a2e4b1da21128d85438178b7b5fdefbcea75d

Download Submit