a3eacbc6ba46d16c1e9c1f2a936d8e64a74e4cfb014f0048076e2a02bb862fc4

Analysis

max time kernel
149s
max time network
156s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ae4eb77e51c77178469230d533fbbc6_JaffaCakes118.html
Size

42KB
MD5

9ae4eb77e51c77178469230d533fbbc6
SHA1

31b84b24c05af69a29c77dc0c2708dcc957dda51
SHA256

a3eacbc6ba46d16c1e9c1f2a936d8e64a74e4cfb014f0048076e2a02bb862fc4
SHA512

a1ff72d505864a601c7afbc96ccc1af3c767d8b05bca416ae12b48eacff721f7f075440ce8a29a5981fceedcad0b0c14f7a4f3c0c5c1a7a55a7676599c9670fc
SSDEEP

768:d+h4PxIlKIU7Iw8I/PIjnILJIxDI/DI/BI/wG0O0zQkC0sXkyPrBW8WlC9YN8t4o:Ih4PxBli6Kw4WuPG0O0zQkC0sXkwwvNq

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D71B051-2731-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424189580"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2856	iexplore.exe
2856	iexplore.exe
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1744	2856	iexplore.exe	28
PID 2856 wrote to memory of 1744	2856	iexplore.exe	28
PID 2856 wrote to memory of 1744	2856	iexplore.exe	28
PID 2856 wrote to memory of 1744	2856	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9ae4eb77e51c77178469230d533fbbc6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1f8735028dd6b68409af02053d0a661f

SHA1
e4fe3d4dc92a7b4c11bbe41d5cab4f94b390f576

SHA256
9712401514ce3f8b8f6f4f446dc50a3e0a71ee6ef056f7564522c1e6f7b0bdd1

SHA512
55da7d8e6effbdca141ec2fa1dfd77c9c39cffcef4659cf2f6d2e27f28433f4aedc5e4d1866de1e826bf5844d4fdfa588514d13c8a48335f7378b190a0717dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2823eb33cbd8ca533888d719070ad448

SHA1
38791e5fef23fcf71e12b8be3e4a39229c4c07d7

SHA256
cc6155b2668eabf90155e4e3c68a0f46aef3634a6ec27824a8e273475be41c92

SHA512
15e222f8fad7625920e9a90a0e0ae7f2c01a05b726d33eb93e9386b1faa9b628e61a5a61ec1c84fbadf65df848db4595cead5e6967041045b901c5abd85b086e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f185bb4b017724b361f70368c1f35a2

SHA1
7ede049af243752e9066160ae9f4c2de975651d5

SHA256
96bf79f2855642bcef31a6cfe8fce759ba74c4820a9d0cb30c6088a9ad7f30dc

SHA512
71f9fdef9c73c2246ec877fcef53a7569905a6abf04d120ad18937ed7fc66f6de1c6d5a7ea91d3df0cd2626f23abeba1a17384de002c0cdd13a429197ebe7b73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d4c7e49971e5c8a326a9f69fec30296

SHA1
d457fc29207ace2eb9bd06ad3ce451d194c87733

SHA256
4c04b7d6401dadeb0d419200316ffe5ed11e424dc19372e89823060df8054e05

SHA512
b40b0187a25826755b5dd5287031c83acb6b1e50008412f419f7723ca8547ae66c428fd70fed6ee7e4fe630a61395f7e42ca393fc9e4fabdeaaa5503cdf29586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
500f438f38b32e38b3955ea567ba2cb6

SHA1
3c041ecb2b4bc576cfd6629ce4d802b9a77e0eb2

SHA256
6c21e9a95af8ac0e3cbacaaf0c2f22f4cb3813f0792f20bdc890bfdcc81328ed

SHA512
7a99e670b2b47c63594a6822b963781def7a58700bc71e57854f005d4bd1fb69e9a5553f268cee16f1279cd87ae74780d1bab2282a9ab87525e2e951325565e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
274c4bd12fe469f52c4926974a19be53

SHA1
c40af52ff5dd39f4f8cd6cc8c7b368f97bbb9e20

SHA256
e79e15bc1537d47f9df01b4b9fcce5be14dddda7c58d7e7694580712d96f312a

SHA512
6be26642c40ce360d0b727768ae8bb999fb867f7644e801fd4fa2bce0631bb59345bef34bc861b0c04610a3a6373fe8427814d39c33a85bb04ce81a61eb66329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35c0e9d228c33ed7bd115a349b824e93

SHA1
07184158d6ab57d6928dbf9e93b6d70382e1ba63

SHA256
ad1d92399a6ab538fadf1a369fe594d736e4b0fae7191836a35bcc0b2311bac8

SHA512
bf8d131339e9b59ad0f7bf4c67b22a93eda73bb2cd86fd58f8a27c44809f239cb2db3859bbef3a6e031d92ccceb7f9c5b0e846dea803cf49b4d74e71cff3798b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c5f3a45d14fdeb8029c78db29e85653

SHA1
b2249ae67413f3ecffb131f5d345c7e538692703

SHA256
5404bc78544d79077427339af00f74e4af77efc7e23cb6285806d0ccec5a1eb6

SHA512
d5ae612c8ccbcf803ac404d558c63d6ac858c362b4b676a4c5f6fb1ccbe82094955fadd2fb2f431e19efd1b0cf6e7654cde37d1feac0289c6986b6e1bcec941d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a4491a2ef3d48c8428beb42e6596b6d

SHA1
29c0a0d53813670d19b186bf1ef39d12714c2f8c

SHA256
1cdee749e4ab796b92e1b60e8c92e95fff7d652d9ba8f708c506d744fb3d7d1a

SHA512
4b0c49e3b20768e85c66065ce39140d2735cbc763a1331fa1d464971185609c1e4c2ec9a24c0a1df29cbebffd504ba84f1d478e291d9aa5ce31b032c94c6431e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d484ac59ca01e65663a5c13d9bb7dc7

SHA1
e4422cded88fe1248ccb21eef40db365e7818231

SHA256
a57bceb4f91374db7d01cb757ddfe91ba7d799f6c6a9dd3973b411e82905fad1

SHA512
d67e01276aec64c9133958bcaa735487883c98dd3f2f170f42d87f6665b9e95ef67192120fc92b59c09f377587955b97ff886375f1a3b9692059f86a43dc25b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2baa7fe4987d8112c91e5d3933fd5d5

SHA1
6307be4c2d56c29593f1a5e0f43217e60877a658

SHA256
6379d9096c7121d6a66f3bb3b6e337f5e524e9d303011a68c3ca3f392837d552

SHA512
842f5bad6b030e228f5e420ca012d30855b539f4a49cf2f1ab196d76343bf436d7fe8ad0fcedad583c037da3b1b75731dc0e78a2245bcfab27fe217d37d51282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
975fcd171baf235af4befcec3f0707f6

SHA1
ce3dd4a4b39c98dae545d4f31fa4e0ea3c025200

SHA256
30b790fd6b5fb842eb65384e99a982cfff1d2bad908d5fbd0339521d20d966b2

SHA512
2e8dd83f26902eb8cd1f2e77d4b9b5ad6c2fbe73b59fe6b7c75c1a0e1fb6e450f7fbbdf66511ce9447565997f247ef7f6cb977163152a1f6945f1b2293d8b214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d249d0ea6d0362e7a751d3266790d828

SHA1
1cbbcd1d619025a64e5f126a74e07814e2bd055d

SHA256
be920d2b7df26001ac8a6d5ff1dfcb6e30a8d7f35fd41670488de2fd6652757e

SHA512
243f0e736aece093d55cbb35e024494486c1e80581a7ec0870f157e2478fd4946d390e714eed8448f1431e7b4407a732c0995b2f58168590d451f6c989660feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\css[1].css

Filesize
2KB

MD5
6ffdc02308b732c40d024b8d37eeb1e6

SHA1
5cd99839baa6bc8d891d3a3284fd7e22a130d4da

SHA256
7490177c25948da2653fbb3a93e7df8476b1555d282b059ba2a73f481c54c123

SHA512
d4719d4dc7b683836809ccea9c6b89181b3b2cc239b728c6ed3f32ce80393169cba8c427cfe1ba7de56fadb13c2f3c4b28914e68b214c9b99433b664db2fd25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\css[1].css

Filesize
1KB

MD5
a0620ac73c79b5cf9087eb28268e626a

SHA1
ad69758c1d83f357664d5f30cf3e5c60a960e424

SHA256
c2d2bd170392064369f2bfb49a09ca7a41145f138ab3e7d2120e349fc813573e

SHA512
43feef19847f40d9f333675e34b684e21f3bc0ef81118711bbe4c223ca5e8587e2015b3ce6958f2847e879cd7866bdda4227cb409eed17c04ed742bc965b2798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab952E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9737.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9560.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9749.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit