e51b5151a895fe3e2a0dbf9ad35bdb86e9793a1e79f8aef90693f6327fffd777

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 15:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b34b44bea7552ce15519ee75e86334e_JaffaCakes118.html
Size

141KB
MD5

9b34b44bea7552ce15519ee75e86334e
SHA1

5105751bc2b458b1b2d163cbef785292d0e3eb94
SHA256

e51b5151a895fe3e2a0dbf9ad35bdb86e9793a1e79f8aef90693f6327fffd777
SHA512

556e29a0e3d36aa7c57de0622583a26da87e6b891064236b2e186196f7485c626e437ffa2be7257e362b3cc47bbc0058692e7251d03cf5c1a2b0aba41cf63370
SSDEEP

1536:S4ofKi+I7gbx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:SB7gx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424196316"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD985511-2740-11EF-9001-CA5596DD87F4} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2908	iexplore.exe
2908	iexplore.exe
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2948	2908	iexplore.exe	28
PID 2908 wrote to memory of 2948	2908	iexplore.exe	28
PID 2908 wrote to memory of 2948	2908	iexplore.exe	28
PID 2908 wrote to memory of 2948	2908	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9b34b44bea7552ce15519ee75e86334e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59676350736da856cde037041c4b1ea5

SHA1
bec415240f2d82ecc6933b134c46630110796964

SHA256
05b96012f1eefecba6b1aeda173f55cc8de503a377109dded74ba3dd966c75c7

SHA512
9f33f1c4a08288a9f6cf17562c6e57c471c8d91b5d1c76079e15e90a0e487c5ebb4eefae6335db74c540bd736541a423e255676d553bd729811d848553ae51d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25c4b7fd99e894e5312a8a7d323d4551

SHA1
ba51907c15e03fbcffb510bdb5df6b5a0749e8e6

SHA256
80f71b8a5bb9b7c6b46966f7253dab26641ea0bfd0b60e2e9d60fcdcdb707335

SHA512
0a177d287b04191188ad310728f4c733ef2a794565f3c60be73dabd390591f76486598de4022c0d0d3972a721859d396e2802d79ef278e8059b2b39275e1514f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
352bfea7f4df5c8c4d480813b636b854

SHA1
8f7ef186cc79764b96e43dfe859dd7a165ae132c

SHA256
a286a43c57d57f74825b5ff798c2c49c943a8032bf5c848967d83542e1fd4ba2

SHA512
52b9268d56411502f8a63cf6f8d5ceb08af942a91e82fe6b931732590a87606a3ab5a01ac6410a97ae3e616deee510c167a348dd1903d413d08e2b6e8f3e668f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27c59e123e5f5e6f831372a2cf2dd75b

SHA1
37aed768f634c7ae08904ac3535fd4e69f8e65df

SHA256
93606817323e17009d298036d131f561bb8385eefaf862dd53984c45ea7d4ba3

SHA512
6d8783b21a91c4ba96730de86a6b8938b5e8a5e57302191ae7e1a58a9ea115f2c69da95fa159e4229f4ab37b20b1980a21f05db6baa7b69e9438a468c2ccdd4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9446d488f8062b3a3afa127e582f9a59

SHA1
54aeeea903e744612f53c707a046859de15f3075

SHA256
cc59edb0d63f4b45dd1201d112fc323841b8fc1c6554a83d3980846b4e3fa2d6

SHA512
9e3081af76c73029b9481025d354da89ad2ddc14eaec657b9625d7187b05899336a9c95caeef8ecf7f8a338f11671d6a6e10df2216bfa11ff8f6671ccdb32e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59e997e4362eda44cf718b90dc0b972a

SHA1
e80979a2a4f6203bf4e5370fad81f195cadc601b

SHA256
c07a9ce63199993f12b2a45d3c7ae00d2fe554e8ba1f5da7f6a69cc2bea153d5

SHA512
dd03e8fcf09e4c1598900e02419170d741ce268c2e96186a6a8d0310e9bcd2d15b6152738b4b64805788fe3ab971622009861871c0ec5a026fc3e928e82ec1bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb142c8a6603e63213fcf31438fed569

SHA1
b16500f9d66baf939138cf26c7ae6cea6fd33c1d

SHA256
246c9726004ced54206a914d233c656d52c9a528585647888739b543759f9e44

SHA512
9c35b9a8691f826947f3c3d71dbb84112c7f3c2aebc0722f3535e8f992fcd4c014c145da8579715a6ee9cc1ee16a08a32faef3fcaf6a9cd32dc27633844812e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a25b22b15663934064ba8dbfc0c91aa

SHA1
2dd5ad873883f316a66b352c2bd37e8b9668b24d

SHA256
19f8f0c96d4111cceb06e9806f7f213613db169f8ffc5dc413670336c6171cb6

SHA512
2196bef5bcd897d2dc6d436239139c7a2b60bd7867e002e378e9dfff0ed33325427135b9c4b085bbef2f45c5a151d9cff85fe347a97732cc9824d6df3aaaa235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01fc49617722ff3bdc3a9e80806cd812

SHA1
5c18c10b5d870cf0eb30cb83543020de9d45df1e

SHA256
cf5d9f897bb9a157c8e3656b756f0fb5cbbb7c345ad6dcafebd510ba533c9fdf

SHA512
d0985641cd4ad1ae3ce7ae810a3ed531e8166076cd0dafaae0e198499b38b09721a51075a99ccc97548302ccce6a124ac8d9e176038fbd828af082c015e31280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1516391e49c2c7cee4db0f8408d36fe

SHA1
ce0622fc807193da347e7c8db9e67ae785482190

SHA256
0db0cbe05047974dae1dfb019544c73ba211a49a75820c81e949d6ae0b28ba75

SHA512
b7a760d12270623af7df21f4ba1a5fd80b3c3988bfd3c1913b472ce33696a622d9f7a92b5d481db863874003aec67dc349d578c1cf0b3d416bfe832fa4d504fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c99a43fe1613859507ef7136562d53

SHA1
8ca8fbd34cac4adf8ede97c9de292d814eabb5c8

SHA256
9b86ae196f4be44bf9dc35d7ab7bffb88c5f7d20fc881a7c5c45e0d8086da67c

SHA512
9f39842784f5762af5e6f2ef4533c253f798b6254365f2d75d4b067d71fed2c6095d4278d23ba6118245fd739476c6b874e6eeeb97b0d85a99ab4145b543d762

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce839c50d02e582baf590d5b23967679

SHA1
1e4c7085057156102cd45950c90f08a7cfe1c318

SHA256
ed4ce6a7eee95f0716ec92ffea440040d464ead10c6b26ab7c399c75fcdadfd0

SHA512
23ebeaf8ef6806e3fafa6072bd699cef6d3565cc77c5a7bbb5febd0230bb3f03de40fdc50318608873405bd57a6c6fd0de9ad87feeaef490a09ee1a58efd4f1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99cd04601c5d2140e5f4dc938180cdcb

SHA1
84b37a3973cffc07f1177f4ca316a32cf865ef44

SHA256
9dfa33c4ad17d402fdd927e83c3d76bbf930fa2201dca1d7d91e1c5d91828f54

SHA512
f74e537abe3b4d017f89aa2c6123b7d5539c0e315bc55477e2168804993b4af9c755d509c42fb2278dc7763eadd56ac0b76da8c717ef5fc3fb8e3e9e843a5715

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ef8610119cf3442964795b56c5974d8

SHA1
07a368d2b3241c273bfa015ff161f3e051448b6d

SHA256
caf23b8c5aeb9d27790daaa24718864f310ba5b61f2e1c969c339709e01ece1d

SHA512
d4f96ba239cbea309eaf85c3acbfff5481613dab46f18f2d73a38ec033674b6697932ab5fd6485b6f412e0b700a852e3cb6c7937e60cf99f77ff7ca33327df26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4ba328ad082ca00a434c08f8c0b5055

SHA1
5fb7560ae4fbc6bb54d244d35dd9fefc32aa325b

SHA256
9e4544b97534dcbbe76879e79628c93a57e6c506fc660b3382057e7b13636890

SHA512
39d86a6dc966ae740f2c68a4f32b8b57aafb94fc2b9c801a90a3432268ce82e2fbfdf6c1de73f9a3e7fc7bdc298e1f04740ba0c7477f6304d863e3a7625e7600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a597ae1d68e4512c0cd9d367c644a93c

SHA1
027620c33a554826276051f99e7baa2c2c4a23ff

SHA256
887c324d77daf307b628024c2599328b055e0f8bcbecd6e51d864f2e9ddb225a

SHA512
42db2fe5743c8f471b0cc25a1530c793d1b7476d331ad49a94a45761b850f4680bf74d82d914354249a4d78036501dd58427bae82d8af67a72dbed33c608e5fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c83b7c4945c5b35be85295ea258344a

SHA1
b003ca11bcb834b3f28c48fbef5199b23e704878

SHA256
039952b930fb6b443ef560771536e139df2bf38c001b9ca0094c361b21006bed

SHA512
823dc7075274a2bf4b9106922a16a2bba6ce3c638011b7b519e9d979145192cd31ce703a0389bea95254f0b58c9083abe800b6a8f556bcda7b84d4980b348fe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1d8abdecffb1a89c61f69461e36c82e

SHA1
d1f0bd4ca2bd6c455f8bb077a06ef538da1cd7a8

SHA256
45b0075943826c581078383ec08ceebacabba3d29d97093d02a4089fdbede342

SHA512
02ed105e98b8ebf960ef553e46ac757b4eae7ad6e6e1703a0813063ac452fa5b09359c2460271adbbe3a1bd52ad34de3548644ba7822d046f36f97e1e44fd64c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D04.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DD6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit