9ab5b27588f2edc1556b25a2328d7bb5a963cefe476fcee175479ad4441e89f0

Analysis

max time kernel
149s
max time network
139s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bd6dc0422a5edcc24f7f3336bc972ce_JaffaCakes118.html
Size

37KB
MD5

9bd6dc0422a5edcc24f7f3336bc972ce
SHA1

42597a16538bd3d4e952bafdb63fb3176b4a132e
SHA256

9ab5b27588f2edc1556b25a2328d7bb5a963cefe476fcee175479ad4441e89f0
SHA512

6eac6a23a794452a6c50c29b94441f5954157276ae7ec7f6d6bb24e6a10781ea0d1ac9732a5a1e07a085903f6809234cd6f11f26500edafe4eb2b25d5966c426
SSDEEP

384:SvnXzzXkVQ2tk/BHMfdiDdx+7rtnrto2OmPCjoHbuyaEaTpIrsoCE4cWaPvxq3CL:SvXzFHSfdpWQOD/oOzzQvwmhv1mdY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42CB71F1-2768-11EF-A4A3-CE86F81DDAFE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424213290"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1764	iexplore.exe
1764	iexplore.exe
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1924	1764	iexplore.exe	28
PID 1764 wrote to memory of 1924	1764	iexplore.exe	28
PID 1764 wrote to memory of 1924	1764	iexplore.exe	28
PID 1764 wrote to memory of 1924	1764	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9bd6dc0422a5edcc24f7f3336bc972ce_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9399050412ef0f9258fddafb20d252c0

SHA1
4b4850e01750f4de76617bfa8563203e786f715a

SHA256
49ea581187a3b36e9d4eb4a07b06e7d1b6eac58db3c7a3a4460e7c3c63075884

SHA512
a302f1536df13ad64257c70eb0e27541cc7d990c9bedb036bb0f2dfccf0ffed6be422aa3d281d6ee1324bc977419253d3db6212e4939b37e486c69a4c264f19b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9524066047de4de74fa6da2943dfc48

SHA1
af9786cd7fe7442037ff0c4074703b608df450e7

SHA256
810b21158ef32ae980523d0ef2ed723e78e3b57050447819b71668e4495d1a3d

SHA512
cb3b8e6830603808c5846f92e538416f74f89f2988b1ed1bd644497ee0df5b4c2a23ba70ba9fbf922cc73961e5237fe9bee94122f3c201090cc0c1ae4ef6d746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a249b7daa2bd95050846c5670b4a5422

SHA1
fb50f53117eccc3d61f4dffdfa304b6386b9e8b6

SHA256
b515585539cde073c539db89765bec966539e109838ce16e9f8c5d46d783de45

SHA512
b235ae6f9e572e915a1c5e862e95be3760300eb3dd494c9e0394da6ecef2bf19efcc5fe4d3e2c875526f7097a9bd768bd335b5cc88007e62e0cb52693486820e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fe0e73a2b8473c8e853f1da05f24daf

SHA1
9c25ada2c6083cd7e3a62ff5d153f5cd73d96e18

SHA256
5dc2ba08fdea9f712e44e9fcaa38ac4d194a2567285e8b503975fbfe1cd4ea6b

SHA512
46fed8f9fd8191944cb808f4c48405192e2894b5212046ab6dd2cdbb93c063f06c6ab6dc540aeef43fe5d1e865d5406c5cfe941a2f6b5ce63c8af19a651b347f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0def9237858bca3a1558f7bae1bdecfd

SHA1
5985872b001516b3be5e07837b827da740d870f9

SHA256
72a6913d683cc7f2162e03f49c262a0b036043ca0f3c71eea4cb5dcb9b626b54

SHA512
a4aba78fea57423dedea92110bb78574161f9ab68aefa785d0329f73186e8865c0ee90175e8b896284fc11db47b4b83ea7be06a576b3b6e83a43ee205c8091f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea9cedd146dff1ab897a5b6550acf086

SHA1
33b477d10e635aaea66621e7789ec86f5479a5b9

SHA256
eda97462d00b7a66ebd41498605a18ee74ee87ee9b1b9285ddc5ee0ff7615cce

SHA512
27ff5b93c8ee80ddabdddb3502d14ba6ba35b1b72cf5434a51fb539a48b7df7f3c429d1979d747bc5fa926d5c259b1344d9a4f27334c054233febfda62e25be0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
051724d25a4ed4ee1f21fb4bbf4abe9a

SHA1
020d8da8a82db1bab4d78c8e1208924e6d0c0244

SHA256
187c388d502f1c316ebdbaad6f222f5e70bf7730c6b45b6ab3a370266f9d5d5c

SHA512
f2bf1af024684bac5eeee2608f4b8af712a2b246e2ee20356ca4af58c1dc253093b0bcdc3f644263d52ab1172394fd74e8f6e4bce73ad4c245577e5389da3680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a452de45e672704d644545003de8c5a9

SHA1
ff5970ab1022cc2f099a8890182a0f6edb89e36c

SHA256
4396089191be8ab2740c816a0c15f373adcfb022ab03d410aec5f08eef3e54c7

SHA512
e5cb20a5b40e4d030403651fcefc1d140e484c2a9ec57fcad311b56bdbf429b61be3f448778992d2906fe7b68da61363247817ecd325bc6cfd27d832e58b1ecb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbed0b1336daf6b8d0f628e834e26e39

SHA1
55988a9f3a41717fb67ca9781392fc7cb9b631db

SHA256
efa5fe145aab46ddf85330cda81248328e5243b13033b3ef036373a9341cf871

SHA512
0829c2fc18bf4c41d6ac314b5bf69ca3ec26c3c068b5757b06c8bb1e2f84b5a2029173ce10a529b6a72877590e168d3ccc4a92e996ff5f48f0c5857bc69b3da3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9e9c002d3c392463dc8eb924474cb17

SHA1
7bea1e23d71f137edbea54c2112c511bb8d107c6

SHA256
db1a874a4f23bc7c9eef838d8ce03cbcbde7c250e4108ff513553e486121662d

SHA512
7d34e5cd31d12c7f96f9c76aeef0e6d04f77ea8ce0c1dbb374c548ff92275013f0e97b231fc1e9bdfcd97172cb70f49f6754f555f025957286b3f209fd0eb70c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24c800c3dfd527b9af818e342eadd67c

SHA1
1377ecf544ff34484b211eabb226ef9bafdfda95

SHA256
8c9573927021a92168ee5507ed89fec3b785ddd5cc72c346fa8b3ddae7be1f1e

SHA512
3bc0d6ace54dc2eb547349f1c834f6bbca42fdf71d602fc43c1e8de2022ba92f2fc31e7b3a1c55dbf722d309b681f59571491913c7a583ea6427d46b20a1bb0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29ab7132f65bec42cb61239031c4f144

SHA1
00916e177572ca2b3cedd4197955ccff9396404e

SHA256
4d5b2cd6736bd56cfca7f29d3f586615bedad9e30c776eb38b4584c86db7199a

SHA512
e00a403852c322f1334e02412777f3e66c2bffe0b66944d2b8dce8b34d421dd04cd6fb3ead7180f12208517b490ce656b565d9b260ce4aac7b0afab5c85d02d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e0107a2d8fd755a8c64de349946e5e5

SHA1
edb306cb7695a59111bb16c99b16c99e838abdca

SHA256
4523a8e471fef43c6b1096bd1adf243e06516af55a2439afcff15089f686ad79

SHA512
9fbf01cb42f0c0ba746db431ad2e7b132b7a89101ea55bacc523a671086128c819028f07b993ae322eddfda38643a3f311789f2a5cb2e3cbbb2c54ed41c64043

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df2cdafb06b44da3b102b767a3c809cf

SHA1
015dbb2de245b5f31ecfbc2b36c38bcef5d6bdc6

SHA256
838afb1f65ae4d717029f4a4b8b39a35fc8581af3c393accec3ff787af9e1431

SHA512
67abe12ef7c19de5185c18480e17c6c8bc956a4e6b6e9da3d3ba0f69a5ec3044c5d64606cb2c26283e937473d8aa154985f7e24015029e0cae3d9b7881a67377

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a05f9ce934db6a41fbaa2c5485ed3ca

SHA1
2f5a81b7d6234cc09adf4e345616b3a9485fdd5d

SHA256
dd1567630128a2e26420d4de03475b360de3c94880807651ede48ee3a973e510

SHA512
048cfda9efefb10434b5d8774af93a8081200a401615574a51c68bc37081ad2b5592f1ef8958a67cefd66cf4aa7613f9ed6a6d8205952963d772a8eaaaaf98ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69bc695763ad6af7ff0def7a6b2ec7bb

SHA1
0e914a49faab78d8d8fd394c4ce45b52929cd0c2

SHA256
4210965ad228c69297efd9cbae6b9bd0ec259f5669565618a73a9b37dc813c21

SHA512
ea546c44147c2dad1ed7aee6fa4124357e3719e913bf91905c9de75a08a9f2f8cd7d2ebbed27ffcb45180916eeadf1b0aa0744249fd0a5e950b4e20ee38d2145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e188bb4979510676738445595abda72e

SHA1
ce9e06abad1db0e34370dd171fcc4b28afcd19b0

SHA256
c374dcece452d15334b8487a66cc1b5796b9978ef1b8c3e0cc0a7ab28bdd252d

SHA512
ff91672fac621a423f3a4eb21c40285587f0a6023f449e7a3f6cd5107b8af518584210c58064af8e8150359937798ce4cb3a9a655dc587e1fd38d536fe7457c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bce41e5add44643e906967bcc92b358

SHA1
bca7011113d60af136cb6f2080d4ec6c1ccb6f70

SHA256
ed125a1adc7d540ed1b9bf3bb4a8926233be350458f0bc14ec288e03166780d4

SHA512
21805a59f1353f36dff5f0b194b3603456c3d2337b029c87a23413430abf8231f85ac554ab56a222a2c6a97c2fbd0bd20d5d0f0de2a4de6b2430bb943bf4561b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1008328abaa7899ac6c50e312d477f2

SHA1
bc534b19ece741fe5a012918986d356767c65fc5

SHA256
02ecb413fba1f51e52cd5cc7f602a4e13ae807ce00c02f2492b29f17d3e6cc52

SHA512
abc9239cb2d749ec6ba5312d5cae8d4668ad8f927f616f09e858725a9af73063d3dbd503da7ffafcf1c07a9fce282881464558a48973d057600bbac4de3e8daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B9E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C9E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit