6773df3e504b07b6393ef6201abfed3754680edc493b062f2ef5f664ec5a0f04

Analysis

max time kernel
150s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bf93a0f2fef49366dcc00612f48d5e1_JaffaCakes118.html
Size

1.6MB
MD5

9bf93a0f2fef49366dcc00612f48d5e1
SHA1

99f7dc30e18281cc9ab5f5ed4a5ef7700929eea8
SHA256

6773df3e504b07b6393ef6201abfed3754680edc493b062f2ef5f664ec5a0f04
SHA512

cc91d68cd06f8443002c32e0c0f0704d9227577c4826bbbcf2f80f2c976ea13c429956dcbb35b384af201b0fa26215b9551770b72336a1fc365dce734a890904
SSDEEP

24576:3+j+P+G+g+h+y+j+PP+C9+l+/+0+W+/+R:W

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	IEXPLORE.EXE
File opened (read-only)	\??\A:	IEXPLORE.EXE
File opened (read-only)	\??\H:	IEXPLORE.EXE
File opened (read-only)	\??\N:	IEXPLORE.EXE
File opened (read-only)	\??\V:	IEXPLORE.EXE
File opened (read-only)	\??\P:	IEXPLORE.EXE
File opened (read-only)	\??\R:	IEXPLORE.EXE
File opened (read-only)	\??\T:	IEXPLORE.EXE
File opened (read-only)	\??\U:	IEXPLORE.EXE
File opened (read-only)	\??\G:	IEXPLORE.EXE
File opened (read-only)	\??\I:	IEXPLORE.EXE
File opened (read-only)	\??\J:	IEXPLORE.EXE
File opened (read-only)	\??\M:	IEXPLORE.EXE
File opened (read-only)	\??\W:	IEXPLORE.EXE
File opened (read-only)	\??\X:	IEXPLORE.EXE
File opened (read-only)	\??\Y:	IEXPLORE.EXE
File opened (read-only)	\??\B:	IEXPLORE.EXE
File opened (read-only)	\??\L:	IEXPLORE.EXE
File opened (read-only)	\??\O:	IEXPLORE.EXE
File opened (read-only)	\??\S:	IEXPLORE.EXE
File opened (read-only)	\??\E:	IEXPLORE.EXE
File opened (read-only)	\??\K:	IEXPLORE.EXE
File opened (read-only)	\??\Q:	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424216417"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AAB3581-276F-11EF-93E2-EEF45767FDFF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1972	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1972	iexplore.exe
1972	iexplore.exe
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2444	1972	iexplore.exe	28
PID 1972 wrote to memory of 2444	1972	iexplore.exe	28
PID 1972 wrote to memory of 2444	1972	iexplore.exe	28
PID 1972 wrote to memory of 2444	1972	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9bf93a0f2fef49366dcc00612f48d5e1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
  2⤵
  - Enumerates connected drives
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d45e8d8e0ada4d1c7541c47f4b89ec8d

SHA1
aa75f367dabcb7ebb0eac8944c39c327cb0b5317

SHA256
d8cbc56ff9f642a682256e7bccad485386414bbea66b40594810e9cc66fa97a5

SHA512
238d5957ac49315d657e827c4ddf3bbd679cac4abba6ed63a9c8b5d05db6d3d17ca8979cd3a46260fac7c3ae52b69d639110bc5664c5a25e6d46494d2a8de9bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fd0c044b08c892ce1202061e4c36736

SHA1
d13ac7533cb87e7e74a74891b718692df83766a3

SHA256
c62af2e86a329debfd437d76de68c8806e21537465027e20daef9a2e70d5f415

SHA512
a119ab99ab24254c1ab8baddd81931af5e550c17efeabd8e57263580bde2b1071cb7ec3392be245c73ffe6687ec8cb1e0cd63dac68cefd4ffb6500a01d3f1ea8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a970a168578cfaf09ed86b66e4cedf9

SHA1
45b5472bb148cbb5d5442471f45e8bec5fe0b4bc

SHA256
2e7e2faf3cb0e202ac3dcb26373097e352d10add2cb2a42875a69381db71ccad

SHA512
695df4d433acfacee539a6e7bb4a500268aeee742a7c447ae6a3d9d8a55077de8006ef89dedffd218c0c8a494523c88aab58300499346c83c885bc58f7ae978b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc952f0207d21a6249d9a3a1c8fd98cf

SHA1
fcab9a73fc935c973ec7f1501086f89c9f795b2e

SHA256
504ecdb6a7a25e61f607cd0e440959a4615199e3ad18fac80b9c1ef93188ce07

SHA512
d33b5c597a79231da61faa05650d51d3c7bfbe214f214e3cf65e125b3be06233157f9a7bb6061f4aba17772eac5862a15ef755f62442debf5a7cab37b5d30472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6be87345f5117e589031106b225bb856

SHA1
b6f8f0d6d23a43613167fc77e67cbb6f1efdc7d3

SHA256
3cacd44874d1c5eb520cc86f1764303d5f375b224948ca8d264bfaf173af9288

SHA512
291c05a87a180cbb9909e034bcfda4b8e3aa08e3fbf01f0edc33435ed83b0846841e02f3a0de3e028b88b467c66ff26ac71f9e67b35fc5a7bcef7a92440ea809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a68cbf2235d5276584b760984193cf4

SHA1
8faf6052cfbbf32ef48d9d3be715b1365e807315

SHA256
017b56022b10087e9e308ae6c65c4c59e1eecd827648534578e81cd92448aeca

SHA512
d6ca325081fbd30258e4064ba27c7f559164ffb2993a2d4c57b64700f8fd30db316f9ddea9b3610891ff1b86f8e75cc4f527a388128460f80720900fce1d7302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2aa9bf8a57f77190e6a2a6ff9d7d6480

SHA1
87a7d1c9478f82416643a98319b0302420dfd5fb

SHA256
075ddcc626febf4b8e7f8cf3d008b47b616da9fe76bd9cf82a03d712234f040a

SHA512
9a6c5d757e38dac1b0049b8e4fbe46c235376f9f6a77138ebb73dc20a252516504c5b9fbb713c5c328011ef7925879d5fc9bda4fb3dfd569cbb5b0a7668fa47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6548f861c4d94fc1937764c22d83f151

SHA1
a73125ef75e1770e640653a9249e4ef1f9c43e2c

SHA256
22da257f2fb33787cf58c28c5f3dc7e5c9911f9b4afca0d0240f29d7376f55ee

SHA512
2f9deecf017949d5f367e741a9b89e0d3cd1039607f90c287b28f15692aea960d44efafbc7d5ce94e2bfb1225c26e23e1b1fad83554808855f5c9e207882cd34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92f5f82fd80c651f6275bfa5265afdc0

SHA1
d36e964b5c6657b25a2c2a0b163271374389d5cf

SHA256
750adbcdaa0e7686d1b157a454cbb4747e8df5fbd73e65f9d6a30650e8fdbb1b

SHA512
9374636822bab5d45ee8c99dadc8243a89fc7ec0e89b81f4a52beedf75e513b03d4d81da8f9ba57207b47c880c2c9a8c796cd9105795693551f26211d4bb27e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b6d012e63138e7b88899874f514d5c0

SHA1
e2851400a9a250f9a4a17af56a005338420e45f3

SHA256
4c21c327cca115479b75e1dccd141b6a8a4094518649ec33f0c14b802acdee66

SHA512
3050a19259bf82ee4dad48883ea95a437d1bfb47487a441e606077f66524088862b9a274a066d4fed83f73d535334e5308d387b4f472e0f5705e3eb81b40215e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae45673c718f998ee1e84d1b6f14c737

SHA1
3fe53942588202f88239d821947741cf69b32264

SHA256
b0053ec3867b9f04c064748c987360c2a1bd01d8b1aae66f6cb309734dd23c4e

SHA512
48d613a2207f74f35ddb94742742ddbede2ca295c278bd9ae6e1749f735bfb8bf68f59e8e801c1774cae17dd1f92581d26c55f726352c1280926886d955ef94e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
43316442eba95c8e982d0e755a667b61

SHA1
e1e44416b14299ab79813f629d6420058dce041f

SHA256
b8057a2b48d457f01eb0a441ddd7d3209448fd3108d0359e86142e522df1b24f

SHA512
e94e67e938c7f534c452024aaaab458982580a7be5c748acdfe78e1bca9e2d5573621212fcd775f1138f47dcddbf1e2599c1e066633f7acb1f6fec014c7258b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab311E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3131.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar32DC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit