60718ac440444b67d923b5bf594093395e93ea60366a32a537213f279ebe4fa5

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d2063ad9e8500ec31012ab0ec6a0a72_JaffaCakes118.html
Size

9KB
MD5

9d2063ad9e8500ec31012ab0ec6a0a72
SHA1

377331bac0f546f4793fc61512ea748ed34e6823
SHA256

60718ac440444b67d923b5bf594093395e93ea60366a32a537213f279ebe4fa5
SHA512

6ed0cf44eba6c55d91cad269c029b7f7863592a7bbc57168c94a0fe06f6008d8b537f79e82b004f30cb33f0eb05aea4c53bc825003445c70b9c583cf1216e3e4
SSDEEP

192:zd12ZNR4/Euq7EKQ213mAsvmGHFcG54w3vkiUM5/CD:zd1iXwEucQkW3ag9w

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD6A8821-27B3-11EF-A499-62A279F6AF31} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424245681"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2784	iexplore.exe
2784	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2568	2784	iexplore.exe	28
PID 2784 wrote to memory of 2568	2784	iexplore.exe	28
PID 2784 wrote to memory of 2568	2784	iexplore.exe	28
PID 2784 wrote to memory of 2568	2784	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9d2063ad9e8500ec31012ab0ec6a0a72_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
310d351667761467d84e08549e1efd9f

SHA1
218f66cbdd1fcea6b98cbdf93b5f1f5ccad9bd87

SHA256
3a7d223e366a26bdde963ec8d7f874959c356d6c43c6233e7868762856aab79a

SHA512
9aa3227b2472bb223518b93fbafdcf3947d1c9f2f75c34e04abe0e88e9b9206fce0dd048d742ed2d323a9f3660a1c941240bdaaceed522b49c13f4d714f4773b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
480ff5d417bec160ef29bd31efb0012e

SHA1
aa6f1a6c60ae0868a9cef5ee64bc22e6ddc3da80

SHA256
29c0609cb0afb1d1c7110c1462bfd6bb9d30328aceb2f2a13beef88efdc185f2

SHA512
33143f804c409d664ccaa3711f784fcb5cc613a1a2c335ed5b6cefef1b1b9f80d6bec374eff142e1ec9b8ed290382baa3848daea17c88e393aa23fede375f28e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
659e7451a92faaafcfd56c6bfc9bd6c7

SHA1
22cdc99bafce65a4791b9efc25504da5b819bfb2

SHA256
2b63b37c44064e674f8abd3456a66600ce50dd750abe66504d4d780ebe1be557

SHA512
ef8942335752ac96b48afe3f3621635b36cc6f6079683968add2876d020a2f068c8427604237f02e8fee02811fa4cfa195df334b9f2cd0dd3888d3f037b72c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f66da26f1d97e656db873eeed28c1d9c

SHA1
92267d27fbb06bca65649674c1049882bbdb26f1

SHA256
ee21e40f499196de4e9b16b19a349729c7a08b70fb7b9d1f1ed349974e985356

SHA512
0e00a1c76722e0eebfd0d3a3cb173f92a2344f76368dae6db9dbfbfb7f0bfaf61ac790de2974cc132facb30daff43559030462945ee6a5836a28b8a534665247

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8548aee9e1d67c607b13e43c39bb9921

SHA1
63bbaece0e8ba30ef8aa4e6b1b2e70a7eb060e07

SHA256
f7698cf331768e70e355ff894ba01b9d16efd7d54100036593440ded5e863277

SHA512
826e235abe8f282d23c0015fa3844dd001e2602c46572eb2551dfdb958f7782e1828a21812f6b7c2f73248d133c0aa092fc4c52bca58f22a8bdf5ddffb54a131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
702e5ec9f8d76d75212441d55d399013

SHA1
4077ae0cd87385e23aa462a054378379fc851e2a

SHA256
948d23ccdc65aff6b19f1650a61b13f85a0cee0ba621203694620fee76315b40

SHA512
77cbdfc3f005ead728a08466b6b4f98051014f54ff7132ef719a663994d0206cea80f047856d83d63f666ec558dc33d2dbba56b16af7c8dc899a9162cb2ef0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1265bec90dabf25bb80feb12932f008a

SHA1
c86a0277cc45e1a0454837125359fcf02e765df2

SHA256
7202e5e145cbcd5bc154800afc282c53f750b9c644e816ccdbc0c529c12b77fe

SHA512
e9b50f791eb776597bfacc898096282111c5cb7da1976abad18a815fac7eb94f7466bb58785e20dfd597b3d432cb1dcc7983d1ce8277fc3cb2bfe746e6c280ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48433e97a06bdc2ff2fb0aa2de4c7fa4

SHA1
7f65c7b7d856bc4d9212a740b542536c6d092f12

SHA256
2c77da07d40f5bd660ed4cf767d5ff97264ecd66a1f8e04a44bbeaafa8142c11

SHA512
77a141c331191320224fcf1faa312e0962b7139350d99c1e84dfb02152553ebab9372747e091d2adec3d27ef1afe9f19019a9e3be6a395f30d974594b841408e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9edfb6bbb47164385f11462334d8ed08

SHA1
8f7f1ab692e6a9bb7734bd8432cd1afb36dc30ee

SHA256
40094ed77892439175a4129ee54c87fd20f066ca9097f7e8c0431a5ed227f971

SHA512
7859051b58431b6aa15c882b87d77fa8e5652b21c9d36faf9d219526af72e1d37892757541e7be509c9b76515c581a5c4e7c54018826eb6d40dcc0006cce5f1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
016ab712832541834edf38785a13b24f

SHA1
3281640a5a965db97a24cc2d3656b076fcc2d1fe

SHA256
91222ff275dcedef9313956e7c4cdb02272db9a0a9181857cc50feb86e536fc7

SHA512
f7ff90c625133e127a6e2b8c34146c4051a6852b40886e0f15ad2fa6373b58106d8c772ff12352793eb42d2816a3ce3e15bd3a07f3daf85eea26ef439e87c760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ede1a3b3959952fb7f21ca8716ee0eb

SHA1
cd202794c25bd5511855bcbe4bc767673db2f62f

SHA256
356a4b9c3bfbb2d665b28ccec1ef5ebbb86ad81c62ea235c24870528fe1d7c14

SHA512
5dfae9d8d08d74e27c671dac4ee73a1ceea49d496c54441abbb97cc72a039ce5837223a4806fa42920a5869fb1ce3bd8492b9796fd67570c93142264a7b32c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb730c2ec887eb9cecfd4146fade224b

SHA1
29b3d2cefbcd28f586a071c679a7974d9be8f393

SHA256
cacd5522713e13c02ff0413ed2beb33a2eed9bb68795d7204092c5b25daffa6e

SHA512
3986d31ae75d24ce5e9c5b20edb95e4221cc9f55424d4335995067263ce3142bff01f241894edf033ea1e615ac5a976cd61e81beac74c3a8a865a90b54e6f48b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8845f35f8b68294a9773e20297f4b2af

SHA1
cb291dfa2fe330f5d15bfb030b2cd65c9f62ceac

SHA256
6f3f50e76910a2d724e3e2e99ffbd3f09794b9970a2e2952499e79cd6ba5e7ce

SHA512
511a4c582cacfdda6a69e37f6c959827047f6e8f57f993d425b8b5ad96d9c0320795d7ebd69bebc290ce14db3fe9f2ea6874bbe4725ffb74083325a68d073e6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f9f819eb2f6ce98f4227201fd66a3ed

SHA1
11096591b19b0b517a2da917bdb4c9383b311f76

SHA256
e2b96846eda473a62602c36b7c9523cde541a76b3f2cf1390c86dbc8f0078829

SHA512
6e559ab6ab3a4ce0d89b095e9dea9107db49055b8bd23b746bb0bd5e1e6f625aac9f59f19594263d73a363fa9e51292ec3c54563c3ef452958195908b2091125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dcf9cfb6d76f1b2c47aaed938e08b93

SHA1
f44e886afba0d9a487b41abd67cd263dc38a6c32

SHA256
0a78f2f3a7ae68e42db17b51d43c5110db806b523ccedfd9ce106ac9eab3a4bf

SHA512
ab7a9b3df57b48ae79fb438c773afb0cedb610e6b1ed53611551a4dcc631c8d4a84dd2b097f03d407eb91dabc87c4e53ef182c501f4c035583bd4fa1e1638a09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bdbb4eb9a36d0145ef94acc0b37cb96

SHA1
1a223b4fe2a77fc31112b30c70e44f594f7dbf35

SHA256
853386d3c9ab2e69c07a7ef9880dcabc801c8a1031d756f9b2774b1d4e4063e4

SHA512
c1ad954b9781f9c814a3dd53f0f7c1f13e73adeab8bb83c38fdcc6f1c3d2e8214c51c0a875b76064320eccb91584c0e4b4c9149fae1a2382890eada7a0453ac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
300abcd0586fdc404231be528dd55ad3

SHA1
8453c80071225eefcce5e588312aa79f79294249

SHA256
ebbe15e39a6d09b49bcc1f6abe2ab9db3dd2936aae8ce8ef42c403929ae786bf

SHA512
0a0b4841c54edf0f0d25243e708c3a8d260d3bc81c6abe9dd560beb5832e11aca9537455b8e53184d467fd1f7d80211149431be43a50c6f44e45373d8908585e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b456ce6f1a530b475a85d2569a4fefe

SHA1
37cac718407a4f3710a2b91bd68a5e49c24f2042

SHA256
bc6fd02abbe92c0bdc799936741d53c0ebcfd261efca07b5c590e7d12959e931

SHA512
02a0061bf28751c1406cdc32e7af6b42f58535472a7a210c2094e93e3336920175e3304afcb563e64c4f1ad3b67445ed5654e4d75d72554332927a61760fa425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
881a59a9c3a5cc7cb62bbf76477108ed

SHA1
1e6e4c148ed9dd437637c6f1a8a55731bd771103

SHA256
3c1a5915010594e128a28a1612be03c5cdfc645bb05d5a766b12667e7fdd81cf

SHA512
6cc7a62ebb4ac38096334645e8d81e32325aa00c012bfddfc58e3c3af6e86d43c3951ffeb9dd8285cca65e8843bd521cfc32d5dca1bd8aaa4f6b2d6c07d75122

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed4bdfa05029fbcb08bc5b8bfb0aa3bd

SHA1
5b1276eae65dd84ba6f9790d361eae20a92e7499

SHA256
f2f1c5a7635aaf34b096cf4465ee7b51dd6405fd95ff7247c71e4ed396e2f4c8

SHA512
644402a292f417c2351538cfc69ccfdd4d01a4fb76a0ae9e2c5991ccee7dfe6e922be7bf8387008cb93de7514dd5782155b72ab6228b521a203a9c184dd9519b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab19D7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1ADA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit