e380c31495e6010a6e3aec047b3ab80133d7b8e8df84d70756f412c12fda401f

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0c383b25805e5fe5b69050591a5e172_JaffaCakes118.html
Size

144KB
MD5

a0c383b25805e5fe5b69050591a5e172
SHA1

07295097c11831136988d71caaa76a353ba3d16d
SHA256

e380c31495e6010a6e3aec047b3ab80133d7b8e8df84d70756f412c12fda401f
SHA512

515c87113f8b55b522ac25e8302c9096641d6a6a32cbb3940478c44a23255839d4b6a61101861cdfd307f0f3e8ae35e954dbe11af15f903df18d653aee370dad
SSDEEP

1536:SQacG7l77jSga/ea549NCticvg23PTcAaFNQP3:SBwD/eTUr3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A454041-28BC-11EF-97AC-52C7B7C5B073} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424359227"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2032	iexplore.exe
2032	iexplore.exe
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2636	2032	iexplore.exe	28
PID 2032 wrote to memory of 2636	2032	iexplore.exe	28
PID 2032 wrote to memory of 2636	2032	iexplore.exe	28
PID 2032 wrote to memory of 2636	2032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a0c383b25805e5fe5b69050591a5e172_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cb1eed411bc238d2e2a6cbd25acc689

SHA1
a09b8d7c838c233f30d6ae18faa6cdec279e8b6c

SHA256
a5a054d3ff7ec0d399eff16ab534ef4b320eda3a39243233bfc58d12c4cd036f

SHA512
9378b8d9d6dd4b1e748f32f1541e86a8ccba0d188d6a464f4afbfb3d473d3c3b801605801c6b13e5a04cbcc7d9fb7f99486803a6be671d69ae4cb38ae7136576

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23fff0a65cb2c659160df6ce64cb1c6b

SHA1
ac72617c39f3858a5eafaf87ff73311245a0f8ae

SHA256
707e18bc9e84468a5d1caa741cf6921e7a63879f5aa6566e41cdf36fa6f66857

SHA512
05a6d2e34671a450b42c32b262f91e24842c9b80dc7d37815c224d8ba889c674be0bb49f36035c45ce7cd1db25c51d571bb01b04dae18746b146506f3b38f1b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60f9b021104f8a907a0e0f031e62f92d

SHA1
33669a6adf61a4a30cc5eefd40290340f6bee99e

SHA256
a6f61599634bd14547d2678574af676269455a521363040a0c9e843ebbdcc6e1

SHA512
2f17504420c640c515a3ce4cff4e6133b4d9ca4a35114ab28f74ba44680c1e254624f0a2470aeebc3311c928287a0a72b7a1e8824937db3440d37c8a02f24161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed4d27d1c6b350a735ae24d6193207e4

SHA1
ed8a8a582f0c16e509cd7b5b68151f4ad226f6c8

SHA256
9fd9cfd15c4b6fa636ef6c26fa3f30cb06296b00a1e4ec1492ba49b55633a2e7

SHA512
a80f17cbcd7cf06048c52cfc23f7d90bb0efe02f4cc2f0368a36dbcdf3432afbc27d38b0d219407ed549863bfee08fa4707c4357f0ecd71f11d658681945c8ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2a059b534591aed276521b3c2d213af

SHA1
167fcc26f904d02aad105edccfedf10cf0deb491

SHA256
c78039cd1d33582ebe61a26851fcd75dd67a12701d9b436248eca778e4983512

SHA512
9e3dabcae132ccf52aef67e5d1be73c7a337b3345ffeee6f5e69f1d1974e112f92adf8164b65a78e989bef40b53268640a78c34b3928c106f13f3c47dacd199e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42cf4fd785464e58a0565903809b10ba

SHA1
d6dd085f12e89f363c0b36308edba22af4a4b966

SHA256
be4bce958bc6ef62872e6b19a6b762dc1dc41f6cca3941e5f905bb6032d151da

SHA512
3149127aeacf8d97c7078d7d0e0d8a8ccf4c11ecdab4b2ed9c4c770a9f888e9f422f8e3a20d0e620b1038e066d96e26ef482764f80b3196d6f6e1905fc4f13c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22792d121efdf21d5810175acb02904a

SHA1
f09e49b99a4e40c3cc61f64e73155f76a62e814c

SHA256
23f0c8a6462605bcab2b9ffe9f0022dc96d6d1556fcc5e9288583ba80fa334c6

SHA512
0c16a6e30192cda8b0eda5d742a62b0b9fa064c9bec1a25e0debc433fa3a4f9c8f666e913aeb96541a247f6eef9b09332e79207f5f5b6812beecddebe5b6ba3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c5c93f1d9fcb6edf20229135608a8d

SHA1
95c50488601e8a5f0183031bc95d1ac3f25e5d73

SHA256
4d5026e59c64069e592ab9eb0efcce576fdda8afdd0082ad8fe301712cb3ddb9

SHA512
6169d05ca12cb0c156ee88cdd6f8013c922e692c69fb6eb2f0e106269e11af9e1a64829b29a29aa95fd12f54faabfaec19a6b93639382d1fc8605eb44c6e98be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bc72a4f49ea698f20936420371df89b

SHA1
329d01c48f4a486680dd5bbd419eaf155ca8ee02

SHA256
d36cd3282c10114d3b6a8c29663428503707627e43ca948af37f20c0bd186346

SHA512
c3a58d6b767f282fa31d15551ce710db297cf8bd1d59bafb8c2e493e51cc5e0266da37212e4ef1db2f3f04e9bd1486c6d0ec463a09e70448dbb035e66cf13462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7a1ad7cef7309706f7ff77f333c8242

SHA1
e564b2b8e6ae208b24a113aa9c54debc50eef008

SHA256
24abf50dddeac14758627e31bd8a8cf471947b0cd55ccfe7ef874b37cedcfe59

SHA512
ee51f214a4ec52e3a0c8d4061f11752e207897ac925da67480df90f9508929bd3d4170e65618648a75b408df5028a7943910414bb207994c751d31282013baa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49e1824285c786b1ca462ee2aa552431

SHA1
4f14f31d84146308e666411989b484d982a487ce

SHA256
65bdfce1355ba6565a1699a03b0f08a661ad758facb296fffb0275095d455f0e

SHA512
82b6169cd3fb27c25cf366dab847ae7598f193e84e919fa0aabd63320652b5528271870e35497f193c787dac9620ddb50b344103144b8b6fbd41a03cc8a1b235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
425ec7edc641e2f89e3b3ae06125b17d

SHA1
167bd8824b9b89861b7be948570fba4b5d42afff

SHA256
30f6a4404e06e5c7d00ada31d731577cd0d0243f4f14dc86bf552bc2aae289b3

SHA512
8be1e1c11e440985a700f79be8c0084100e2814467363c7939a52a089f7ce78ecca1bf03048ab32072310e78e62001e60b41f1ba6117183bd223567473190022

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9804b7db7ed929ef136ad5984b010a8

SHA1
a3cc647b582f3004b4ee5c291d8c0041c1345c15

SHA256
3f5241bf8749bf8057a8f85f72a3dc006da201ea54d9770b91e4e28f4ad86de1

SHA512
6fb2108ee381f4c1adfd36e266c7b5d802786d836be4192a5461f531eed1306f6bf426118f38200c7711695b7244ebf716a5251cc4574a8b6813ef6b577073c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb788161b42eb3b3df3fa5c90dd78bc2

SHA1
fed5f5d37d93a9573ed42c17922f5a2c9cf69957

SHA256
db8ab857434925bc2491e0ab842d81465fd0595c708255e374d32faad333b4d1

SHA512
4451dc244159138e970d2f16cb49150e93807ce3d600c71acec279be2684c4fad463d6363a63513c6cc81489202753da8ba936515ebe3de1c3748660494a540e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52728264aed1c006369bc9d8102e1f31

SHA1
cdc47c28e89037fe061282d2d4fcfc7943d8139f

SHA256
f5a30e66c752dbf8f81b1e176fcab05dff91cf9d6fd4ada47752ff7f215eca31

SHA512
e85cf039a2dbb42a20f9c52caf71500bebcc620a6a14e563b55513473fe60d3e7b611a8b2804672fa43289d8c4293ef4c54b0210936abb67483a20fe85d8b739

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa1123121d5aca289394b3e842155d52

SHA1
5ac54de7807bdf18a3fb23d24ee6c2205acb6f6a

SHA256
6626b397c8062214db69adc853c92b5b1a397178d175f1b7b076907341217441

SHA512
ba0b8ce7be34d463706627446da5212766114f99e07c4d1c9878be6599f1a2b81c589b9cf85e1f6747d0ec8909fcd2df87dd68f632ff837fff59a74f4892ca07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fb4f23a722ad8dd58b75635e8f8c74e

SHA1
9428d2e0f2480cd4a36d73682cc8dfb899a1999d

SHA256
14c5a971a74cfa26aea930404bf326d34cc8c91d6d8de4e5426a12f2fa0014b7

SHA512
d1bb3a80428053461fdab3be03857562a82640ec9a9c5141153d8f18bec3eb3a61a9935a7edcecd4bb7a2598d3406ca83d32159661c019efc79bff34ae546ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1d640785189840dae998b3da4c52429

SHA1
8e120a9ae8c98790b08704e89033bbcebd60b763

SHA256
025b54dd9cbe9ed16b12da6d6d07749b994a45ec28f7d9fb361aa0c95c38304e

SHA512
f14b8704d0576b723c49f19215c3953fa7ad3e0ae9ba96ee304f37696cae22fcf6ebcba43c20ea5dbe8656179e55443a7efce03b56cae751a8234bc6512f3270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58f29b0514bfafb7a4b2825a2c45dcb7

SHA1
c26f738a3f58559c54f1e96157100c09ad7ee8e8

SHA256
f1067881671be0b69e46669c62ec0412a54aacd84fac8f8ecef3712b8f873398

SHA512
e017194c85df4eba03ecbc379de4570014be9b9da3b307dd2b31e5d461cc0118a3266298b5eb9f6980649dd3cc17ef7d83446bcdc096bf52aba68b347fdb12c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73d4531bceb7c3a85696b7650dfe0096

SHA1
671f604892ad870ec41f33f31d9696af39377268

SHA256
783f3a0b975f7428707c4f110e2351daf7a89491a495cbd4a08d86913cdd5b3c

SHA512
f3898ac83d0cdf2787854510363ed233587b6bf1015c1cecb16367c4f872eca828bcbf94470e0873665477bc2eadbb6a38bc1f259b317ed64d50995a8c184d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar267B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit