1400a7ef2da426c2dce8290d6467b4e19763c67e08156258c4a85441b1a819f2

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6ba5f8cd027daded4b0069e5b3ebe79_JaffaCakes118.html
Size

213KB
MD5

a6ba5f8cd027daded4b0069e5b3ebe79
SHA1

f028af80a4891ac8e008faeb155cf1a20b52b735
SHA256

1400a7ef2da426c2dce8290d6467b4e19763c67e08156258c4a85441b1a819f2
SHA512

aa00026793dfd492c438777dd3f8e7a8fa7e5dd559c2945e2270ea3ac2afd0b7bc986ea939503d988a761a8640af3e550beab9068014fa3a8e3d97cc35692ed8
SSDEEP

3072:SNGX2eJizYMkbyfkMY+BES09JXAnyrZalI+YQ:SNGyVsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C404451-29CE-11EF-8356-E61A8C993A67} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477151"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2964	iexplore.exe
2964	iexplore.exe
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6ba5f8cd027daded4b0069e5b3ebe79_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
352baaf3c8e223d4325455387b78c34b

SHA1
e448a17decb872036d8e0732028848ba6c53e148

SHA256
c0211ea11b15e47e60df99d254d59c7d4b28699db780574dc919219cabac0bb8

SHA512
0e08ab672703a4f01f105c2d1e85deea888353225acdbee5b7d96ce3bc92581bb3ca3d13a9f67b98fbc9e68904eff262b19380fc1368238c08674493019e0d46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8fdfcfbb3cae470e51bfe15854f8dd4

SHA1
7a5b684b82d2f935d3582428cbb0ee52347f94e6

SHA256
a61679460a44793bbe9c683ab85a54887a6f03ec15628664a9a5301df110ebed

SHA512
ed99e6e5fc7ced386870708ce0369fdc8a34f045aa71cebcc75e194f8b63a1d93aa9d4136b07815d56763f23f8aea1420fc35ced3d88388a99245877d2944855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ee4616edd492073476918a377dbe2f6

SHA1
81ea3dde0b03dd1c7b784b4640b19fd8ff02a23f

SHA256
0bdabc2daa1e84fc49d6ceaac4b5b2b23c4cb93d7585342179dcc0887b17e1ea

SHA512
b6d2cd76eb24b7c6b30323ce26a77ea8045bf61a2cfd1f14b8eaf4b38cfdc2d72d09951f3ab30654d27398134e5a8dcdc70d449d5dad321a4817ab0cf80059f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1aefdcc86c02f53ed3437ed1cd3fdc55

SHA1
c68043bc7aa3cb1f991f1d35b773b0f52554018a

SHA256
c9293322c2f983f7e986cf21c844ad76acac44ecddf4f28c4e1f6d8d0779f299

SHA512
da8d714b523aab1d96ca6fe00bb50b6b97c9ccf3a1f372705228e94f342052ff6969c10fba75182e25f5496d4cae42bda5f083ab5cc416a397f8ff8566a85573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fea6a0976a82680cc940d5f0cc5f187

SHA1
2a7c094393e586b16a3d83ba3b8a95ad2f23dc43

SHA256
171e4954abb018777b6929ac45f48bafda7c6e2218c0a238aab9c5aa0f8b510d

SHA512
821c9636f7bd0f3a99b39124c28e1096bd799a5cd09308a8586fd5113e6689fe28f1a1d2aa10bf37f6eea3c5a4a6cf2c942990809588bf6dade33040affe0c05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7c6735da60beaf5762cbe6d1470ae49

SHA1
b51cbfdb3b788d75cc3202d7546157cb2f8e56c0

SHA256
07fb6cd02785cf2cd347dba6881f4838afbde449dc4a6035371f55da8abc4efa

SHA512
3710ffefc6cc2a4ca4f216ec4c4ad2b6323851b725ed55638efb447615a4638f453d3404e489b02b454e75451f8039191825a4e86a1488ef8734c6a5ef70f46d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f96501871826f19391088a4a9d44d70

SHA1
ffb5ca5ee8e4df5b74f9fde4d62cc19c8623771b

SHA256
f5d086ec73659866494c993d5c340755938e31ed9d3499d5960b6973114747d5

SHA512
9fc0b6fd59daa3a32ae894f79a5c25cb1a2cb78ec783bcfad4153f6b4ba3d7b36dbcc4e31ccc575b694dc7cf55f133ab31cfebf2a18beb14ff92ce1a1a5e416b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c75fda3e7d80fcc1fc871d3c65a27aa

SHA1
fe47bd61ecd0d20ad71f65e8cebdd35acc459e05

SHA256
69eca208a73314d1b63027e100b726acb8004f1636292d943fe529fe6191acca

SHA512
d7fa9fc495117ca2d1546d43a7bfb594f178c8bcdf8c6c83185543f7ced0a81804eebf14ed61668636a9589fc5f412c620be800826934e6f334c6eb9b9fea386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
739e206fff514137c99d2ee8535c2db6

SHA1
d343815cfbc55fc3f0b1c21528f0ad24e3a701a1

SHA256
12adfba37203474647899332c42a55a87de3ea7b046d3a009f9175fd74459f5f

SHA512
170907aa9b6c33d4e2aafcd37c1bc0ba5925ed950a01a218626f9d7e37af54e2da19682035d8b3516721e54a1eeb6f680d9c0e3586f5fb862a8677e1595409dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cbce062e66d2a12090638d4bba89a77

SHA1
87bdf0849e80493ba26ac3aa7a672b30a5857a90

SHA256
fe2746e1016881c74ef255b397e7858c7c1fd430ee8d7b0eaf3a244d32e14735

SHA512
d99c377dee59cbc7b9f91bb99ca9a10b02152781a8d4a9e487f53be6b460ff0b2a369e1179c25fdab8d378995d20e57ccba88d87593c652b79df07a6d9b58ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f075ec767edc37e24d76efec22760164

SHA1
22382ed26a8e35e1dbfba447143876dcc7f307bf

SHA256
710434d64ad8cadd4e4e1f47651ea9cde0e8dfca9951134ab03221887b3e41c3

SHA512
d1fb78565d3b941e9ed665aebce46872b4270fb0972d108365e9f664fa322050b1c4284bf760116a479f885cb84ac984293f4ef51ee3c59a22d204cd17ea2f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc74f73d8bdfa767412cda3be3b95e82

SHA1
18dfae83437f3f1d81f56bd805565ccdf0d9a0be

SHA256
520a38df39d3340a497ef3c68f13269db4ca23e0a89a5cc562e0783460326ec6

SHA512
0e72b9a61701533ac614e8be63a0617cbb8e8a3d45c2a90f07e97820c1fe97fbcbccbd065f518b9382b3deaef6d189923ebc355da5778272bbdb90c13906b368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88abad13f3e649a0802084abd9b6bc77

SHA1
ebfc4153d48ac6d2db3d8a13fb2bc9126b072537

SHA256
222ec8c57733bec415a2df3395c492196b6429313bc0bc49bc7572c4dbb74ad6

SHA512
8835819e67e8cb2dd5d14e5893e42dbc08879c38ac3d5cbe74f35e17c80b96125af45c1e97cdeb6474a0ca2c32a6bfce432121c11843cf276e2dcaaebd706439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
687a7715698944489212b3680d6ad46f

SHA1
c18e5d32dcf5a0ee53ee870d3c5dee251d16872c

SHA256
f16594742f75c030a486bfdc1afdf793b764c09360aecfbe04d076bd6ab184e2

SHA512
c63aa5b7ec94620af155979fef3fe2f932a0774286454f6e357d4969b4c0d2acb5ec5e868eb19de3e32641846c82afd5c4494ae8d568ce0c2ed920e1dbb6e6da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
184f1a0bfb80823ff8251829320d04aa

SHA1
c21c21e84f1892da054a0a7a5f5f7965198b4eac

SHA256
23f3e1dcf1046356052a12381dbb4f7082c6753b8d8212f167bb75accd034bf3

SHA512
2907cef8b6ce479dce526efc94b4eb091041db73ed6c10881b536da0ef3727cd58330d00942e846f4502279c20ee739b940d5f312313167dfb92d0d35ede2890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83e45d918a60f8a73ff64940d0675843

SHA1
9d4bfd41879d08aa7eb9132255a063a81eae2067

SHA256
1078962803fcde758d594b02bc2c9b3ccf87792233015f95834eb02423c42832

SHA512
9cc739cb7b0fabf2e0222e7aacc242c579cb44edfa90cbe633612df8ae1aa144c33779828dc92d1904234135e16539ca7696509ce39c56d75f0413a82fafc660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b296f9e634dbf98bbc0359fbb8484bce

SHA1
071bd64058090d904ac19d3a842d4eb470c14430

SHA256
889e795b6efe79f390785e511909cd5844088d8a371d336b362f798cb8dfbb0e

SHA512
93f6650b28678e99c715af4a1861f6894ab48b638b967c3a845990d51a6ac7a1fa432dbe5cd1ba75a64386cf2596372388ffdbbd4c81b3537a94308739a2612c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13145d573125a4774293d010212dbc6f

SHA1
c602d93a99d65b94f25e0b8ad6531d31c7bb21df

SHA256
8fa478fe629a2fcc8c249433e77ba96442658d754d8c717e7812b64aaaf5c664

SHA512
ca77c5e123e770595a5863cdd3f1ca2456bd623069cb5d864a21a62ed029c4ea9ab074dbfa7f550aa43a6f5f90a2eba066d498dbba9ae7614eea20554f265e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9dcbbd374aa71e7d1ed2eec0fd9f872

SHA1
473f60d3d249d9d555a3eebb7037af562e8a2f77

SHA256
e83d54f95ec131c1b39ba579b6aa864771609731b10c52d3660ccf1850603e02

SHA512
43a70c8f528b4fbd23a9c39a6ebd1cbc6aabc29cf6c68baa6ca6cc398f8ec157479d075bf08313298164c076c98af0411b05ed782b10d07d817abd5cfa4c12de

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1001.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit