a1d8dafb0561904e7db3ff86fd25b4c83ba28198ec8041e819909b21c6e284ce

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4413aa19716902d43bbdc319c8c4ff2_JaffaCakes118.html
Size

125KB
MD5

a4413aa19716902d43bbdc319c8c4ff2
SHA1

3d371169593e24aa5f0b6ddbf4dd6f6bb37d6b5e
SHA256

a1d8dafb0561904e7db3ff86fd25b4c83ba28198ec8041e819909b21c6e284ce
SHA512

45dbe19df4f69e6d02198a36a151186d72808fb0c4f13ee9ad5866720a58d626af42bdaf68b6ed5cd4a2f2bf5b6dcfe50723c8783ebf8117285e2e6a2fd8a63a
SSDEEP

1536:Bxy+mGGOrpA67ORr60ivq9KZWvr85BAHmEblq79tgV2X:/zNrd7Fq9Kkg5BAHc9tgO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14E3E991-2950-11EF-8144-CE80800B5EC6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422808"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1252	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1252	iexplore.exe
1252	iexplore.exe
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28
PID 1252 wrote to memory of 2100	1252	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4413aa19716902d43bbdc319c8c4ff2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb85f3fcf86ef0de7ef258539cae87de

SHA1
c73288fff07885a62f8c7033b348863ed3b8cad1

SHA256
7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f

SHA512
dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

Filesize
472B

MD5
a4c3e4b3f212ccf9719236eaa8f728be

SHA1
e017a18974a9969ca60ca2499ac54b464d91a2ef

SHA256
0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a

SHA512
c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
641a37d373f5e6a30ce2e186cfea69f4

SHA1
b3df228a4d9c978ffcb781751fd749f827af7442

SHA256
8ecce7ed0749b130b8a17a76f1b41d94eebe3fb13eca8ce8110b07ca98efcbe4

SHA512
db8568cfbbf4052fbe9c4ab05e8251186a5de097271e316f830123f44d449b47bc9565ddb1036922e8c918c56d39a896833c26d7b23c0b9adca3bbe7e0c4c22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1575e55df38a451abec12d325ab25ce4

SHA1
7782beffadc244ceb816b299972d23c8421ac34d

SHA256
4b0aeb1efa37bf973b76ebba725a1061b8dcd433c31750cec3b8cda14500ff0c

SHA512
3626e53097978e5f064d1144360cbf3f56f767f9f4ca15606a26d87724a1eaf134f5958b57a381c651484b9832d8bbba327ad6f527669512c61dc6a93dc29a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f30c91a181295695a67eb1db9bacc063

SHA1
f250e4d02ef1af5f2f9ac09e9075b6ff7a003adf

SHA256
be115345b8b095c07beb9d3bdfe70aa95102062167fee3b30a79c84650bd6aa9

SHA512
d83359ef85e7461072ded817546c472512b8ad5fc36f490564e6e10875fe55ae1cc7317090a132d27396c9abbbd952c34f0b608f298ae10fd09619952d4ca545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9db7525357d1061c6f5f95e418799f80

SHA1
cb7ced9fa3d6121d35412cb4c6f1d18b3f20c231

SHA256
60b884eb9aad510f78802d40cdb67bf204611a0c58a3d1f58e949e0d3f0139e7

SHA512
6c1a8c421f5025517197357b98632a4afca57e54c1f9d0b8d0062f650670bd7b6dad45acf17fcc6a4cd898eabc38057fc4cb709b8eec964c00df13c12ea5dd65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82082fa1816d92e0fe730a0a222cdd0f

SHA1
de03bd13e86b39001e9f009bf9f1866e8a6a906d

SHA256
fbd119121fa79fd5e29c14cfe3e45bd58064c5a6fd621ebfdba9327e59320726

SHA512
d937a07506c84cf2fb42eafc095cd03eba820fa34245a16079bd953f34107ea07468e06eb94907dfff53945db26947240885c7cbde72d285f90a79351ab93387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0bd82e4a54ecae92f6765680ee83bff

SHA1
1569e009ae6a612f9b4d551ea3b57464ffec961a

SHA256
7357c88f54173847d6f9d021525269f455bcd6ce06ad68499935d74e15a4a6a5

SHA512
56006183bb30e4361ba207c12982cdf3336c10e6ecce67a6fa2fee79c75f59c7f0fbfa02c41292ad8a6924248c30090112319d6bcc659dc53c1762cea6d973bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1356b8a82b304fdc5ab5079d10d123c

SHA1
7d8b736291b0c3bce3d7d285e051cea4a6e4ba92

SHA256
f849e7b924af1451499371a1e2679834d94b9760e16b84be6f58acc9e29b978a

SHA512
141b83ad13024b2a19727205dbaaa32980b54f207cb1a4988c8d8e5f1c6f1a14207a2cf4472a7bc0eff1b7040856a1c6e366b221e385a11d19e07f77d8de4c4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d1afc74896d38e170b32734f6dc899b

SHA1
1cefc46cc5e4f10a03679ccfceb5cd83389ad8a4

SHA256
e6699c31af3ba24dbb942366b000ef3f7c0908a82ec0418042a9c47b364c1b1f

SHA512
01d893dce1f6353233b944a13160e26d39ac1e7202c263ee5e10725773ae0c39dc77bc37173d99c32a8b8971b1f1cbc3a8600e02ee1cff4b407b7ca8003bd13c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
335580182ea09c24ae5c4151714a9632

SHA1
892fb550295939be435c39524c22e3bbff06e65b

SHA256
ef215731f356a0698b090f752d4d26c325ea6f5262478db4e982aa89faa64cfe

SHA512
e6dbf34b933b3e3d2ad755b4fde990e129ba77614af9a44ad3c99914876dde7cd5b4cb9b2721699d3085090cee087e741744d1a808174d705a9a5d9a137a0e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cadb1cb139440244e633956b2f3721b

SHA1
860379c87fe62410be2dcb06a35fc6a827deaaa5

SHA256
d024caca2323a881a98e5c6242369f128eb70017a301d94b143205f928d90457

SHA512
200c9daf256a61fbe5ecdce178cbdc5c09be647e7a636e7a174965a4e2de294ae1aecd3ab4b9bd69e4f92c7929ba3e91decda87247ed41be1768c47671156488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83c893a296f0062f4c64143906777f66

SHA1
40acedc7be6790545c22a48fae1d775126acd266

SHA256
db0a55e4c5520cd9fb643f06ed4590ecb54ed3b7436d4f296c49d843c530ae32

SHA512
0fe8dbedc7dc39615efcd5b592098d80f9c946f98a2653f11eb34ab0b01f39b6c89a86ed845e10a1e12a16e20d2eef1d0521f51ecd901006d88a85d215aeee8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
dd0db1a6eb12fa966a89f2ac3280a784

SHA1
bdf169cc2949d60a169dd4781b22677af4c10a6f

SHA256
6de6400b69bd3bac90693082a778f34540055f72cb3d732f936b414563834bb3

SHA512
8cb8d731915117e5f602893cc858e18ae0827d84e08cf3de53f2b04d8a99cd6d2b4e38341fb4b02c4ba62d0720cb991be8c9c9119ce324c718d65ab3f74a72e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab56F6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5709.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit