75b1c7487d8d185a5c9b4c6e421ed7492f7eec4423ceccbe30e7d64c533b980e

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 09:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html
Size

142KB
MD5

a4e94463c9a0731df3c9b206e4a1b074
SHA1

a45a02fae9b74443fdd07bdb0c811bfea1657c1b
SHA256

75b1c7487d8d185a5c9b4c6e421ed7492f7eec4423ceccbe30e7d64c533b980e
SHA512

8b96e5dba833cd999d7f72c8c0425cdaeda279c0e40c52a6c1d0ce77ad1df42ec43d81cd6001c76c7f10a199321ce667ffa70d71c54436a2046b5bf91a04a0de
SSDEEP

3072:SWFbv5n6x7dyfkMY+BES09JXAnyrZalI+YQ:SW1Ex7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433763"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9707DAD1-2969-11EF-83C2-E25BC60B6402} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2520	iexplore.exe
2520	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2532	2520	iexplore.exe	28
PID 2520 wrote to memory of 2532	2520	iexplore.exe	28
PID 2520 wrote to memory of 2532	2520	iexplore.exe	28
PID 2520 wrote to memory of 2532	2520	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3eb40bcf6f659cdbbd8b0f69a12c153b

SHA1
212b694b7a8f8306d2557ed8aafb9cca050463b5

SHA256
b86677e190019579a78abe0a32fbadfa1edb1c8ed402aa4fa87bf00f1c51fa09

SHA512
e19cab42ef9618e80a317c70b89bc8069732c13d96ecd357e67f8236bed1722893cd01983908df7b2671f2d9dbca1d406d6f6f5e304e67ff1d27d2c4d6a1a58a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4d8c78cfd4f337f59866c076a908e2f

SHA1
793921dbe7161e84e774f7b6c65270c6c583dc38

SHA256
c03155da4d394e7cc444c76b22623a107af147dc6ea4eeba4e72022063dd3381

SHA512
48d2b8a3cf3fd564b38b552889a6ab9c938ad4fe43eba6425fa15dfd93ead7bb78d162b2135ed475954e9dc49e335468f9f4b28ad56dda1c12b3bf703031cd2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9391017e7095d553de1d131e9fbb499d

SHA1
bc51f17382c31fd7cc0f3d707f06b5a7a602b0bc

SHA256
27427b3ab1a9d3d98fec0d995b1a3930f2f0a3c291c3f44821fb310d98d70e2f

SHA512
c80101980a8797a6f05839b1d0d44c5474bef182fd2de60d9a2022053ed7f6d026af55e9bfc51ce597159fc83b7f2399d30536bd6f93e3ac1ce24b21f1f74d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f2e34b9c474e0c330edd4954f6c1329

SHA1
edc9545c13929ea0eddadbcb1c92dd180bb38e05

SHA256
8723a7c99765a1f3635abf8f929570416e30c949e797e3d19eeabf0f2ede7d4d

SHA512
937e9699336140999ba1f54127ddb856c96d27c716edb68321545cd522fa8245b80c2a699c4ed97855b4cf8fa84e78083d368cfa6dac0443662e3a87946039a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
775ba7f573b1344f7c9d31eb51dc8ab1

SHA1
1729493eadb79fc8b4b4c14cd782649103108222

SHA256
336d78489e62b158a0e8c6a5b2c6b0598d417d245837493dd90f71789ec4a719

SHA512
d662b6011bccd6a8e058b1f1df555e972a8288cd74f05f43adcb32685ae6fe3c46624a98368ac444cde1fba00d11dcb6706eb78eab0c8b6c32352fa64cc98966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de9a6997d9a4400ccea95e1cff93ecdd

SHA1
d92e0b313b22b5b2bc5f4215b9ec893b00f71faa

SHA256
bc0dc592442f34234a48a2fed9f19cd8932bf399cc723a0280993b9cd773046b

SHA512
512100ddc215bb6dd7a1f20345454a96c24d0498c670c8036c4060fbbeac88830dba72f01068a8ad75998c21705dd2c0983ce45c02992a4099ec16d696980d3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ba6a6d56279ff78b84532aa80d2b779

SHA1
65c1a83b5f23c1f380cb4330f6407e2e9dd2a80d

SHA256
7c1e8041bf5266ab64ddab62d230afd6cf662d3e4fe57d63250fb2eb8ab4b46a

SHA512
f399e433c30eba83c638b30b4a8ca370d18a60104c967a4b2b86465619bcd9c8b6522e51d1c85e7ebd3c13146e05ae6bda875b368ef7ddc556d2d1c91e7e9c37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
809ccd61b1c76c98858f810f41e0108a

SHA1
4a5d87e4b9380c603c9bd02060f58e63a2664240

SHA256
068f99ed92186910a8ef3dc75a61fe8972062277ca40c8b7ce57b44e8f677b87

SHA512
bdd847f9970cb898c5ebf5d6ed7beda015a677014c94e74eb7c54ce7a29476247b57d6e99ea51b28385aba290482982d8fc9a1fbc96fbaa91994534851cf4db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f05d15025651dedf170918e9c8ecc9de

SHA1
6d222ec11afd9fc37a4987d79f1abe992102be78

SHA256
11c1fcb8e80fa31d70470c55b9177101e46a81a2ec26719210d19fb133d7fca2

SHA512
808c8301d37ea29f5f682b7fe0b27765d750e257f2e3950515a7da4c0d51093907fd30dc87441d82c4aed8dc505f2f742a11056ff404631612173279d6791d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d19db281d4c8e81fdb1ccbd90581a584

SHA1
dd518660e3f267473e9a246f9e8a28ecadd89642

SHA256
e98d76b7262a5e282a6cb9119712733f0311cbf4e4c536691795836b47a54a88

SHA512
5ccaa0a1a35c11d8ebe9e2e2d11a24b367386d55d2fb0ea9b9042e1ed0ab6bf45cfe81d8505a530a1e75b2c8132300b7b368cf81d23e9567365992d82f32b23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a8bb1e39ea2c0892a1de1e9f267dbcf

SHA1
fbde1d48293ad17fb72a2dc65f2161975e0e5f2e

SHA256
4cb591a6ced2d2d777c3806ac53438e6bfa34fc562897eac7b95d6e837aa0e64

SHA512
06434183adbca46846f0110149c542e596af85f1a8d5ea36b850fc04fabd62b6fb6fc80808d484dbb2362ca6a969571b684157650d6dd5c453328e6efc0ff298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16628cddd764e750a66c80d048bfce06

SHA1
1d5921d558af2bf1f73011f2c7eddc421ab5c548

SHA256
6ebc1bb31e018797a8ff8197262cc5bb0da1a46ef4c7509b14ffd75de4de76cd

SHA512
322101c1c9150141cff2e916d9259494d53cb6ac2fe62505977f389db7e4b6b25d5dccead85d3b1f14df3a92128721e23ecc0a66b4d61d5d5785d186ac9a93a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ef922b6f3e698a2f02c64191c1a0489

SHA1
a8cad0e363b64d8a7eb25db13a1bb02912678bcc

SHA256
76dd43fd9716ac8c75da21a5bd305e12e72325b3e93cfebc0b6eb70e1b088341

SHA512
2ba00ed14d603a2da2d4d193988b3e94c20a0e33cd3e3500aefac8592732a6456d262c72140b21e1e7b7ee71d5fa3c1cd7d65919ae252c4b3e265fe5cde12c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9984ad9afd166f49f6e708cde372dd70

SHA1
7f3fa121bc08d05bbe36c74edb039561f71a1aa0

SHA256
1da0b6aa2a86f0622afe82a281919e71aa2207c1ff63d4b71d3acc2fa83494c6

SHA512
6fedcab28695e46c12b2ced5a71a9bf71338d69a0085346706843ddb9f4f3785f58085bdc61878b4291733e5033cf6e0acc803934a5a40f95e191af409354078

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e91f495e416398afe07011943acf833b

SHA1
9e46d91c97ae1eafcc8a7e536922f54d4fd71886

SHA256
319a3a9919604c937bcb67e63571d3434ace558f9a1bf17b3786bdb1719cf0e0

SHA512
7cbb83cfec7cec8554964123b6dbbf62b53001d282561fd23d76cb57924b8a4751c0fe3f3b2c8b9676cb58fa23175ad7a0d70b64056fb4f9c9ff65e0eab0a330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
507994b913251f21ac01170471aede8e

SHA1
44f2475c1092ff6d4bc6797ae6cb57462419d0ce

SHA256
cadf8f8ea2277eefd3b625520d472baced3e69fafdd59d05835d4c54af076b2d

SHA512
fcb61b549311b307727a309ba08ecde0473611633b44fd3c1c6dd86ff9489ee6e4662ab210ca1aa666136ba058c361b4acc659557effad8a3ab0fa48b1589def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e1496bcda44ae6fa46938ecedb446d7

SHA1
f970d22232486729c8ef53f5f2aaf32a733260f9

SHA256
c10b4b759679267ec8b45fadce1a3d369f97a54e8b4854338189e6c46478a6bc

SHA512
eb4fb7c0ee6007eba16c944b73399625a7532c6e34ef10975164f86c738ab3491d622c1571720a8a7aa331759fa140b05d84198568ee4814164fadd96f113ae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df5d3ad4926d09e62ce9ed584d081ace

SHA1
3346dffdf0eca015ab8e62b6a95ebf058f0569ba

SHA256
88b65aa710e8e7b5a5f19df70143c4ec1ab02e144fc3486b45c2ddffa60f8ab8

SHA512
161faf50a36fa2340bde185ceca82ef3098d24559ccb8e358b95719f39f8f4bbe9d750c2e99b45e9f8e7da0c771f42c66d5d383910ebd618ae17ee1a71821f11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8c9750d6970388f9f6901a6cb6775c5

SHA1
104f346ac04fceefe52f028808256a0c48ccc348

SHA256
369a98788ee8b46144dd2fdac7c002029c011a34b2a277b76fd4a908facfbb14

SHA512
f5bb80d8ac10c3bcfcfbc2c1f2feb9a3a7a97156bbcdf191edd8f9dc59aea021a68d227da2f89bdd4318cec7fcd4587efc2db2333439a0d07e2ceb00f787dcd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1EF8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FD9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit