ee2030e8817029fdd85e63e8873a50ff61f43ec40fd98b9a24f58dcb7bd68a7a

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7b04dd6c224f6019095120a6f63423e_JaffaCakes118.html
Size

213KB
MD5

a7b04dd6c224f6019095120a6f63423e
SHA1

186441901a1972d3f0b0a427a4d719dbc9a37d8a
SHA256

ee2030e8817029fdd85e63e8873a50ff61f43ec40fd98b9a24f58dcb7bd68a7a
SHA512

988c64646d020f634a32108a3afc5420bc62b6be44d898b55aa4fe521323afa303b9fa5fa230c44c1e8ececd54a350d4b6fef8dc4619f52b8c48ff567fb5702d
SSDEEP

3072:Sp0xrMYmDQjNyfkMY+BES09JXAnyrZalI+YQ:Sp/yjYsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C97D8161-29F3-11EF-9E55-E6415F422194} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424493119"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2176	iexplore.exe
2176	iexplore.exe
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2724	2176	iexplore.exe	28
PID 2176 wrote to memory of 2724	2176	iexplore.exe	28
PID 2176 wrote to memory of 2724	2176	iexplore.exe	28
PID 2176 wrote to memory of 2724	2176	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7b04dd6c224f6019095120a6f63423e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a1fd85847b5a8c07ff6527f6702dc8d

SHA1
ae39fb7825a9d4f415d7791db740c706c64b11f7

SHA256
f7bb1d3c075883d8a7ef8ed3618f00614f7eaf91d389cb2dbbff427d174b96e3

SHA512
57a76faf85512753d9b97f508435dcc908167008c3e4286b00d167c99b4421c5f98aa482769fd8f9df03049466a5f9d90ef3e67b2d63179fc4ec099ed79dd2ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96f88c227b6a7386850620bea22b3229

SHA1
31890645a676df31fcab9c9c779148271ab6e8dc

SHA256
f5f51a9a39fc37f1600c47411caaf9fb19c4625e5f69296ad6b2dc7e910370f4

SHA512
ca5b663fb72b13bd67dc01ebf2442663c7eb7080cbe4ee4d5d69718b397649596b3436939a959fdb9913edb701b89494a329f129eb02baf27a2a6126a44a8a9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69c27e20909f2fcbe50b024cc4a2a8c2

SHA1
64d70fb78df91c18894944416051170c0c98c03e

SHA256
470a5722f26260abe4b22bba2c0c0f0be158c1ef83a596eedde2aece1fa4498f

SHA512
d9ebc11c37cc87646d11b112a0ebd3b78d9c2afee38e9a743023c40ee3c4dee9d23b7ee9bb2e828f38b00fd19353aab14405759840fe46844041a10d57a217c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea4b9de0d96b1b4aa31be8c62ba89e4c

SHA1
cf7bfbb90b9c02f20c134d358bdb6e158b04732e

SHA256
d12aa7a58f88cce8a75256fc4543f2f87cff3989f0748260091e73e2e3b94de1

SHA512
c19d2d93ae192ee9bce77e88989bed85593e2bf99336e8694e0cebda6aab6f3d2b7930c0efa26b1d984ea6c986a13a1284bedca94da69422d9aac2555bed6a0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10b7013eca7ced48c381c845435e97e5

SHA1
9efa6837ff3b6edda8851012acb6f7d013f77d25

SHA256
6cff6947d56653b77083dde10585b02d83a17ae98bbb07f794f9d24950c85d19

SHA512
1435e4418840bc2ee4f8b4d600efd1568bb21f6cf0060fe8fc4b5bfd659b2a7d51e52fc8b6cc68b8d53567fe71c9297b385fd3387aec3c6852d8f7ef8220eb33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2a8831d0c13f491a45ed2520d5d4eed

SHA1
02d34490d900b084093aa0757cfe92e643c20608

SHA256
38a2b4e0ee5fbc9e4ba666e66d991783f122b8b1fe6e65d69ea27cca89adc18d

SHA512
ede8ce733048861d610c417f7846fca797683a19e139182def042e426da5343ad73fcffbd90e6df6f8ed6a34e91e87a936bba4c3dafdeeaecef7b3169f4bb26f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fd92423636d15b9f9fc6c52f74a5897

SHA1
819ac5acc80ea77cbc00f3ea216e7758ecaedc29

SHA256
5829315de03273b568329a157887dfd3c6764cfd84a8425040bcce08ed0609aa

SHA512
85ba2f30e82abc90ee2036718467f243b2d65bc4d7cde19678a140d4f0eafb18f2e005f69451eae1d902de2473539ff58cecbb816a0aeee211b367aa104b8eeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
248295a04eea18d52a7885fe53204db4

SHA1
36990fde1ad00da4f8bcded012493f35e1470156

SHA256
9e13ef4a7d873c269715e040200f0a6902fada20003393e5778b3f0ee4c91f6a

SHA512
9a636932d81b415c7977548e1da9fc27ebb4f3c17340f7909b8b30f3773d6ce6b056d6089a939e05164d6e43fc7cb30955922057f608deefb1430ade3b9ac0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
638825bfcbd61fa7f7af3691dcd53348

SHA1
5952c2af833b092edcb9822bacb7cd6b98ba6e8b

SHA256
51ec7307dca9fbd1a719a617ad1bf9edfbca878b62912f549b2c562576188cfa

SHA512
854feb0d05873ff8a65d86ea11c9b631f72597643caff5422801876fc51e4eb4df23876c145d81a2e75a5ef03eecf015015798c77441a12a3587d289cead53ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bcd3efb7723d708f384b6aad816a288

SHA1
7cc29ef75e85785427d3011de1941dec79eaf594

SHA256
d904f6fd741f975649f1ff1c342547c84e5a4e6c1bc28c9b83bd0a6032e64712

SHA512
3b18bffbd7ab505bf6871cfef34edd77d61554af0555f1585b000c7072890a41df951dc66a7d9f4b451079d9604477aca75c2f06cb143bcce9aa71b3b46dd670

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebdc161fb1c6c879fd280adb10d58286

SHA1
cd228408b33b5052f31d8c2d99660bb7dace6fb7

SHA256
504abbeb46420e991bc54d5141133ba55b32f8de1b3611e751689fa721973403

SHA512
eb3bb63a8cd97ff54b86e49da7614c1512239bb4449aca3ca0a6bbb054faf878e19d80ba9668e52930d3efb85ae22b1b7997f744960c8a62ecd158bac563888d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7397aa7594a03c40815364c60f52a408

SHA1
1168c26a08492ecaeb9d7b770e44a1092d1a580e

SHA256
a595e489d6dd8981f4003dc5dd7b7be88d2b7841f7185c6f42172c62ea86d8c4

SHA512
593fac49354a097e85d0eb3c86b314595215e8134facff356e7e40159bea3d26b0b9b499ea1e624b10be5b8ca946b1ab5a380765286cbbe6db2af4106a2196b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e1a20b40196d029be865d199d5095e3

SHA1
7c243c22561b061530568cbd189bbcfde847f4a7

SHA256
2ab3b97d5aa4f017dd10e5d7ded29a9135c774f2217733c8391c50c6c800c707

SHA512
0f2ae8257fae8646a59ca38a24bfe86eb001bf59710bb160b439fcf52f0330dc7b1434d38c1350054a2ad210f24e52d66dcfd5b8cddcecee2778cd2bec2ed735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51b3d432ae5f9d6dd239dd6f62fad592

SHA1
bd044142bd040fbbf0e08698136412a91ff016a0

SHA256
36188a74f3318cf7e47c2b546a6285065ec6fe5bd47c99b15f76c6f1f6e21880

SHA512
73b919d831b6465ffc7d66dfb4c5734f4a9127fd543ffd0bb92314d0940ce005a91f95cca6868a85f3e78d47b0713cf48b2dcc088d92362212eb6724ad635ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17e6f8cd9b24428ad7a5e035df8d70e3

SHA1
6d216b3c39ddd4ae7e770660a9d87f7654f8c195

SHA256
dee1fdd232f28ffffa20b94fb174844b62f8b17851cbf3e3e8393c5a6ff4e103

SHA512
7c5659a9f29946edc315be1041537359d9b76f437ebdfabb51dcb63507016f0768af344201d09b0aa9cf574d62a9fc7246d2b86d680cf9512ba47c742728708b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8c43d0933ff5afd67ed28d1afe919d2

SHA1
be095fd92c928675854c42c2ce51dce64b1cbe1e

SHA256
f19fbc1536eb986b3a3e4ddeed1e19d9213e911e9f8ebcf51c9e9c6ac8c1cd74

SHA512
668b6568f3ea2709a023d77d370f5488efd3fde852dc689898f55a40c7d98e5826dfd40884b182194d3b0a17f06909cf0d0a8e93c7934c917ebc66b3f0100595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e35d560df310a5667c014e00cc7e79f

SHA1
982f6781044baf8034efb68f78c592a573a469d4

SHA256
1b37df2238edd368a19dceba9fc053e4c5e0ebcfcff4fc9f1615e59b14a65e65

SHA512
2703cc56a60e0bae2c83bad4cea969c83d34fcb2a025dfa2fb02adaaf334f3fc3689daa30f57613d838b809480657fb74de9b70c651751c95cb693d1d9c5ce41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6E00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6EBF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit