6f68162e6ca3035c4377a6ef183c642e662f38a66a9913d11af42ce7cc4356a6

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8b305cf8c70873db4fa0c0b25629c7e_JaffaCakes118.html
Size

213KB
MD5

a8b305cf8c70873db4fa0c0b25629c7e
SHA1

542acd14f08a6ef522c0aaea8ef883e65e915792
SHA256

6f68162e6ca3035c4377a6ef183c642e662f38a66a9913d11af42ce7cc4356a6
SHA512

d8c973921be5d03c36eed0fab057e0353cf042bf7298bbe3f862c2666a3bfed2cec6c965d5a884b18b30a7cde620eb019db6c99f922529ed451cfc2e1bdce2b3
SSDEEP

3072:S6Q2JcCefalFyfkMY+BES09JXAnyrZalI+YQ:S6iQlwsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B90272E1-2A26-11EF-B918-627D7EE66EFE} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424514996"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a8b305cf8c70873db4fa0c0b25629c7e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f546c25dd6867b05e7615c276dcf61d

SHA1
9a085c4075fcdb29955569bc36fc8f11c9c1df72

SHA256
53fe15d4db02ebd2c24c01e141e1fa076fced007a1d305620e2a7d8e5625c1d2

SHA512
8e515220c030a38af208925fbece8090584fdd5e95b71545fef810e4e262fd3900354d88addb202d53cdc2b04a0677bc5d8b65f660883fbe3b5eafb2154a847b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
682b53f16e0844d663ae17aeb2cb7be2

SHA1
9e94a0edcd983992cb63392878734e07478425f4

SHA256
7929848cf666863a01e982abbd88574e654cab02641a45655afbe3835a2b5691

SHA512
636090be4eb1d855fc4ddc4b11f8815c1adb44362ef6be20cfd04cf131fa8991f9f0827c05604fcc04aa96896fa70c6a8ceefbb2437e63558a1c2df2ae7a5374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b141820fd2c93e4b4fbeb8fa9ffa5b22

SHA1
f6217d7c8e4cb9b0f24511ceaa9b5533dd8f0609

SHA256
aff249b494285d4bf54d2519194bc3ffdb525cc815a2ecfdd726b2214b94351b

SHA512
a55063592f3faf2066143f05bdb491085e49001d8a86f13e4cd5b91c3c899809a9c9a6cd4d67fcbe40da0051056c3760e9091847f1681e83f34f250d1ed667d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d93e8b9378210a42f55c054c1d56643d

SHA1
c41fb1f6e4721ce02f0bdd8eaac06aee8b5e4f2d

SHA256
a4057c3b5f80ba007c84dc64ec08be61f40efc7941451fb1c1e9394e4aa94970

SHA512
a34d8163cf6c686945c6c7fa3b5dd1873b4f7465254d4d01a0360656bd6b43e37bd786167093b8cb6e1864f9aa9ac74a6dd2c51fcc0abb83742ebd4d5a105114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84e46fc967fbd2f7fbadb30990b3784b

SHA1
4e4215959027946c3b8f11ad96d34815f423e445

SHA256
cd8b637921252e6543e9a399cd8458e3bd597a16d265058467e2f59d2fe49776

SHA512
d24472c4507157742d70205273fdc11b762de68891c279d1264fe192d5ddafd454afe048666805a1d50b4b20046084dd0ef46cb816be6d205370288a96726f4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a279c4744cfa9d2d16cc8bd68b0ef1fe

SHA1
05adfcf705ce9f4e48b08cfee6b73a904586c281

SHA256
11cb3996c3cc08eede20b8b83e321bb63fa654e14af8a17bbc21c3d263a4baf5

SHA512
cec39dc22356732fc760e77247d948f22fda489a0154b6956cd4c18bf33470ec9aa9134bc666601875a1e3f29073d93a8a2951273a6085d2c4d813ed45356808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
231067f5869a8dfb1851a2666ec5e36f

SHA1
a08f0d81b81820413e22e26f57d3e1d10e94daa6

SHA256
95f4acbeaccdf3d85d6012b37182a699dec0121706332bac8edbd31fac72f61a

SHA512
39e1cf41ef2f677e24a02f44d569dd7f6eabb12cdb1e9820ad1d0d9d474d0d81a2e445c19a13db8ed7f2c3f4d7ff7cf6ead4db36b0c86eb1fdec71023f5d5392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89d9221fc8d2b3a5dfb72e146a3f9eb2

SHA1
248b279815ddbd149563df90cc0d8a8493fc70af

SHA256
8ee60f6c84fdce453ba42ba20273eb492bf561aefde12a4ee6441bdc99aeefa7

SHA512
587e19941376f04418e7959273eecd2f8b86e9473542add2664e84731080d357902e8202c0fc259db85860cfc2b849b6372f64ba6d80d3156ef61f1be0bec062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d36bcd5858423b7b9b9a87b9324f69ec

SHA1
4221dce8bb63a7b27e62c2ea17c29648d84d4ddb

SHA256
1830103ff0a7580289b9c2125b76008fbb2d6f4d5e426b9fd6c6b888d5b12618

SHA512
ebf5cb6244e874c83c8e28eb3f03bfe33f3e1d4a4554ccc499a0dccdce2cad5bc6eac763ecf5aa406806d205ca3298114a9c3687cb637b5673842b6c5d3e06b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9529e81b2f48a3d9b163a7dfb16813a7

SHA1
910806ce3b63b112ccb038bf39a777ffed163312

SHA256
0375114d8e6870e11b67584c79adc122cf5453deb494bcaae3080bc0c75e4aa2

SHA512
d292d4fd08850405845f16b98dba1987142c0df1a121b73f7565a08676091d29ee77c37844fc094b78c4dd9ae5b57077518a892e9087d22cc75f8cdd0abbc3bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38b355fd13d76ec96a5ec36001f87d33

SHA1
e4b943dd88b01bd0306564c64cb6609c52776e29

SHA256
68871b0967eb742ad9bfbe98b6664fa59bd2474179cb6f6e58dfc838818f7322

SHA512
4f57c61d58ab6965c3004a8ae6e83f7640b0cf3fcb3f41a7e5d9f0c14dc67afa7213f6d8b3f07329a5b0d12dcb5849a4f824fe047e91411461af0970f82d7a55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e87d3a696e04f79b200368de134de7fa

SHA1
eb804dd64c9fa28eeb5d118cbcd0bb5afe857390

SHA256
08d5941daf58b8cc31132d4e665261b31c5a662bf80833632787d05a6dd5acc8

SHA512
4234ea216fee726e8ddd109aa7f58dc0f8ab85d7ada8999800075d10a818f9144a873922e022cb690b7c9754dff927429f889f242a7c33f0afb8d8951e9b56c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
364a75c60f1decccf70ff22260c621ae

SHA1
e1218016dc3304c7e338c804540814040943e9e3

SHA256
9d9c91fd7eecdce46a456f66e90d6594f3a6752722f6a0ca3ce7829484b3a47e

SHA512
16f19daf28ed2a851d66c04a5ae916bb819b5673cd4697e680a2ced39e1c0a895c2fa9733efa9c3a1784232e0ebd3e3f9c2d3eec29556c478827fd8df6d266f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6fa723a82d9a4888682dcab2c64805f

SHA1
6a706f05df6edc00ae48c0bd62241e0ead3f1105

SHA256
26f4e78f00efba0ccbd4c984dc5c68d0cf3dc816974d4735b48a826c346681a6

SHA512
52a80d0f47332231ad02d15a3c4b716baa0dd26366d3fbd2a6cd96203c9af589692d4da63f24421ae4f45008f7f51bb9c7e5c9eaf42ef50d33dd50d26ed00eda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a9538535aeb6c4b6d029c777438af47

SHA1
44374231f561558ee39ef8a748514b9477035e12

SHA256
bb5481635582b3c7aba57625f6ff4e383a422ddc7d1d4b89574af9acf7083ba6

SHA512
d140668f1d450fc6b4e79e36fb1608891e42a903e935d7ca8515d8b131d8cfff62e47fabb555e74431b07ecf1b13f1d8f5cce6c895dd34fa5c712d2d8002ec16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f3f906b786cb2629f8fe76cd5e3dab4

SHA1
9c9da43645fce3803071d4c4d9da52159f7a527f

SHA256
586de2a4d3e279df54758c2ac3be4b4a0012f7719c6cf19bdf8984081a5a181e

SHA512
60a46822201ef6012810c26f281fd0f3c30949dd26458187d703f66332b93bdf932dbb14303f877eabd838f791c182f006228c0e9c3509ec3988d9693125044a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47f9b75d2e4243ddd98c8bff7969374d

SHA1
c1f88f37d42b219a3ec7dd86ff1c38b329e391d6

SHA256
37d262b1e1b72e496290ca21c0065fcf0a263ace60fa3ec9aa9119f1ef3d1f74

SHA512
139b312774d7dba7461bcff47402813b8a42c3349637416eddc95d8aff67e41bed95dd7c06f2dd2de768f2a788871d2cc4cbdc07bad41ce9300bcb92706764e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80a28706743fbd6a71ae65d406378ba9

SHA1
92fdd20bb654a916522e262267b72576a06707bf

SHA256
539ca86d1eaf2cd820eacbcb3419711246257c3380455b1849fe14b4bc90ef23

SHA512
773b549404a9f5736b5baa8a6e0eb04f7c689fd7ad545e844cc6561007a4f6b450c213d8a37c834536a86b05cb566d4200395c355b2abaa03275d9791ce03793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee29200d0839aced3a2f5caf207eb9c5

SHA1
1a7944eb6700a8a2ce7b4a25c6cccbb2add9d347

SHA256
66ab1d61da6c01b8224b5086537258bce1ca776835a13274bd07d879bb26474c

SHA512
2ab259ab2f0458cb21fc0935d89dc01f2565300322a61f661d01478b8aeb611efa495f37869eae9af9039085a3128cbef63677497d79eec14383ff6af0c4f860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab512C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar51CD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit