62df74a0fccd370333d5bf5e283d35ace1585e649a01ab7251becf67038a9452

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8c40b833b6ebbe6bca02375caf93381_JaffaCakes118.html
Size

213KB
MD5

a8c40b833b6ebbe6bca02375caf93381
SHA1

fe37638325ee435f93cab5f69d5c6ab9c9cad24a
SHA256

62df74a0fccd370333d5bf5e283d35ace1585e649a01ab7251becf67038a9452
SHA512

d981fec212eb0ea33ace284c15ce2019e2ec73e662178816ddbcbb6b38077a095b839753a05ad05f05f13ad58bc778d8a1f052a5d2f276cd97dfcbf501e34f50
SSDEEP

3072:S6G4c5TS7jkwyfkMY+BES09JXAnyrZalI+YQ:S68TtsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424516089"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{451904E1-2A29-11EF-9340-6EAD7206CC74} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2920	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2920	iexplore.exe
2920	iexplore.exe
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2508	2920	iexplore.exe	28
PID 2920 wrote to memory of 2508	2920	iexplore.exe	28
PID 2920 wrote to memory of 2508	2920	iexplore.exe	28
PID 2920 wrote to memory of 2508	2920	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a8c40b833b6ebbe6bca02375caf93381_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0fdc39bd19d1eac3b97baa588b7d9e3

SHA1
a2fc7173be8c6286392ae0276499b21a58cc3006

SHA256
ba4c652f645a19278916280c287a06b7a52a94e27df229cada347de18710bf9f

SHA512
6f330fc5aab5e17e4f2f855b4077b25a7bc5dec1e4e9a742f5d86964a0d209a1365b80efec515e3d1187e8bfb7634614b29e66cd63cab93a6cb0b2ad0235963d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d899f3f82a8224bb251f9f23ae38d9d

SHA1
6b6ceaae5e1649efeaab2c84e79b93428f1ec1bf

SHA256
4666d428b17688ca72ff050d5574374cd55ced795304651724089ee0a298e939

SHA512
27d9dcbb745fd9bbb8c194d94027ee71a363b1bc546892b499da5ed30f0a1dcf90a64af9c3f036a185943e4e32a6ea154ae83b1629d43af81eafc5cb719000a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b097983f95bebf8dc397fef7e93afbef

SHA1
3ac44096d6d2f8ee14b03c3c9884fe0254000be4

SHA256
db95a1a6f5f7ceb05f8b6cd797321b50a59d03992c567908b2d5199cb91bb691

SHA512
3f82f20ce7763c1328b91ceab4b48944a03d351b246e7884074aea2f3ceb37ac0d8b950c7b158cf0a2c8030ef36621cb1187a45637c0067122b0e5e7121934c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a996b3962216002e86cdec4674565a34

SHA1
88c0d8cc6dd6aa5291875cc276bf9f9e7f5f4a22

SHA256
5f6d78d2eacf45a325aa26293c8fd6c16cd84fb1bf4d053931c9be9e3d1cc494

SHA512
cb418b802092342e0bde815f4708b4044e9b141aaae56052d8a2812d26836605c870f83e9a933aa466b9b02ca11def840196ddc0f0f673870de88af5968c2aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe556ff42dce640d493e243fca22762b

SHA1
4d31642f3537105c72762d100dd0cfe4f285c3a4

SHA256
1a8647404ae93151d0586c38396adf7c29908b91aee096d4d41cdf05488723da

SHA512
311c37588cb58f94dbf291442f2032d40e0aba86b0cc0a75d60d987e3109ceb09e188876dc73adfbbe6f31a045ea2b30941a051c82482f5a9528388149448924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e33aa693c6ce07c379c80834cf881581

SHA1
efb04d6ab902741edbeaecb623f8e75133934908

SHA256
5f6e030c354d232a42257f67db821bd9ed6f4e2772ad6e0a080e21aafd58645c

SHA512
8be2eeab18fb2fa6166fe166b07dc4c255e938483d0ddca17e7fd853e773ff8b13b9db69d857592a068edc346639708c89ffde6fe2b729602b8606048d51fc57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4f9a1eac2f36e35ed0298a3b8c4e606

SHA1
c5172747ac9973d5889a62f0e6608ccc80634392

SHA256
126a49cb2584e01c3b4dc7ff7c8b0f8b4a4c9bf63c75994f9433d803eedec009

SHA512
f625c50d584bcace3edc9752f4ce624168a5b3e92d17b0a5b00eeb4899760ab41044ab7de1daf8fd258c8348ecdf66bc8fe7bd49f6d9e86d42974d71900ee82f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
043d2c3a21303b3884632c0323087266

SHA1
b1e1f03f25ed9a3696c7bdd3c11a15ec966cf706

SHA256
11dfcd41c0c972f80a93aeed2c83056d1ff9448b4c5cec2a7ba420c4ea3462db

SHA512
0f32469003486ea42ed63bfaaa5089dc2fca71987973aa23c6e8c250e47267829c6faf7ed6899f6fd8329b192c3bfa662749aab3528fb17d43ecfaa7815f8a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69e19c395c229ffa6eb6f4af8a92ffa4

SHA1
b1f6e76c8ff6338025300edf8141055930bb7fb2

SHA256
9780e6ccfe14b6bad3e56c852aa91b719fe91d4dfabd119315b3b2b0435ffe41

SHA512
f961a8d945438893c247e35e16340c9fdfd0dcccff070fbf7516c8d2b907ea50e874bc2731bbfbf03a843594ae948bc438cb58fdfd8ac893cd50fbdf45717f46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f75ad365cb89cc1d3ceddd18de5b792

SHA1
1dcd4e7710c40195b21ca47d5a7ac09423b9d958

SHA256
70412dc420116cf8c684cf7a9a729994d1e250bcdda6b95fa9bd3f3c5c83937f

SHA512
93f3f14cf946e772e844c4bd6c242def4bda46e6c846a166b231f709eb41beb21f3b9572cd381ba4a2c999d28a31d1b3242e64af46249cd6e0f3c8e787e2bed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b8f0c8717e3762f63539fbceebaa50d

SHA1
6ef48230dacc7955a40bc81d95a56a05ed40674c

SHA256
ad90c407fdc5a873c20dfed6e35ec2a05988e8b22514fc9aed327ce94450f2a8

SHA512
692215ab67f4214e56165c7fbee27c2536ea51b1c5da07058850aba70af7cfc93e650dbf5958655b103051ec7abb0866b0196dd657832f0b82918af1ad28e07d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ed98df86621de972a82b405947cf9b3

SHA1
7c8da93f8e456ef3cfd3783adf9ef1cd09d62410

SHA256
6bece38979dc5702fe1ee79ef54a259ae3cbe8f7c2c064c4953cb59b343c23a0

SHA512
fb5e2d6b53badc75d59feb27a274e89abdcc846f04f57558cc84380df54e92caf80a77be1f62a6533480f2ca6ad736bbb7b1a751a7427625be0aa805ef6c7f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b39a48e11e3b188b3caa10afcf287dc

SHA1
8a4aaa353baaa82454904689222711bc4197eb79

SHA256
1f231f7392c8b07a065a8c1e68f7f24e4a1f553880ccbd4c393ad7de609a524f

SHA512
6499f14cc618db4fba0f067e5bab253917bd7ef87ce3ef624e9622d23583bf33611cc8920e50829ec99f30ebee0e3b756896de3c6689ff1cb59501b50cbf7c53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b302eec7f76ae94b0b21b4e8a4c8e8cf

SHA1
930d27c04d4a6ac6e4a3230ebf41988b6ff1228b

SHA256
57cad64c90ac45ce3830f3369f9e217bb3b90d2f563014b96864098d8bc0ac97

SHA512
c59ff9c7c55be6c1ff4beedb7a93fb1f689a834756f02c3e6c8e4ee69b6949fda943ebfc1ea5f6782e722e7cd727f0b1fb3e8c41b0121154057072128b114fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ef91ed679b4c92b2d18be0bdbe59a6f

SHA1
149383fa5ff2bb0652735fce2dc28f26224d663f

SHA256
4f6aec6c12a31b731beb0a56ead4b85d5bcd967acf9cba26fca2e04a28cc6627

SHA512
97194a114c43ce18a15441a7a53333d42615e1b4968e34f930e4ca017844a00eba954bc1c8f835be228e048c3b1597461f0b3bc3d4dd6fce6310c93ca972e6ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9c870f6815c918ba48156de73e84195

SHA1
a1b32e67fa39e6f18d32e7ec3e3ddaf9efe69672

SHA256
bc494bb64fb4bc14cf3b192199ad3474fc8a785d329bba544af4201c5316f829

SHA512
bea592cc73ffc622f723f6a2838c3960d446a1b4635da3ddbeee7cddaaac425fb1f321151b5663b1f6d496c09bc847fc703b62e5ea9a0a12b5b35819bb4bae2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4512b4ffb734eceec097ee3a759ad00b

SHA1
ac10abec714641848bc60f482bffff157461d15a

SHA256
beca697e0480519e376e61fde620093b380b5eaf29a6a368de697c070f44ce01

SHA512
8be66145a0cf269458bd1ccbd3df227893add94f261634b4cef8e09a6758916232cc16f2efc1ae2b9192ee4577e7b322172c479e328951ec32b3ef71140c33ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b38d46209ae671926c256a487d9c38b

SHA1
50f8b4a8446065ab8440a34170367ad2dfb3ccf7

SHA256
4f8063b8bbcc2432356f6fe0aabc800ff49af290d9f494632f735a10a1e476dc

SHA512
3dd16ef2e9a96f5e02109c88285e48e3085e712d960402fdf8c4d6ae60907e04f461e59918dfb0152ea61d2b06265fd1ea44a2855946ffe09b69346e8510215d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83276c5589a229ea6775901a69b752e6

SHA1
eea6e9120dcf69926ee1f1a16f21785f8c4d4408

SHA256
2389c597177fb1ea2677502fd230eb4787b9750e4271884b999bd8f4a4dc8287

SHA512
9ab686797a907af61e39913a01770ef7a85f3c6ff24bd9121551f3ca622bfb3bb42abbadf985d28319f9dadf6947b25240869973659a0a25e5d8895e9551f3fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10C5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11B6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit