cb8ac0f4ff16dd7794cc522bb8200663c1a8632fef8bfada02eb7126547460bc

Analysis

max time kernel
139s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa103f48ac1701bd019c39dbb4b3cfc5_JaffaCakes118.html
Size

141KB
MD5

aa103f48ac1701bd019c39dbb4b3cfc5
SHA1

0b94a79b69fc504c71bf06bf5199e8b851461f7f
SHA256

cb8ac0f4ff16dd7794cc522bb8200663c1a8632fef8bfada02eb7126547460bc
SHA512

a0da797e4c63f64200f4da56bb54bd2e8b63eca213bf443295587ca9d69d5cf0f120f77e13ad13a862ab4f710655646a173abfaafb099a1590ce7a17d2a596f4
SSDEEP

3072:SydufNx7dyfkMY+BES09JXAnyrZalI+YQ:SyduVx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424535516"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7FEF3581-2A56-11EF-83C2-E25BC60B6402} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2532	2156	iexplore.exe	28
PID 2156 wrote to memory of 2532	2156	iexplore.exe	28
PID 2156 wrote to memory of 2532	2156	iexplore.exe	28
PID 2156 wrote to memory of 2532	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aa103f48ac1701bd019c39dbb4b3cfc5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63da93be0559a6110f2af0953e6f30bf

SHA1
e3cd70bba13acca706b3f92c3fcf86bf308df756

SHA256
16b97fd259486a735b7f0158630b7a20e6538d17d70b1a612a78e7e31faf3d5e

SHA512
caa1482916e6537ca04340c6bad15f156dee0073376b1cf09c6aa02207c47aa7bacb4f6944b622e65bf7b10650fb41f5729e51dad808c2e102cfb7fce1689f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dddc7523c491000a142dbaebeee55c44

SHA1
550b7d96e9822407d92625c92f029491f328bf91

SHA256
06b72c2d883de966978cb15daed2b3e219888379bb0a2d40a0672305ff83085f

SHA512
a42b30c43fc9e78f80445d4d7dd2a1386cb21d62668b219e0255feb251d71f03d113cb8814ab3d45837a6cee62264f4a07b133810aa0047b307808636d2f0b65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d6a3bfe7c4270102a272297aeb926ab

SHA1
81ad552803a9f6833ff516ccbbc0e14597f522fd

SHA256
b7883af51f91622af6e4f6c45002ceb2102235e6c1deaa06094fc5b382ce0ef7

SHA512
38263638972fe50259aa3a96f06294ea2154771088a40b4450b4d2f11185785c1fce695a5e030550686d137b53a1db9dfb47d581e8073c586dc797f517d3dc37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38fa2b746b02c784a149659061ea9f75

SHA1
c4350d3febba8a40c19572bb2f5f78eff3635fd8

SHA256
bf8197a255c9aa74a43f810ff26082d57068d4afebdfd3720f822c6a6ca08ff2

SHA512
e1fa390e8da5f6deb843f1e8a631285b23b63a12a1299efdd2e21f5e09592edbd6caaf599c776dedc2607268c3a9583771181c3efc7e94785b2590382aa77da4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab42c74c3f02dd3ec2416194b16c3086

SHA1
751ce7cc43ba8d9947226894482ed80b2e6a5431

SHA256
888b61fb0cd4e309adf4214ddea4d7affaeff0bf3476e8efec32e8de7657a8de

SHA512
b96897b135b171d1a9443a22a127a2bda096e393566c512ccf19afb1f27bbc5bccfbdb3e56e46546e6ec72f40b3054be9b2fcc62a61b19592cc02d13984ba0fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26add799f26a15e30efde9d82a305d49

SHA1
168e18076589a45f52af3bce7bb6c7c3ba22f05f

SHA256
2bd36281d2cc83c7711bc3b075a05be3a8161428ad5a026400c32d707279a8f5

SHA512
9d87f9b5fb24ebdba5b06c650fc073dbe7da0c5e45a8a1a756c5704dea766deff87b5086eafe8cd0f579fb4f4c792aacb6da8164c9f0eb1ce26e8b0e01430fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
700c3078fb762131cfe1e9a25b713e6e

SHA1
5bcd1e116ddcf5f957ceb87ea8cc320f053117a1

SHA256
cd1c0d0963a44c90aa3da23c32b03a42b845b72cc3626ae10b825ec017e1d644

SHA512
e14f105921f3ae5a9859342444c954570572f447a13ab76a3ce551cf2893d4e443347625c3f6bb22e47bc93302e5be0f0b4ddda546d3165a64d2349a53a32f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95090b5c37a2d23f9571f8a786e959a1

SHA1
f8ff22847e62d1273609f6da5e2fb9482c8d2717

SHA256
4da990e5279d2a9f8db36b67609dc3963b54ce7f4625b9bece9add0d64ba1314

SHA512
2027211e2545a7cf300524d43f2c947b0e52c1e330d2b6a5817e8a5cbc58598830f2f1f000da35406ec27234b8c67f41d049d64ee99f33343ba04ec43efe78fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ed6c35004194457fa77c2a201ad5a20

SHA1
3b1e2641fa61ffa6394e2cd07c045bcedbf03729

SHA256
6d34587cdb72e4519a425875b6b6d9a3dc8de0a35f6f9f10ef1b32d02293a672

SHA512
aaafc5d1df0f37b8c18099decb974bba90950982b01e87f3002f783d2adb175e46c37b460a0507fb0814094cbd2570537e197a3915c1a8911f25202c709f58b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf495adff86e63f7d23ac3771ad0bb7c

SHA1
fdaa38fab8510e2b3b81ba94bfa1a6fc7af81a25

SHA256
a39641a8f54ca006dde1ab54ec2a5f3fbd0cdb9ff4251069c96addddd6632bd8

SHA512
5bf5458d2e7183d5486038d620533752ccae29446e3ff5642b1d7d4149b26208ebf3117490aa0c055be59bfb0817d48b016249bda8dcd25340349a46d8f982cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
405feb5eddbceddaec8c5a2d74a2f079

SHA1
2595248fb1cfdf1d269a72e7d5a10c74639bd9cd

SHA256
cf861b5578b15bdbec6a2d6d0bd274d3124c2729faf95a06ac0a0070b125e9c1

SHA512
c574aa0a189a8e5ed5bdf5a4c953621f453978b28396e9b4d543bc35e692fa92f45f41e7d9b12bd23ac684d477ac2ea991e4571de22ad2fed034dd005435bad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
446aadb0eb297fd3ce36aa876b35259b

SHA1
abb0f4f0a5b698531d869229650f5e3848c63df4

SHA256
b3771634d7463331af9bd6c214a5698ce73c17497b99f1be0c4a64c38e9d2041

SHA512
174f6a0f22feb3bcc6367848d159d8a35126e6c195984b89d2795f3604245bfe185fa58c72385711af823f588526731e7ff6dd7c218e101f17c26ddc6bce90b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e8b49d04476561f07fdbfca6881025f

SHA1
34b89fffe10c00474a3e7c4c92a881e9fa0714fc

SHA256
d4e301e50ee2f19a55bf6b2de78b3d26aff36865eec78b7245fc0278a8a5fb23

SHA512
e00604bdbc43da6feb131ec1f6bd798a0bcba32f9910fc5b6f1b6e735b33cfbea72f7979ea551fa44807c741730657921fa0b70fa48aa29f9cdb7fd9bf6c51a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
470fd3d6d73afd1b9316d1bc4e69ec76

SHA1
67cadaf561fde62ca3693bdf890150473397425b

SHA256
0e7923dd081b0828a954b287309c096b6a07b13a5fb02a1198f04d095b70509e

SHA512
3d4e4a8227b44728064559986ffc7dfd70ee4ea588f4bf307619d8066a10ad2f65fcc2b82468a702ed8ff90b396ff1fe128812f1609d469b11a253af23fc0969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236a37e14b1da98af46621bbe370f5f0

SHA1
07af3a3b060f653bba75877ae451df27510f7b25

SHA256
8e5a8e1a569c276aca84aa34479a99e475325ccf43ce1a37e4f1dd78d7df0e12

SHA512
6f707d01428c982cbea682ef1e987e36f5d74b4e788034aa69591975f79c2ec38758c8c5cf3e3e41fc8f7b896184991b23e5d01bd2220f89ca1616c3c0a090c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
218bb0135a43c132590dbc249ee13712

SHA1
3ed37de7dfe228035f1d9696519eb3e3e9ede46e

SHA256
750d0300c815a975aec16307b8c6087acda99e5102bf37bcddde4a7908c2c648

SHA512
13f18a069756769c4eab55c79ebd09a8ff7b8c1324f710e71f0999d3b241f5146617dd85e9b93ed5216d4959d7b71aa5e09fb34934a56d4084639fbf0aa2b5cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d76a15cb7fcd5be7e5988749816e29a

SHA1
6e787d4336a28603f0140993df4cddf7a140a988

SHA256
b6549d7ff84adda068bad33f5c23fe4173782dfdc26ecca82a7539f82d21a77d

SHA512
02b5fcafe9610667ebea942a85d56b0b59b0a4a9e0ed9455ecb621bb0e851559c5a4f848a3b208fa07c79d6899a274a4bed3b991ba664c39fa8e3581edb5c86d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63b26a0ddeb5b0d78a3744709e1286ab

SHA1
f1da121b6016810668fd12aef1554051c84da7e4

SHA256
06019ae2eb57d468fed5d8bbacf7a7d22dbf452ca9be68c0b667636d72b84c16

SHA512
31b0a6231b390f1dccc0fbf1bc1f816e2acd22e4aba65a4594fa83bd55d9a90204b43303cb503ed1de2434fec1211504a4037574a4a5b0765e4b95e62e90b98a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed88ed1580d8ff2bc85acd605f05f505

SHA1
eac0461e13ce9c7b2e30c9681f1c40dcdda395ef

SHA256
0bf28c0bbb5f954f88b4c4eee005ba49b82d43c09d337887578842b07a1dc682

SHA512
6ad1f4b44e1c9de9a4738e117f8e06c78c689be89407d37c2145b1a92ffff4373e461ff52141b4c9bc8a2ba86045787525440953239f4e803027b1f3907a63fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22CD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar241D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit