d7132e48d3bb5e9bf655dec861568a2d1e42680795bd025e5220c5476a20d112

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac55889fba32e54b76c7fa59ce2d39a5_JaffaCakes118.html
Size

145KB
MD5

ac55889fba32e54b76c7fa59ce2d39a5
SHA1

a32d7ff89e00dcd1fc23f12a9cdf065f9c4a8bdc
SHA256

d7132e48d3bb5e9bf655dec861568a2d1e42680795bd025e5220c5476a20d112
SHA512

5222491dd1035aba91f594a2e2c8676de90ef54ffd208f35c64bd3bff0fe8a28a84c66dc9be9a1d16baf37231fd379e9675e5eac43682a58d7d2550a48f13cbd
SSDEEP

3072:SLOGDy/x7dyfkMY+BES09JXAnyrZalI+YQ:SaGW/x7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4213CA1-2AB2-11EF-9CF0-C299D158824A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424575170"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2516	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2516	iexplore.exe
2516	iexplore.exe
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 3028	2516	iexplore.exe	28
PID 2516 wrote to memory of 3028	2516	iexplore.exe	28
PID 2516 wrote to memory of 3028	2516	iexplore.exe	28
PID 2516 wrote to memory of 3028	2516	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ac55889fba32e54b76c7fa59ce2d39a5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c71d6e92f61d0b50544469f7270f2781

SHA1
706db03cdd3b1abc660bfe96888d65d336d8abd6

SHA256
d8dc087e75dc8ff3a1dd1f12c35b3da1fd2c19715e6e6a40d94778adb6aa77d4

SHA512
75e538ce9c09da22df7d026f4ef259d186605d3a51caabf24a739bd73ef73f2f30d1c875b90dbf769365bee3de11cfb07659eecf48cfd8d4fe9bea70d6647951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92512233b80099e847ce8cfb67c19397

SHA1
03e7cc3b15eec9bfae3a53851d6a905ceb24043d

SHA256
82b9f65714897e40b4ffeb60fb3a20e9df2d90146aec3af0320efb70880ec3ef

SHA512
79c2453a00cd4076ace7d15ca0281ded18f69665941ffd83c8bafff7a22340d07d103003e250a6f2496fbe3bec316bf5a5e5e070643096c536187aa6020923a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5ef22789cd8d95d7b7b0ffab8290255

SHA1
66f7c9e992df78bd18cb6b0bda8b847b055c0ec0

SHA256
a9f89b8e463890443d0121c48bff364101ac16fd1c9e20fc1d4b61dbfa17b9cc

SHA512
9ea6fc3df945530a4f3a11921ebf6714e4a391942a5c5c26264099be46129763e1708bcc0a0f1c13f84a7ab09dd4038e6ade847797035f2160803c37d8eeaf9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5cd904c55d97118e5c000857b286f20

SHA1
bcc3f4bcb29fd195d4fc00b63f2c729731078534

SHA256
5313d31dd9a7c2cba5c335ad90cae57dc6c14feda52872d919c71c8e61031d96

SHA512
f68d483b63f6191f2702416fab9252de9bf12f3e04fdc0fa8be5d6cd2c579c2675ca836f62cc05db09908bac71f1cf497c3858c11b27cda8281e8ada01e688cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70a46912a878c779be0a86989492c982

SHA1
655c8087134e76ce8120f58f6c7c007b189ea586

SHA256
0a7b7c001cb095517f9c463becaa834a60cc79c9a9138a6d740681f626cd582f

SHA512
82735dd508aefbf533d7a566ca135304abbdcc59deef9977424a63dc94061dbaba4ae2918ec0fb0721bc6517a4222dae22f3106a379e335b3b558124db219a83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c9a05184492d70ccbd92ab214105fb6

SHA1
1d7c02146010b32a89cb98b90f2c9516124021c7

SHA256
dfdf9751876c6b45ba682c07f3acb5ad1d0a05c00e9313b98389e38995c10a7a

SHA512
72f967c54dfcfdf20e90f8500f3ad7ed2762180685ef55d6b382ba101942e36368fab4e9afa7f33bf6f10bfdbbd20d5ceb909cff61bd0547d729e98b68212afe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3daa85e9b4913d2d32696591c18988d3

SHA1
6e86809a9446e3a60002c329d241055dd57c2ed2

SHA256
4fab7f6cb41859e3f5edee59389f0fb9379cb9bab8401df4d1e1b31da062a467

SHA512
3167f788404477d7d0307c2f8cc4e798fca0321a1021562175276a1cc276a1a6fadc569c0a09a8ab7c11fa11c0ab5dee7f54328896bd6b5ca4ade0d2ab6a78aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93103a81b35c6b034283c1909cdaa97b

SHA1
74a5f2e56d911bd69d63b2ee70a3f1e008fde2f2

SHA256
4cfe8b76d11d0e790dcf34bc4c3df4bff246f9eaf510ec04813866988f52b9df

SHA512
6e0eeb42e017e186161594f7fe903d6d77924b04f74cc1012801c94d9285d82b97340f6fe40a6f45ea216743bb5cb077f5022ace8d7167bc458c6c6a2fdd2258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
663a9e0a14272d2fac8865c09258d4c9

SHA1
f1681b738a9de48eefce8cca36dafdd6a5c7821d

SHA256
1553b0051bdeb8e98ebf84ca04aacd73dd1180b3d0c3e430db0c14608221ea08

SHA512
be5728ad8a457435e6636214c5c39140ec71456fefd1c8dd3fc5334ecfabe3d1e321e95c8c69a91bd75938a8d5c300c6c3c3b6309b1b8c5bc99a4c27e2369930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a40f5fb1275971256d1ecd71b093f8fa

SHA1
5912bf7689f2a7fbe9883bd05d6fe66498ee9968

SHA256
ef0f6abce36c7eda45ab36f0b42e595d9f350280d0651b9906cbd8b653606005

SHA512
93fb42260631960569c459b999bfeac14399e8933384af4c05a21e4ce876728b84a6b4a758392ab7e23ebd110c8a78a34dabfd1c87a5dd54d2ba4e773ba3ee96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da36fb7bd2036bd6842e6bedf74857b4

SHA1
36ac8331c2378d223ea095ba26ed889a1b591a07

SHA256
6b2680dfc03dd89fa09702d2c799fa5c5595b3e4cbd80d1a4d835ee4114a459b

SHA512
a4856b7e4e2ab5b8540713503c274d282fa24819c5f79215e366842342f00a719be6656e55820715b63f648eab71a6e5a53bd8c84a5c1d52685d2776c6e7ae53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3db46dafd22018984572a76b91a7cce8

SHA1
5e10257a0fa9f40544f26344ec4f25fb8a6a8a66

SHA256
1ba03525cb45a0a71e9e83c952ac63396f7ddf9fe9430ae705646a93c848d359

SHA512
d8168152052af7e4b742faadc29baea179971f7952f1014388acf2ed693155f4993738ab41b38ff20edd79dbe4b1f8713fae4101e595354cc23ca855094c49f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d467f3e5ef2dd71fc899485efedc4591

SHA1
777d95646fc6cb2f623c5242c4b0ba043ef2c09f

SHA256
bebd5146753723b661277a3307469367b28ff1ef6f1dd6609deee114a69c6ae5

SHA512
b979418334bd72435a21de9f9504136069aad374c6bb4efbb93ebec653a6fe11b4f9cd8fa075edaa43948e27f2c6d047d890c8888db0472869a978e4ce12a320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82df796c9e4faddab73d107567cee7ff

SHA1
af68b7aa51e6d891215821ba69862eb4590ab11b

SHA256
044244921e0d74021675f63fd3c4aa6843b230898411eba6f7f298c88c6d05c6

SHA512
6c351af2d01a7ce711bf57eff642e72bd29a8aeb41d38738100a878bfe58b8d86e37e38427d5c9e811d2b7e7c5f00cb3f53ed8d00516a7fa57e6bea3b9261073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3834e5a6cb9c1cd6e6a1745f7bedde47

SHA1
5c5832debaf00c2f3706da58776c546b8acc5348

SHA256
bcf745e8e035cee7f36f2e7256b14e2acb2787125b5026f88fd9c332d9cf4b90

SHA512
2a1290a59a71ffccc09006fbfa506a1e475b4e0c63fac41bb8385e0dcc87cd3f485d2f49b167ab3bb816ff845e42b316d267e5cb09007b1d44317699ac51d642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f94f81cc303d428c3b266d75438108d3

SHA1
d3df5fc7ff501f4a13129bfc1da676518bb52bf2

SHA256
72664286713e94f981af5e5808a518f8438d54f41a5f3a22b3f4adb9f3e213c0

SHA512
f88f8901b63c76b447d598801e13310975e1e505e7863698ed5db58fbf7578bfcdefac4c25da52003e40e3ec1a861ece19b65785ffa3fbad8a34f88479477fe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
138f405ae199f28b6b94db3b77636d20

SHA1
6fb8795df5c2dd91574a123d7fe7882563a9eda1

SHA256
20672757685a2aa93ed938c44fe8f17e29d729ddd51dff32a9560ed5a83a39d1

SHA512
8ebad4cf9ce6022a7684e14041074880db969b8b2b665d1d92294658718c60553b5645eb67906abf87a0718ae12bab8e7e14246fade1e263a9e7c7a2e9bb5e5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d9e4f0cbfe7466b87c32c41e26749cb

SHA1
efe49b3fdaca86e5ac4e542ef047a74bf49812dd

SHA256
bf1436467b71b3194d9918a2193c2c75e8aabd82be82fddb6e1cd171cdacf9a9

SHA512
20a0a4e7a817abcf83755dad81b3a96b68285059623f785f0b70d86ef72a406d12b2d02e0a971eb65fc853cd4ff63cafa258ec15d224a8e3f9076d611f2268b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e18111fbcdd19900e81aa7a34cc2339a

SHA1
9f973d69c10b1cbcfb9be8ccb1221d091511f4d7

SHA256
d4435519af987eef5e1c768720828284c25b431e3545141a06163656bd3381ff

SHA512
7938f7a05c29c70ce6a5ee26b9972dadeaa3469f4a461c9979e283213b568a04399824d9828e62715b5b10e1bb2281a5e7537bad3d1e42e8caaeea9da6738f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab560.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar622.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit