56a6ae8787a950560c107ea9ce6ab334db6f689dc83b9864dbe1765c068c04c7

Analysis

max time kernel
67s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aca70922132f6e072921dad0c93be137_JaffaCakes118.html
Size

139KB
MD5

aca70922132f6e072921dad0c93be137
SHA1

0882459ae113a60e1b7490e8b3940ccf644da346
SHA256

56a6ae8787a950560c107ea9ce6ab334db6f689dc83b9864dbe1765c068c04c7
SHA512

8d9f838e9ba3616e34d07ca607c80ddcb04ab39616e97188affe13c9fa01731f7d76054329eefa9f18f4fca9ccc7f025b9a1b91f667a1789b4f8714f8fa34956
SSDEEP

1536:SP9rgfhgjl0NiyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SPQhgGiyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51A74F21-2AC2-11EF-AAC6-46C1B5BE3FA8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
920	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
920	iexplore.exe
920	iexplore.exe
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 2888	920	iexplore.exe	28
PID 920 wrote to memory of 2888	920	iexplore.exe	28
PID 920 wrote to memory of 2888	920	iexplore.exe	28
PID 920 wrote to memory of 2888	920	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aca70922132f6e072921dad0c93be137_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:920 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb0a822e46fed7397ccad9998c68b109

SHA1
db92031a4b19789b8b8d5792eb7bcdcc1acb798a

SHA256
134c5de98a0ecd389f36637592e40ce275ec411a7799bc49e7295a70af27ad3b

SHA512
e55c5d619bdca4ca2f94d7df0083a2b3cbcb7172616bddb96b4d482cc0839ccc3684a39f541740c411b981fa444681aa84afd17c8c72861af2b3cbb5cb8573e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae7ea59cad3c4f1742993c8f7ed004dc

SHA1
addc70a90734f04bc4e025a2b0f6e935faa35d77

SHA256
c5407598d7a030402840b1afdae57c13145b21fc8c9ff714345c3ed2f49b9a72

SHA512
373bdba39171108dd60657521ad01a6a109ae1e31f58e72cca36f33211e5c95c84d944df89e37755111a85963a2bf8c016c5e71756aff223b33cda47e2d6d591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc132230bcee242efd567d87b7660e10

SHA1
228fe15b0a436f03e624b7290846cec6a9d3e376

SHA256
86bb7687769829be66ca0085b93aef352449720c2ca73b0fc5eb1adc579c305f

SHA512
0b810a0e3f9725f116498b149bf9cadeb58aedfb9d9c1b3d6f0f21dcff13e91f5592e5f639336f4f3623fcf20fbfcc09b2b76471ad84069c478fa6cf670f4b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26ee8c789480dbb7cd5ce0569ca8c780

SHA1
f1dcbdf5526f370e4c603e70512834ab15301364

SHA256
ad3f99af16bcb017241a1dc72c59744293db92949901555d09ba22eba375fa9c

SHA512
45a46e448fb509ed5d7419b66520a63c2adad2f45fc8d70b65b12f04c343e01f0c96bbec0329e78ff36b09b01a61ece307635709c41fce559e5a9d61bfeab88f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4e7f7e9b875b0531848a887dc8bb587

SHA1
51e09da4d819e55e18eeea14db2b4296b866c3c2

SHA256
5935324f932c46a87b61c53354e9c9de66ac94ae5a8728f63c661da29ead4261

SHA512
242108f1107720605d86af293b761358da4e868a5940e2df772f3fe8e34b02535f350f81ff41e54a23f7346ffd4d7293df9169831c3dbf67bb37d74dd559dd58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05cde13a3e42f98d8bdef608279714d9

SHA1
b5ab95f04739916d56dae792299a2f2b37b8d1b5

SHA256
72247394054c4064fc5a9507519193f979eaed32b46510e45ab1b7f3fb589020

SHA512
b51aefda70d370e8acb43825092a35c7dae800a1042861453dac0f145b4ede5b4f169ee54e0ffedb2891f03a01551d98ae67796359aa32a6ee4b6b097afaa1aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64dbfdbccd59e6c770d12dd7fd59f41d

SHA1
d783e32b8a77b58e4251226a7052b1a12862f5c4

SHA256
ff3acfbf22adc844fdc8a37c2def599be17450a7deb7e6981daa2930685da85a

SHA512
7302f0399fc67a97faff6b424e6ee115fdf0bde2355ba46bc617596308a573e08d6c2f260d86b3fe0070dfb958d8840a24db310a240412377825b514090bce7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cada4d8356e38d5609f5bf6d461b1de

SHA1
03f92717290cde2d6a14c612a7e082f606da7cd6

SHA256
7bcab03f65a5f5c0ff7c29708f0ab148ba0c7c1426b40a912a41112b172b15db

SHA512
cce082ad37bee672c2b0163d0a4b2a23bd5c0e6cb89c99401930daa04f3017634d9d41e4b4acf5360071c0381f21ea3bd4c33542d952eb172f7e95f1a6f5ea9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8e376dcc0bd662da2e1af9771a9ccd7

SHA1
6977482586efa1055a7a11c94b1a4bbac2aef437

SHA256
acfd9b1086859fe42d88bb772292faaf475e0aecf8c9bac030ea852c283f20dd

SHA512
5fe594ca90c33d45e7ad3cdb82621c1297b93a5c207417002b1ca4b1ecba297c892f9e1efaf0b710c5b6372cffbc57f6b001cbc82d1460fa0ad1a16b7858848a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fcb70433bc524b66fa3eb93d3e5c6c4

SHA1
235d057cc3b7512b5c2b10d741dfe59fa9c922ba

SHA256
c4ba56057a9b796f97b25b4c5a08dd4a9b6fb5fe68930fb54bca6d1c03daa3af

SHA512
ff18e14f9f5ac504769b5907f3ebff385259cef03aab884649bdd665dc299949daea3db43b289e9a07db602ff80a3d99c80fcbdd43521559c4f2ac27b97e02e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e7166630604676fe841f3556f631458

SHA1
c7a58d83999a4d0d61207aab478c9fff5204fa13

SHA256
961ef52d9ba6d51eee012a2d65f8ff36b561aaa30b2563086e975539de52f900

SHA512
baa0d482c48429d01905e764812a998acda49a0e77208ee25099ccb0fcadac89454df5546b8cb6c3057cc364b01afa60ac32f9cf03a349e51fde2143445136dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abd1a0116a0a5dd6e3d4c16725d985c9

SHA1
4e33abead9e2b189839586f0181b29e75576af55

SHA256
2b359c7152ade07c63f34a79eb98164eb53709d48053f7c84225684f956bf2e2

SHA512
36f3bcc7eb1aa9faf5075b592e6169d7be3527a6e32dd0e69fae73598cb85f29f0d40f1e5aca53954587ad51d6cc9cb74af9d6c87321790cd8e2dea62d235850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce02705ba33ea09abf61de6ea988d85e

SHA1
17a7ecef39602cb4e218b60f9e1c96ec56dc3adb

SHA256
4471872e7cd6cc9a502a477805703a8f619dc974fbf8bdf9ea0ddef566d56dbd

SHA512
0ca2876e756db78d1f6b9569037ec630381d3d69d6115514282178a5c686adb6151816b8dcd204c3c876fceff45b51a50da45d670cdbcd63857e92d7ae0751ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
366cd30aee1b678f5f690f28e092ca5a

SHA1
0c39ee8ac1ae957fa528546268161e243181c78b

SHA256
de403a4bf20679e7d5c885ba30fa236652876aa0eea1dcc30167c65b6fe324bf

SHA512
7e276d29180a28f75de8338ec86f7608930661a9c4af9172bb4861122bedb04de5a7d3b1804f3ab53c2e535e8a797ba353fc341553f7ac36b84d0cce29b23e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ddf8b6f04e29027ef0b58c81804be0f

SHA1
bc86116e3d4febf34307c54ebb4bb9b493bde1f0

SHA256
b63799a040acb23e619d08b9314afa716ede1dfaab94161844571c9164e42d20

SHA512
09ac1d0f2b1d501c290ff4615e02c4289d0b85e583e3fea0e4311056b21135d627c5480ba3640c8143eedf3a1c48bd9bbd42cbb4e6f9002e8265904bcd61f1a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26d4b14a50647b1e5f8610ca1dff8e14

SHA1
b00536b7d5ebac9a30f0b315e552f9432dcfe921

SHA256
89fce0d027ea23ebcd0bf6ffb159ba6f726ba5fee9ef0212e1241ed227f865f2

SHA512
ceb52631985f2a2ab87562856dcd63e5903416cef7f670e06dede1b0c42db4efbc165f3f1d363dbb19a1a6caeb6180b24b597d3e4ad5054b81d5041411d400a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
914fbbe018c7d924cf7974f325d6ae32

SHA1
8a11dc9c8428d52659c9092701618bcd0474b515

SHA256
4805044eeb1517fa85b205d60e25e05f29fe20dbb6583400ea45ee6c65b4b7d6

SHA512
26e36aac5445c0d643117f3362bb9f9b2d59b47042c5fb443b8a9b31fbdd63df90640372538acf17eb45c1122f7e831cb8d23ad11bd1cb7242be1418cefa7282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae15d874a8d23593862c9ce13a0b4144

SHA1
1b0ea39915d34e5fda6279d725a11b771b08db90

SHA256
fef0db5f4b667330bb9eea0b8600c50f8e97ec97c391175ac89e483ed4ab4738

SHA512
8aa6e9c9f1bd8a9a25ff654da03dfaab28fe2f4210ad53a58731722b6aa63dc77880a1b165658cd2beea0e3d98f4ba7cc72d9d8e04c29186fea27f20d3986a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d483e8198f42e8722708432fd7fa59f

SHA1
8782651a9c8b9f98606ccfa98444f60b4d58d60b

SHA256
15aff265688470497d03402044df7425248d75dd2e0d216092816026bcb67b10

SHA512
4512fd839d97a83fbe1f403dcfc28a10c2903a09b957d3c324ee6a238332585122624e129cfc3d405f357a5d3d1d12b031d1b1e6dcf8f8745fda6010ce1faaa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5B98.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5C49.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit