d8d7a5f1b714d3368c7ecaffe796d0bb0f598cdd0cab119e23d579a74947085b

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae3a72a2e75a6dfc26e2f437a6f323b3_JaffaCakes118.html
Size

227KB
MD5

ae3a72a2e75a6dfc26e2f437a6f323b3
SHA1

d3dd243fc5b8d14fd0eba25788bc13b906497a90
SHA256

d8d7a5f1b714d3368c7ecaffe796d0bb0f598cdd0cab119e23d579a74947085b
SHA512

4b448f0507d1f3f8e68319a5bf84541f306d9ab229c44cd6353f1b8a3e1d816b17f625e4ce6ce96d6960cf6c7d18a772b8697c8e7dcc0f8c32816deecef803ee
SSDEEP

3072:mrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ1:+z9VxLY7iAVLTBQJl1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32777191-2B0B-11EF-8356-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424613124"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2552	2156	iexplore.exe	28
PID 2156 wrote to memory of 2552	2156	iexplore.exe	28
PID 2156 wrote to memory of 2552	2156	iexplore.exe	28
PID 2156 wrote to memory of 2552	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ae3a72a2e75a6dfc26e2f437a6f323b3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
77e1e4574f19b6ffb006c87b00e3aed4

SHA1
849d2717d7d90e89c9af5b9bc093f307e3ddfa6c

SHA256
da94da32ebd8e916dc8ebcfd2ba7dcb592fb427f309c0eecbd928fe497b2eb62

SHA512
794a0dde95f471c69fbc3dcb065b12319646f27347b83fe13688a7a980bf7ed56dbc5d106a20bcce27a55ac6c79e620f866f2af2700f9f6036542d6c402d185c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6a2ede1aab76706fd807377ed6673a8

SHA1
cff5797045fec259608b047cddda16563391a04e

SHA256
3f399bfc9481d8aa060d777e27f5b23543628945f868ac31b86611baa9d35270

SHA512
c7d7075044c86e31465af36dc2a9a25f218cf6f99b406a469b1b1f0bfee4e4e78e53680ad24c33725faf0919ed2dd4d1c649d6872feb7ae494fe026e4e737c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2694750bc4623e43b4bd57e8c7e5a5ab

SHA1
fa56f81efb55f6757eafeeca0e0b9bb98f910ef3

SHA256
a823b880e3312397d14198ef4e71bfcc847cbcf50cc9a83cf0ffaadf98029d67

SHA512
e412661076fdfdcffbcaf639a05dc20a750c8c215cd95ce9e0d63b5089c2ae000248ac30fef5aef8fb3d0b2c52d0c00a8869cc38bb5448e937dfb429bfc6e25d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
854646dec90bf8f1f1b9e41deb365826

SHA1
5c96e73b87ddaba312e646a071dddb40196e186c

SHA256
c71255a1dcc0947e523410fffe470ba206ce696d7bfcc12413b2bd1d8143141c

SHA512
b56b8b54cc87b0e253a5444ec8678fdf241b92e11f56119f3fa3cf9939f7e099278ab09ac89b6d6b7a479162c3436430dc4d183c3964985f3ce2824ae09a270c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5513d7939faaf032ced53647f505614

SHA1
363f3b7247fdac3121a6ee538541979aa6a5b950

SHA256
172614993b5eb313c74c607859150dfa3056d39fbe32ce36a039051a09982cdb

SHA512
08a502d2f0e641faf4f63777ada073e3d92e25de6c58b2ef79de1d288c24944f6da07921f21cbfd8083a65131cb7153fa360c66848d99d3290358bbec7f6da3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ce3ded1f51b55f9ad552d423ff91071

SHA1
839782e87e3d20802e40fee6cdd33ef076e2d52c

SHA256
8d6d15f904c2617d3eedd4e3502eadf6f13a26cc5e9f77d51cf81a1e2c6b9eee

SHA512
fa7f507b0f257527de2444ba1f41bbd7ca2427b2aa49eff65ddfe6c88ba15dee37bd8cf2dcbab45666dfe795120594ef996794261d6dca797d8ba50fb6305dce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1d0d85b5b4567d2fb2be89945a13203

SHA1
1626caac9a02f3428db0648d1cd80ed59c6eb605

SHA256
8dd463df74aa5fd4ea713e849cece72cf062502d98c8c29a81ec047029930b15

SHA512
8b679675be3649dd67933b38c633ecac99a9f3e0d5de4b0d61c17e1ae0c98fdaa1023c0d70ec2b0b3bc8f5c6891c4c77164d42e9477db2070a5d7425dc126059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82cb3a1546aadb996b3c29f873f657c3

SHA1
18bbe3909114069b1253cf25be6943a3b7f30b40

SHA256
c76c3cbe2098921275abcd5ffef19927187658b58d2379f21d927c681124585c

SHA512
8e39f29ea9d073a58c74f17cff59a92fba55667f503b3ee2b4d547a78d58329dc243f81200d70a5c8a607b15a365e15906199f5e4d2cf1966b34f2d9f3674770

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62dd3a76c95976beae627a336f811bce

SHA1
bb2c65635e5e872d639ea370e4b2e9f5c5b58b15

SHA256
0a7aba666c5083bb448049d84df39c3525844b42cf051d3331826afc4acc92df

SHA512
54a50e0af8cb914b65b124b8670bf76d56983ade12a15c090707d4340d0da795ffa4a407347e02028ab740517bfae43dc06fdfc5ba37b308314369b749340044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4276e30c200577dbc8ac6bd51426ef

SHA1
e31fb25c599d2ce1095d3b078c7e9e314e621a17

SHA256
3cbc3302f9ecc20a091b4f996c0b1fb2034a1ab2c5db0e680dd172d9e2b4c664

SHA512
d86feb78c36f989e077cf6bdcb7d1c34406552850f8d4cdfe9ff21126886dbf3aacc0c176b004566a044340838150c43e2ca776b97cc8f96a141818d1f69a222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecb5d1a9337cb9afb062e53f75ffac3e

SHA1
7d37f5debe831babb24944de0b90da796a05fe9a

SHA256
076abcf0dba2170d6100f522509b4678b23a798cbd82afe586c54f011475c219

SHA512
0c04b767f4f655d9290de6b2e19761e44bd205a853eccbfcb28eea9b70383f3c4593cbfaddd4e0df354d0deebc1c3287fa44ab169f2b8e9b0d6b3639f3ba1f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5141aa101120bc83f3dd0bb6d7102cc4

SHA1
3289bb542837eccf7f7dc610cb2b9519318e5e2f

SHA256
feb471fde5b04cf1e79fb518a1b5033d89bf4279ff0dd86ad5796ff8118857ba

SHA512
f80a28bbb8d634971c28b76e2a08e4eca8f256db0aa65b1d3aa6fbb4a0bd437b49678adbc43185c8adf8fdc4301f884e079d1071eb6f46badad328d8653a05b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
f63a55b9ad234c85c2a169bf7a097876

SHA1
2030365cc5f59153490a426e7cd8a336b15adaec

SHA256
6f982fd333bc5499dbdfa54c181fddd99b04f364e791f164213220e8c5204dfe

SHA512
96cce9d99c67d9d3139fc216a51be7e049828d7499fd7949377eda29bdd5eb5ce06647b6c2bc63ded5527c0637f4001a55130a3b942792c2e63dd62227b099ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar108D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEE2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit