c590c4fc459db537541c999233ccb31bf0f89d2313672fcf99f8e0e4a368cd4e

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af226097b76333e8a612447b299a83f7_JaffaCakes118.html
Size

28KB
MD5

af226097b76333e8a612447b299a83f7
SHA1

79b04bc34194c52a6250a52b349021a81e67ddbc
SHA256

c590c4fc459db537541c999233ccb31bf0f89d2313672fcf99f8e0e4a368cd4e
SHA512

e88154226c805c0da1c36abb742827d0440952bccc3220a0b7c1d5f1969327e95e6970c30847521f4e3ca330877f51e5a486ec51982f52c3f41e1c9ad4b86e14
SSDEEP

192:uwvIb5nPkFzwnQjxn5Q/7nQieyNn2hInQOkEntJpnQTbnhnQ9eMDam63Vs+h3Qle:9NQ/cYZ2ls+USj7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7842A921-2B2D-11EF-B69B-6AA5205CD920} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424627844"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1368	iexplore.exe
1368	iexplore.exe
1624	IEXPLORE.EXE
1624	IEXPLORE.EXE
1624	IEXPLORE.EXE
1624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1624	1368	iexplore.exe	28
PID 1368 wrote to memory of 1624	1368	iexplore.exe	28
PID 1368 wrote to memory of 1624	1368	iexplore.exe	28
PID 1368 wrote to memory of 1624	1368	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\af226097b76333e8a612447b299a83f7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6f9e97d895932bc0a96968c4745b9022

SHA1
c8842d40834f42e0e13a92e81578817818752e8a

SHA256
ae6ed647591ffae02061cc525fbf747c89fd2b0b325a2d2829bb8568972b1780

SHA512
5894887c8f8e9f7e9099d9c8c7b937045a53ce3eac48b51eaf6b3bb89ef8edcd8691e88eea4587004417b76fde81dd40641b317ba6916a35df5bf6b2918eacf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6f18b9d48293f8e0f60d4f10ce70f7d

SHA1
c892c0c051cf3d9ae4b2c72f6fbb77ad3e62602f

SHA256
e2f5e167aecbd4533f83ff3425cb8dc4a3323034e12a8f442d82db7337dd28c5

SHA512
f0a6736f1ab34e152600e3f2434170032f8444f6cfba7275162b12e8e74be23facde91e0c1323028f2c6f4a3b20afe294f13dd63f24e8134026564d0215c9d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe163c1a774f0eda1db4c3f63e2fe227

SHA1
ba6a399d28f7554eb515ebf5da0131fa216cfa8a

SHA256
bbb6e085098b746cceb91b8c519bc03510aff62638c54b9f917d448d3df06e96

SHA512
18bfb35dce2c073d841a1c9ecb37fd1e9b616e97a8e0aa049b133e79b95c0a81eecc0d48161aa33040006ab02004e9e4da64a935d0331136d10241815255161f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5db114ad84859dc71c7ceea9050f43c9

SHA1
7f1b17d46f803bf5d23e43610d08d2467e82633b

SHA256
aea0e10f67763af8c9737d6a27c7e964ee0ab0399bf4df5c90181ddbc9b916fb

SHA512
1d6eb8057dab4ea1ac0e8e8b4a9c9ee8bab0ebec651534faa2580704e6487683213c1d246d901a6f14b17ec010364e507818f9f3a9c3ecd39440ebe9cdaf385c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5572fd2e28ff7bab2b205f749ea65828

SHA1
fd95150a05323384bd02c4cc8ee70f122d2358b3

SHA256
f9c72b7772102d6a24c68489d2c14ed80deea312931a720267d6219547865dc6

SHA512
20681383f9d4d91941b4213c18c57eb33c5b81cfdb842e4e430ff500aee8614e8da241aab9ec0d6ec8445ce2685e13fd4b31dd7d3bf1a07b88cabe69b13fdc23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b8a1ceb94a18492d6606073453421de

SHA1
e1016aa21433299efe2d4bc6ddf9bf6700d2d6d2

SHA256
cb2d0a157dbf8c67949c476fe380b04da464913c198c7eb7946dfd42086e8e63

SHA512
fa8cf2cac3fdf9ef0227a84ee69a00e4edf539803685bdaf190b058b51517630e1f1a5b468d381f3c67e639dd334ba02b39f437a5d2b94402e82a9cd7b21add7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
358372973fc2c40736f5c6840f5c4530

SHA1
a13e6deb27013cdf1371c028ba04ca7d735daa8c

SHA256
555a3df772cfa668ac479d3b537b333af378ec12c50bae3609ec4aff6578c00a

SHA512
e8136a9766f138e055c8690c59ca87417a84d86df01e575f86a6cff85d2f7f1c77edd0cd9092d1fd229a142b01674cca303051b94d3960138ffb20f5e88ef78c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62d7ccc295b079bba823283940ed7065

SHA1
86c85eccbdf3a88ce2cb34525107983c27cc9db4

SHA256
0e8c9565d4ce2f06b0315d93c230e1badeee223b13662d4d26815f3c88186587

SHA512
bff0e542c2b045e122b8fd7cd26de85109259cd8c52c11f1ecd6afae55cd55a79aacf8789c0c68e1945fcb69303e01c6b677a8dcf52d8a7e782b2bc50f7a81d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f047810a5bc8a9b8e769333bbc525c1

SHA1
c87d7997135edd382307dad0c3786b4d7cf9699f

SHA256
b8e40fb2e2c4dcd70b6d505418a8fc33558bf385581069b4d66a4b02c8ea99b3

SHA512
9850243a4f438845725b658ae8e01e60c7bdd96386cc4ebe485301a7d6056c2d1e8e3c5b7052aa7cc93997e15554b6ffb09d78acfd2d506a40fef09be8e47497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25fa60123ae6e9a45b78876c363ec7e2

SHA1
d30f540c98256c6995ada9e9052f758d4c5f9b5c

SHA256
144d6b60b6967139dd5f9f7d78682e7521e0946008e007c7898bf155697c5c2d

SHA512
7704aba85ef5e0b0ffa6d151c2d4f826f4af4e754db33a7f2c556c6937b5f53d8bf824ce136108e051f643656460bcddc2ed0358199a633af40a34e0cae50515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5d06836c6d95aaa2692c854a0fcf6a7

SHA1
e9802babcb11cb92f2512360c3dd81c81a2ca09a

SHA256
645a0f2f44f0113c76014bb23e5f58791bb6a03caeefd75f569190227c671b5a

SHA512
61e6dcfb26ada3ec4e894f273a9656c6513c0e39c9663002729048aa60aedcd22ab4217d6150e02984e2a32561150267b705539d8904a9ab188733fcbc31bba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b60710b3f8bab3f669de72d03daa07b1

SHA1
f34dee4c06f833c8115a00a6f844efc23f599530

SHA256
78ea6d3e5f5bd9884cd5e51594f3b854df8a9f602ee910e07091b06a89f45654

SHA512
8ea4cc5462119d0e833f0a7bc61ed8f4e37f0a1b21a8776ee44c9937e798ed2ea9dac371dcdae26fda3ecf936e903b54d3e566916eae1667639e72da253096f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c025b31031c2bc564c7f13ed882f80f

SHA1
76430d172b116760d39609cdba48e34713d9ce51

SHA256
54ba982d977238c2d561091814327593d8d827197880d3a5015fb5c3cc0887bc

SHA512
b60b46f84071b6b89f9e6cacfe7af32216430274c3142e59946e0946b94897ac6f1ed545c21acbe8f02a6e2dafd5908d37959844bcd680c909a3cbb1e8f8bac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
73e0a58761982fc52aebf19c8604a9a0

SHA1
34aeb76c2fec8f7b80edc3d265a9c5866f751c56

SHA256
231267582592fbdc65dcecec47dcd2e3d988a05fa384ded1fde8940f1ca5fdff

SHA512
f050f5a1cf0c33616ff5be759a9b7df8af62414426ec821b1c4a63503079f53dd43df0cd55337e36abdd44bc8a88d1d8b26033f4327ae6e3013a35dcc1d47a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar107A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit