2274a857d3fdc5e9cb26249e6e51bd5c9890a66f407adb5ed65420f568779419

Analysis

max time kernel
138s
max time network
139s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afc1ecb04e37eabb86c22b8863aecea5_JaffaCakes118.html
Size

142KB
MD5

afc1ecb04e37eabb86c22b8863aecea5
SHA1

45e012c40d06d1e55331f741afcdb43c29ac09d5
SHA256

2274a857d3fdc5e9cb26249e6e51bd5c9890a66f407adb5ed65420f568779419
SHA512

8de87fb9c2e783e8c377c90a9b3eb2a85c3a33440f32ae2cdb0806271c79e78b3552ad73c31bd81216133ea4795f58785ab109cab98b8e141653bf75a0181221
SSDEEP

1536:S1XejazWCM336SLmP87ts1IGwNNyrq2ISjkGPgBIKV/4ZCX6SRymdoU5Kg/xXkn8:SIkOcx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424637567"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B9F4541-2B44-11EF-B6C6-7E1039193522} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 3020	1732	iexplore.exe	28
PID 1732 wrote to memory of 3020	1732	iexplore.exe	28
PID 1732 wrote to memory of 3020	1732	iexplore.exe	28
PID 1732 wrote to memory of 3020	1732	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\afc1ecb04e37eabb86c22b8863aecea5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0987355f6e81509c3efeca1378c3d2d

SHA1
7ceed4f35ecde30dbf6571e12ee506393750f62c

SHA256
9a704d6b095c04eb9c29838a8accc4095d3f4e9996015e869f90fb3f2680e622

SHA512
fec913c70915970cb73c78eb4682dd5e533e44632ba5114ae31678dfa81e3d8017be6913ce31b48d15bd709d22500e61a927872d5d78562e4f3a3a0b1752eecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7e60098d0f47beda0c88411f629ea24

SHA1
520a80cea2361c708f765071f96fa29f86b719df

SHA256
8728d4f3cb8cda9b5a3ce83078d0976fae4147ad6e4e69fb76908ed17b65c477

SHA512
2ea7e18755055b69e65aa87bfdac9d0e45630c23372327e1a6c7d3f8d434b03bf79e170802cd95c6ba4d3c29542feadced0f261d11f97cff9347540892fb77a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84bc27d403e7b9425cc01b4d088a673

SHA1
c5e4268bf0a7b9a296e5e8bbaef1067b93d66e16

SHA256
13b806e298d788c263ce4cec1ceeba6ea8226e10d22e1d6fb661b1f48494796f

SHA512
d5c1e1a53479ba89dda846bd25dc96e5aa31c468606c11218eb659375a03db19907f59988aadbd9d3d49587391cd2ceaa8593197ae04070fc5e77097cb0456aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ee6148e7f5b0d06443f2c61397b5e98

SHA1
6be8acfb7c95df98f49d4773d6eb672a8d652bb8

SHA256
2651f4d300f566a910bfd307d1f2325fc5942cdf47761cc0deb773b34cc695f8

SHA512
1e4d91835b33823727cb663ccb158a0892030dd7f0f6a72fd3b956b1c7bb43349b913f1461c7f55acd5eb2e44cb49b2a15852de1c89e9c2915dd5d491386caad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a770a2316e727f8f76e8ee2b97a66c9

SHA1
ea58d1eba36e42ed5b73edf172c68c373d6dd1d3

SHA256
35fc106fa5d5ce86a720500337d9b72527fcaf90555b8d32e64331776b7e40c4

SHA512
47a53f927134693d622ac942772ea7f27f3cb62c4fc3c3d118ab4ff62d9e06766b922dc9239a8e877f2edd664986241d88677f226cb9b086b2c0547958653c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
867d1431c8633e4aec2a0c082ae47c35

SHA1
a5f9af0c7bd8c670e29972bc4103ca8814e68ff0

SHA256
787207f9cec2e9a1d2dc6cc28de576a3a65873934f752be42a6d5869899eb81c

SHA512
40ee973cf65234d75cf7e39460bd374fda62f1d81df33dc6e80c61a96fb172f269df57837548a53ea2b1e99a7825cdab145933ae85f28dda0d97c269ad731287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a365fc94920c8735c35435ea08263282

SHA1
960a49511e8a8fe7c21d1496df28d3dc317d17a2

SHA256
3b135f1666598ae1a20655d9a3fd51c4c1e07c963343b3f773cf9e734eba6717

SHA512
d279ef3ddebcd128efbaa142d98b08f5548b4b124dbadd736f3a7919daf546a1474227bcd81a1b809da608522e91e90f7475a5978a3b7e26df9e647db1f7b71a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30bfcc22ee90fcae321b293f90641402

SHA1
538561ca76f3ad8f19b42ccfdba59fb548d6d0f2

SHA256
86c0c4167b4cafa9c76ea96e7d210c8d847ab5acab900babe84cc41bfb6a2fa7

SHA512
7a5b8d1ffa31247dea43b57cd5ed4c507076a20930b761f25777c25861bf3a733b909721364a70fcf7f457e150761547b880f4060ad6a7213a6c090e2ac01b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a511570f7583c390411038e52b6bcc0

SHA1
36585df14647a4293d4daf709c5516de7b8d6f9a

SHA256
ea23fda0ac4f1bc1174dffa18335ff7a3ef7ad612dd6ef37fd22d142a16dd7e6

SHA512
deca899a6919a3604fd2ec49c1b8b05f4c75aa1a4258588ce4fbfb0cc1fe01b5595f6543fa179136289dd58f87ff747fa681e7ea36522727dddab05c74796ac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f95ed20405fb8f062fa6d6074fbad52a

SHA1
f4b5b74c05d89ceeca035bc0b01fe94fa066cb4e

SHA256
de61bae0a1f016bd8213a6137741a2561ff39e2600f385899031e7017bea477f

SHA512
4465e5fc1e7937dddcd752d2af468ebeab19ae651cce2766a0487f6d8e47c531a224a21aa66abf670f185c59bdae73bbd843b58d1d8300db9f199999048389a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6aa80063a64f25e7955cd67d93c59d3

SHA1
d8dcd58d93abf0340eeb549c936f9b1db5cc3dee

SHA256
7a26a89198d0a6d2ca0e2b901b3b143998d701f537a15d4cc64bae1c67c7a33d

SHA512
946c8c8b0051fc62c05d1587c93c0e02b8b814800428e607c5a932bdb5d781c9c8e307061a3548c1e2a133af075e1725f4625dcc3424aae7cca8d06315c4f7b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eded73fbc3ea098bcd810c2d5eb17551

SHA1
e94312efba0faa2d6c7f739789b8bbf22583f4f7

SHA256
e27c0d0cca21bb69eabc6385992d4866932007ffcf92ab325d04ab8efee0d3ff

SHA512
5f19ab160bd29b0517c3e8bc6b9717a9d27a847b819a1472678f690efd5d42cba9a4fcd9702fefeba563b22d4530002c362b4900fba41a1e009c338d970bb432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab9d97696e9f6f5c579f71e0e14e9e21

SHA1
b8e16965616057e7d6da731be06bfe6f87fcadf0

SHA256
55c0ede0035e22b18a6f25ef6892da4c2947fdf0d6fb9e2bc025f5aef9f2fa3e

SHA512
63adf759dc595e34b830f60f65f6782228cf50fd0b98df7475026dd7ef48310c02c71e84d71ac23a7a47a257e35311d796ce2952de10fb3c990b4d9741458e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f004f3edf6dcd48e369ae3b4467d2162

SHA1
d2ff1b44ee0adef312af2d88b5e77c475993e5b2

SHA256
59bad4fb119cdc3bffba7b612c90a6b5e7c82a72ec53079ca135f14b3fb30355

SHA512
88023fe14f3a78ee6d1c884dec428bdbd346e5041536d39f8c5c758d6aa86cc522afeb36256e67b5398c5a38cf9e757630c6741bce10837327927848af63334c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d5c54bc6500273f52b7dc8f0ad0f34c

SHA1
06fc86c3dbf64a031acbb53e3b7cfda2aa6d390b

SHA256
1a1f6e05f6394dcbea685455b8335d452ade1fb7b4f2fa173500fdd0ff4f9362

SHA512
fc6ee78bfd9e717de472266f0a31ccd962ee25d365c4301cac144d306fb0792d1496e969a4cc9141480a55c7e574bd653689dcc63ffe87bbf9ab5b11e3ad69ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef0e1d9318b8daa839dd97b57069fca3

SHA1
0a044852255d5b70e9c127a975e0f9156e81ff7d

SHA256
d75e9062353225b443ffc323a4aaf4687f5f9f15c97c82ea5162f7c2c2ebd176

SHA512
5a026640647eb2ebadd3c308752fbb6926d2bbc8cfd14901bc1c91c246eb009372fb69ab6780fb663fe0291d68a899a7aaaba243fc72d73e29608de3ffc4e6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a90a3144f48743632caf004f023d7453

SHA1
c4b00c17ceb7b626d3407378a3d8822df9404d56

SHA256
06e29ea7389d3e63abaf3d8d554e3ed3d5a4f552062bff1e1788096f95a2af26

SHA512
f37d4f52e5d04c093bd8390627db8eb28eb9995907318db52273f869f240c5baab43818518d2b2b9c55b5ebdc77e82dadc48ade819171039784b079b0a24863b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48260a01e8e73db8a7f18b5bf3addfb7

SHA1
13924895510c813d9e52cc5426f0cb064391af30

SHA256
ab72819f8e47535e48e25fc284dc52186bd28d0abd2a69b3cdcab0f6a2d79846

SHA512
599a429ed9fbdde0e3ad6be155f88282682b55a4d7145cc59a1b98e66e4d4480de02fda21540ac01a4a9529bf9eedfafd8698c0f60d220340e27782b0f265c26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f53086deeab4b4a48f382e24f9ca9d9

SHA1
5aabf911d02c126514edf7a97a43699367a6451c

SHA256
75f34938d350a73dbe28014b331c8eb58da9be8999782e4fa4606e66d2a3187a

SHA512
b8e160385c5d89a9e0c9feb04dd3d5bb2dcf92bf4a26a82c5f3eb27c4339931ada8af317e387c8ad702c3d6517e62ef7ffd67b1ce47953e1d42a66c2ec9eae3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59b91f5acdee32a2727e20d33592098f

SHA1
b695e06aa837b4206892c81111218aeda8d36e76

SHA256
5555735bfc7ec7b9962c95fa722b81f7166d1ab3f4c85baa62a1d32c68fd82b5

SHA512
5a5625eae00a7563f44f01030759c76431a32f90ab3c3305fdabeaa26fa7e98bfda89da1396cbce47e41d28e6c0c513ea4d8114faefe14b5c861f6f8a1929b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC23.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit