2d1e9df66cee768900bc5e149129f3e1f3570ca5dc7de2da34322f0b2f4c7105

Analysis

max time kernel
134s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5692ab546c804c584489cbdc94b7d9f_JaffaCakes118.html
Size

220KB
MD5

b5692ab546c804c584489cbdc94b7d9f
SHA1

7f49fd857fbf944c4c865fea03a13e57a0c1cd48
SHA256

2d1e9df66cee768900bc5e149129f3e1f3570ca5dc7de2da34322f0b2f4c7105
SHA512

19560f498a2447e7bd15d1552515812014bb1af6e64ac86e9cf61fc213b4202d9ad5eeffc50fe33a34ccabbc95644f677256d33bd1e604eb7c8b4e9e897f8b7c
SSDEEP

3072:SgWPPC8vcDNv68VCuyfkMY+BES09JXAnyrZalI+YQ:SgGDk3sLsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424737393"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88A33821-2C2C-11EF-94DD-CE80800B5EC6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2540	iexplore.exe
2540	iexplore.exe
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2200	2540	iexplore.exe	28
PID 2540 wrote to memory of 2200	2540	iexplore.exe	28
PID 2540 wrote to memory of 2200	2540	iexplore.exe	28
PID 2540 wrote to memory of 2200	2540	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b5692ab546c804c584489cbdc94b7d9f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a88bd2c9c01a32318d8299f6f7ec9da

SHA1
7ffb5da155897d329130192f990d4e45f6f90a6e

SHA256
e5d767706f1b7016c01956baaad6c980f0293dffb5aab46ee4f1aacd02875cee

SHA512
9d8fa35656f99d9f38a6f47a83bf5008a3509ab5e95a9eef0839ea08c0eb77a37e5d73d1bed8c8d7648cfe79da6ed2d42a0e091ee9c7ffc5596c589ba04c3dba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37448d909df74a76a4417f7bc0b0be6c

SHA1
a7f1961044bea5475328fb160079db1a9b28b5c8

SHA256
6c07b086a1163b98681e4448c8c53fb3002d3e6956cda44280fe23afe232fac4

SHA512
03488ce18f74a37f0905bd4350dc254e8346c451018a67e65e128dea812e5b081a958b8bdbff16901bcc493608353216b99112495826709c07a28e18bd5e2235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ddc4da631ba3f5828f389dc36e2e17a

SHA1
7738803fcc11ac83f686166e327ae4e65297a71f

SHA256
b3a725ec0b69525cd22645ca33df5286291bc7cb9e1d004d0487ceb516001f91

SHA512
4ec045f1a5f90b176d243f4e6cc6bf7353c376da31865bc64bcf3f1a7e848c8f30f51bd943882f98f93c397701a90c34cfe1c2997759b78f1f2abc0a68ff4860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d09b945cad541c4dc22f6d8b51c872c

SHA1
c1c3889338edff951e40f0326e4e3a69bbca5d77

SHA256
bf119407bf77a8234e514ca8e0a4322fffaa316208e549a24b4644ada03e1731

SHA512
ddc512c06a50dd3d18bf8ede1a065730897138038a845ed247a1a10e8007bdc5b06e02873ea5c03a67e822b14ca7d1b0a67f13ad13bfef6bcb26770f1ffd4975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b5792b0860726c81736ee88086593e0

SHA1
639e18a1400e97667437b3fc34b79d5f7a699d91

SHA256
43a2c99d838d42367cb6b0b91655e91c1b325aefc79450101e39853c7195380e

SHA512
123517c87d69f8727d2509b166649e32bb803a6737a62bd7b8ccb51ce9c4cee335bcb905d86b82eebfaf1f05fc5b4dcc8bbe5ea40f59dfe4efcd444bbb13cec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab31398353f5e4ec8b6f1ad2abd71a30

SHA1
4ddcd1918bfbecec706248ac5421195c1d01ddd6

SHA256
96134f8930bbef19b278756620e721d78d1f5dcb727b4363855bc8b16e936631

SHA512
f74b156da7bf78c9efd768cdfb16d0b08abbb8cd7240ff7842e6418c8a40caaae72fc84ad643592b8b53564d7027f1ad3e8f7cb42086e3e5bec94d24ade35b46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
484b95e4ab525814052d7e7323dfa1dc

SHA1
cc2b7d54aa3c3fb79dadfeaa901807ce1dc9e31c

SHA256
82de4bdb960c9b9a5f36b9544aa54c424a33df1cc8912fbf122f343a2add607a

SHA512
be8845992c436f04216266b46e1e750602364cc4795df003f0aa51eef2b2285e503899e0aa4683ac7d9ec7043a27bd8085f1ad1e397ef11b1b0433320e6a217c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c9e93fa6c5f16fe990d1470650bc38

SHA1
ea7ab5fba2509b3188672ac1295879f35280b3f3

SHA256
895d6a4bad74dda8c940bbabf99cd33f7ad6e6712b614221b384f42f73bc0f7a

SHA512
d455afb557aabbe268e929c68816ee6d78810e5455562cb72a1fe3f0ec1afdacdddc7535221bc9519faadb512ab02e24e1d51315b931312beb4b1f5cbad02e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
034612d46f6c6507410d3da47426000c

SHA1
b9d794ddb31f9085f45f268618bbe7b9d8eeabd4

SHA256
e2f33508444243ecef394e165259e8b295b6e5198b2c2409bf08a4af7a3ef504

SHA512
afcc5ce07e09e09a0a9246a0f0d29dc9ec9e8b231361ad55b077b51d00ffb7943cfa112c7725651cbeaae8e2eb8a7d60de95aa03cd4640a5a67a452cf3ee1b15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e07644019d5cea4eecb711e5a5696e6c

SHA1
e9af58a81bd25fa8c3dc894801a03af6bf9817ac

SHA256
905678262443dcf9d5d4fc0e76f0a00855a4c54020431a6df467143bd127307b

SHA512
0ca551367d5d861d1a390a66d98a262391835a596ffef2b4c532493c84005ba51d90539058a449c9e28fef7e6cc82afe271d2dd37c48c9c8ddf1fcf94ee52fd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
292984e0d80b89b41f7d1b0f785fb140

SHA1
7768e7e1368247ad846908d5fdcdaee2cdf79fca

SHA256
ef82759081bde231397746502f0b5e4d789109f85ae6e5a8d24437efafcb2962

SHA512
1b932f50fea0d8d0bf80bd07b2ac8e35199881e07181bd7822693664bc0c2a0193d79a9b8dc14547bd0c89101a1ed96b1a8f870cdf425dfe1f2949d36b883d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5124f04c3a1259d3de080665dfbbf178

SHA1
6ad0e487523082bc687b6cf060ac077b378fcec2

SHA256
61528097e2e3ead8328a4182505180b674d6cff53ad21f516d2cd045f0fd24f5

SHA512
04b6d6c1852403c674da87814c4283bfdab8efd201b33eb7fe18805a2ccc79cacc26e76e75a923cc933c0af9265b5e5f81f5c6e55b52814638484387fd5ea3a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25a0770320a31f4e27def7e832b4b8a5

SHA1
016504d95ca10c73ff37f5fdc4d1b04faeedf4d3

SHA256
1cc65141a856ecb09f48a6b776cdc45910cef97e6900924cb815cca2e12cc70f

SHA512
58c8ef814c5eda112444e992c691fbd6fd547b79e90e9574238670c4cdf9ba2c97584764a8e3f1b87306fa9c5a1d91dae326a19cf658b4b2bda3f930248e06ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f029882b2a6ec3a502af0696cd50d4a9

SHA1
8a3bf34560d204914bf089251f588e40db6d164f

SHA256
264221806a855e0fcbab25d87e2bd8012fb1fa79730f4516e8951245df6cb464

SHA512
85176d6f2ce4e65bcb8ce238d0e6a42f717b36d5bfa86957939c3b98e624fd79ab3b8588e9539b9b443bb227f6cad0e1efa94037eabd75fd98b22a8dc19c0e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
473d8cec345b47b2a587fb3393f9db11

SHA1
2d697ce59bf033e58d5f06da1bf447526794b046

SHA256
d9cfcbc6697853db7f2f07c353495bf3ecf90cc07ed886dab66a7dad37f2fb53

SHA512
68fcb0c76f230451e706b8259db336bdc685795950c62f181c8124df221616be41c823626724b6b644275c00159f4e542208e77b287b9b4b7a65aab203600c74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1abab329cad388a2e886012d85cea6c7

SHA1
6d86ba2d844340898fdcd76f9d6324bdc8fcf4c8

SHA256
16df8118bcdc5f71a85c811e4372353f644b66c11eb7351f3c2f96eec514abfe

SHA512
9784e36d9f99d051ed105427923563cbf8e1d2cc8f670612ec71a6ce77c8ae5a4c696d2a18476395d4a4205591616e7ccd60152dd78f8931d64c2e197907e4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1e1ebd2908e98233d0508d298db7108

SHA1
d2eee593488e807046472e0f6372f9ba6d2ca378

SHA256
629294f231e2fb74b5248d8b6129f94561e423bd82f7f40476f9b1d1461b7139

SHA512
6a2b09e04f75c71650a822055a7360b82de2dd901ef36d8d37359424e182828388065f8a255e648b81ced79194e4b0cdad357453f04bb2924106addd8793e0b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
279c318c33cb6cd7741fe8302118e40d

SHA1
44120a5f764afedcb8b73fd996cb5b8829104c84

SHA256
68d30791d9e7c4db276562d98dff01f81627f445a84c089238aa1746eb351b28

SHA512
84d6cb6234683ca0acf148a06fe08de1eb67be12b52fca7603e226f353a7ce97f98acb06e4cab594a0fa2bf236d363d3391735a33af5a901b121d458557918f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c59f65f7d95f6db0b37ab6bab069fa5a

SHA1
762acbe270f0f2643a34917b8ee5ef19e96bd972

SHA256
32d394d5524f6e2b2d8ad615678c843c09dc730c5cf4af6500c708276fa426ab

SHA512
35156c8ef8e384bf08677f8d36757788fe009d382f4b114cdafc82181644b51489d6c60f30ffc04989a3520cf7e19e7a63b2250b139dbaf19a36c61667da4367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18C0.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1973.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit