1009ae03dc5c0e5c37dc793f345e56fb8fe52f2b2c8b47076ce199733e333921

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3fd2007d5df903c088e48195b602e56_JaffaCakes118.html
Size

62KB
MD5

b3fd2007d5df903c088e48195b602e56
SHA1

8dcdc9bb05603dab77835bf465e672baf470dd18
SHA256

1009ae03dc5c0e5c37dc793f345e56fb8fe52f2b2c8b47076ce199733e333921
SHA512

fa4bfff18ceba9c00d5cff5a749ba4727b22d64181aa8121992cb137f23008c67f51d2d93e14890157d0e9f2762749949ab6173c59cb66471fdad10cd5d080e2
SSDEEP

768:dhy1StJi8FEwMrLbzcbzm9rA4I8XiNEdiM06U59nqjr8nvdIe01929flzFY:PJi8FEp6qdAJdNED8nJ01AY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424710077"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF00FBB1-2BEC-11EF-A564-5267BFD3BAD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2468	2000	iexplore.exe	28
PID 2000 wrote to memory of 2468	2000	iexplore.exe	28
PID 2000 wrote to memory of 2468	2000	iexplore.exe	28
PID 2000 wrote to memory of 2468	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b3fd2007d5df903c088e48195b602e56_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
61e94c2b621c22c3083f402e61c816ab

SHA1
cbd4a457ba998a142abf627c24a0ee88fb61445c

SHA256
c24a88d6a082a19ed6ebad0b7bebc65a0a53d5e1af32d2705f2d8269db404874

SHA512
fd26ea521d2a38aa193cd1c307111036e0f00b82cef47a992284b76c2b3e8e898c51c5ce1849b609a06305bdd75cd4618240b606336df0f0408d58c863458aa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da126e63e34ecbf9199605c1b727cbe1

SHA1
91f0b4a55c561e4800f67db1f1469743c1b578d4

SHA256
2bc19bd9ad490bfd9b4d07a9aef84658525fca91088419d95769ec2944be3928

SHA512
6ff791c6b76706d516f6be483b6077f95bcd34e1d3cda43ff94b41cfcbd3f7d41246c84aff5650fec114180adb3ea715e7cd09f86b52b4248721fcc347be7103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dfda5bfebfa832af6a08c7c7ba29287

SHA1
f8fcdf6b47df7f3005e130bc9a3f0ae048ec2fc2

SHA256
5707bdf6cd9d73e15883125306800473d735a22ecaf36d0d6db9176a7ad74535

SHA512
66805afd4c17d8caa35caafbe0a3d3b4e750793a78ba4129f87ec9d5143e20b936442c978b34817cb6217c915ee0a02119cd55b4372afbbaf5ecf3366c75a0fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa40751f6a1153d5bdf63f8556406aee

SHA1
ec79b0265de4f0344deeb7ad109bfcbffc27d3ca

SHA256
ea9fbc59ea63ea64e0b277e9a27d6e16cab93a88836e646ac02f4c357e992c31

SHA512
925dd7e4397f0b66b70a5cb7fcb365f2a29bbe9f0e9dd54a49d9780399760697e42f96d16964ea6f1f6fbe465dcbc6776d2d09d642b4564af46b678aefc63385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47f3e63b18e4f571e6a102984b4c2a78

SHA1
63bc6df831e00a128927add40517b149cc0c7482

SHA256
81aff7a69322156bbfccef2036634114f7b0a889df64559734d4ab51d46e540a

SHA512
2bbd3a72efbe8263e89fc93a4d674c1b4fd80a4119e20f26004627f349cf5fbfb7dac93e66c77e5824cc03c0d193b4af1ba1a6929c2f2949c60a6937e7363320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff10a149ec3c18755642c348eaf9244c

SHA1
a68b318fd0d25dd4c85c542b810f7ec3cd85122d

SHA256
71f41dabe6c240da3abd9d21e52d41adc25389e9b307aa458c0b2c2a8df0fc52

SHA512
2fb5052fa39ab264ade08c9660cb3c51a04c7925d1ba77c386ef0bdce0fac9c960c268e247855182ebee0949e992c219734c0bd6e0feacaa96ad89b00b6df186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2223712e29a4ce61cb5ef8e98769d5f4

SHA1
30374db3bae6fb1be758c4b774ea4c59def2ed00

SHA256
9ed6a38119ed6d1ed7cc205b6d1c904bc6511fe897b217e221a5eaa8ad0b6fb5

SHA512
0ba6f1ee376919d9c68df8a6fbed398ded22fac39ea0d0ff858e76270d4a44079a71efdf4f8f5bf9da21b3a333c721c5d00f74e7c042fe879b7c3ee76ade5f5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e7dd8d8aa06f503db320d2ed275e3bf

SHA1
ac85d734bfc8a94f6533caea1b7e2add63a94e4a

SHA256
5e7da4602374afcea8127052a34ecfb5312c6dc09d5484cb1a09a714444e4117

SHA512
2937d9dda9521e1ff314de9fded6d9d3f8969285fb0c1f77639077d9a9c66695170e0aef7905991dcb8dac9e2e2e8d97df69643c1ad718feccb64fd1b9a304bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1aa36eef6e4d6478a2e24000506c700

SHA1
7e722f2c2ebe4d7f08ada3bfb7ab2a92884b0e8a

SHA256
766978614ca03331c58f12be4ac76b6e562b9e35473df0e8ebae19751f1cfed2

SHA512
8ccc708a33a17d37f2d035219b0a345e70694d0321210cf48439e64dc8fbb23e9a9122f07809a2244bfc59e888d033b11095b71dd9c890eccae9cdb3f53b3e2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e124548f38c6be6480156d79d0092c8

SHA1
6290b18676f6705d3ef411aadd3fdcd1983b5bfd

SHA256
1cb49da15bb028a52a5f3d1e254c1a5d7b0c42f5655cc07fac0a47fd1ebc86c0

SHA512
f4257e92156689bb335ba13cf5b870bab4a12765c8c72692326aa4891f6f850b7e94dc717fcd554ffde756efa9896911003534314199ef03968206334a449a93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8bff6f22d3ce2e1aca19e7dee18c147

SHA1
3282b7f5220b609ba64bc18fc16cd7768bcf6648

SHA256
d5e57b0feed94cddea893b15b3e1c701a503f45c99c9792ea68e2dcb41332c0d

SHA512
1e33f7f10c9e58624d5090671ea318b77279e3960e9b4fd1aa17bf7fd1ee0ccfcd2aac8ee8888ecd2ed7f749e78fba892ce89b1918599ac0dbb3d384b885b06b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8aede147f897e7b96b3e4a463ce8d335

SHA1
4fb470ea75d537de4cb886089561e63c706eb314

SHA256
8df6e6cbbc1ef8532a2a59280ac95051614c1a92e2c4ddf209efc786d51c37b9

SHA512
0854eeb0c67896ba816102bca3bfb7f271d3916475e71741270720227703b0b27b1012e9be4361575c4532a53b61787c79da6fe686fe7b0ebeacabc32bb6267d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c93de54c8667e4dfb009f69869bc6293

SHA1
c4837ad5eed79314231bf086a84083fec93ac46f

SHA256
6ee483c6d306ed60ae2a7fe0bba08a2c27594700bb73dd7a6920b72cd1132559

SHA512
fe723c79bc8b03b594b8192178a3d4461c1365f3bd26886267f78b79743b96c74b627b3f18cbb3eeae97f49aaebc0355ac0a4cdcd2277c184ceb0eba333c12e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f76186052b5dfaa2b2802c56b2993d02

SHA1
7842164ca25201d2ac42016d5c2bf1b7321d61a9

SHA256
8225636167de33d4fa92590ab660405ecc648454c821769987110ee1c7c9f9e0

SHA512
0e6c141f72bee40009240d3ea21ecbf48a9c3ed7e0fe6ce8d61daac380195b9e573de422116cb0b8f639520150c3feb5400162d5a06ca97eba97b6d1c35d661a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2418dbaa5e8afd6a27e83b614c7ecbaf

SHA1
792a8e9de2f87e7224dd38be96e35f756157cb5f

SHA256
764cdb640f4d626066653417c4ae2d253f71d636a2c97e82f3663858f09a3e24

SHA512
70ff1d4f916b0d7262ad6841b5a712f9f165c225e3eef1f5393ed530a877c4b04f29eb2d5c60e690ce729871c6b36e05f9af51d6067a9f667155ff9206e8797f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afff41b619a6b1076b42f86be155daa8

SHA1
917f7e14209c4624667c54f3500f904f28e96cd6

SHA256
db5888af480f62abee1c12cf16ac7c177afb58f50d38af01046dc630e8ca6f82

SHA512
88db25c5de29dd6d1a595389e885ad639408b21dc9cbf147089dfbbeabbe72be41a0a7d249be597ee149d5be62e41404ea5dded23fafbd149ec7f983c357b1fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
335a249c748fe887c70f297d7f264d3d

SHA1
eae525b87b0f3495a3f7b837f5bd64dabff6c1a5

SHA256
f4632f35f2fb37fd0a33607c2a3cadb9ff7d68d37cc7cd74b0afb141e535eb50

SHA512
1e732a9a8c0476127f8c84c2bfd0949faeeaf82b2fad3681a43c39cd1beb30afe631276f37cfbd9962889a056eb75c6f396940a04905d22e522852a365c85c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34B9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34CB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar35CB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit