b17c84a693a0d87408f13fb44e6569d9ac9c035920b8b53c965bee69147a77cb

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd80014cbf9d057d376558137962bd96_JaffaCakes118.html
Size

67KB
MD5

bd80014cbf9d057d376558137962bd96
SHA1

0384892bc126ace6cba75082403de62c835d0223
SHA256

b17c84a693a0d87408f13fb44e6569d9ac9c035920b8b53c965bee69147a77cb
SHA512

2e752e9d8c681f873ad56453eafb4e82ff712bd4cd120f3da89549f299295da56ff594567c2f823225a9246e8556e59f822ae0a34341820832964502caa21a5f
SSDEEP

1536:XB4utSS1iRmjE3n1/gwtse5Avq34epULYJmWp2wln6K+PSS6EN+BKqL40Sbi1goU:x4utSS1iRmS1Ywtse5QqK4P6KMK40Sbt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424979876"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AEE7FB1-2E61-11EF-9E55-E6415F422194} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2176	iexplore.exe
2176	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 3004	2176	iexplore.exe	28
PID 2176 wrote to memory of 3004	2176	iexplore.exe	28
PID 2176 wrote to memory of 3004	2176	iexplore.exe	28
PID 2176 wrote to memory of 3004	2176	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bd80014cbf9d057d376558137962bd96_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
88333278aa1c6e354b2329e36443bea7

SHA1
f9f91991644510e26a7deea8e97c5ecbe9db9032

SHA256
589cc848bb1f90d96542632af562ecd69fd0d100a0e3fd132b682dbafb7bd376

SHA512
5596c6c4a1a1cc2fda95e9e86c23fbd3fc89d9b8b17c6fb37c037e8f45c51224822aa7eb7c0b2bd6bc0b9edf75e54ea5b6e4c2aa42538743d8ccdcba4c21d01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
058f9935c8f89c005be2f49701b15a71

SHA1
7d0220fcf0e9ad881aac8f58a73427bb34dd6cf4

SHA256
9a7127503795747e0d02fc770d44a367c6f10301fe4a6f89822cd36cd3270f7e

SHA512
875abc188ed397f0e3fb21186ec3c5497ba4d25bf16b82fd4231bac9c8944bb57463a4e7a250d756c5b7e84f62f78b85b14789e7cdf7096fb57d427c3fbdefcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c772bcdd9b70cd8724eada16bf0deeb

SHA1
54e84e1aadd1ff4799ccebdac4844e5ee3a9e893

SHA256
e1bbf5baec8f7208867c8d4167f232be0971580bc8b3afb14d8f08b810020816

SHA512
2d89f78f3839b167facb66a418cfaf3ae12b01c2675b21ad81000f7d8079f6a88cfd414fe2afa7eaa23f378d9b308a8d09f1e23ae777ee92db9dce2ecb9d3600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f207aec86dbdef540196ceb50b223cf

SHA1
202bc69f9a9f3a39abf4a3b224797ea99a034e98

SHA256
0c0dcf9344dfbb7a1a27d289a9a40ac2a126fb00ff628f46834491386e3c0dd6

SHA512
1ccda6eb2c0885360f6b900c0545260b90342581422d4358e257ae54859e962f1eedc5b2980ac402a8d5fefaf4c06ada09e0515c7f29395d583b87d0c53cd2f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fa3dffe64f0aeeea72b6ec74fce013a

SHA1
d359fb34e544780bd8335db1048821d97164b296

SHA256
9a5f9983016382017f8508ec33ef7c833e440d8424b242c878c4556bcad69dad

SHA512
2e09f10556b5c0118e3090aa3073c631a3def44d55bb57db47bf5afad964025c658d5986d6c6a91c6d3b657027367637d0b515a2c672df50f5e80e64a75c8bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f1428992a9238ae0c167d93e0846c26

SHA1
230bc1ee77197791d2c27371b33d651f21263aca

SHA256
a81592c9643c44b3d5b103408dc942d458397059b56509d0d9eec423a15b3684

SHA512
c3cbb76c3c3f7e075854df1eca8346a51ef8af44dba5d9579f89a1d56d6d4428ad7be2570132b357650db03cfd205f9e99f963a368f7fa8d2ab57d3a3fbccc30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6365871a93ca33c48e7cb38a8b069248

SHA1
eb8e0d90d8e3bf93b07c80cca7595f5ad807d07b

SHA256
a19a4d031e63734bf859a6392cd7ead04aab453c6f87da7a1d976c56a95f9fb7

SHA512
c91a6476f067e729b4c7b709e82cf9239a7c4fc71bbc04558a81029d1e3a1ebddfa6f1efd05bbaf2f8deff591b2a2a8cebe37ef07a170c31ad525e48f1d16a0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21715cbaf47c6d917f6dc7bd9c10bf97

SHA1
4233a41b79eddf15881e904fbecce0ba6a1b85a9

SHA256
0d6dea6d9094cdb5850f5af24a0977c901a96b2217d618efe3db7f26164e2f03

SHA512
bb81adc333fe729c42f41d2f37ea7e6603741ecb23a06ca1017b6bfa5374cc62c977b107fdd9fabe279ff1e3dbba3c446626201dba33eafa8b484d0cd307a4a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
712f40216b7f6f84ac08f2e644b55489

SHA1
34073605d600312c93006f2fd81d015aa35ce2fa

SHA256
8943ed4e22ecd281da9f987eb4fd1ba87443205f62c2991f4fcb8776548c3ecd

SHA512
8df252e7209ff657c08c5f93f7dc815ab4102a201f251e77e7a98aad451e251f201d1bdac7b050b8b5db5397bec82964f92de299a4ae561f4a17774c0d0bec6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16f7441c4c773c77bd1bd10e0e5128a8

SHA1
67689253c3a4517bd970477a86c1817f203abc59

SHA256
a26ca625185f8dd90de44149205725d882a85ea94d937116ae8a3ab7b8cae194

SHA512
610f11c3fce22e7f958fbb858922e45c872c1fbc5955c44fb375ab2b8ffd09ef79a799df1270319aeac7fb198766d09252421a293dfedea8c16e997a2181e1cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2d5f888cf94bd8104064c1df81d0df2

SHA1
a24944441b4595b63c6db6278f48b77a989bf959

SHA256
291e260150dcd07d59db9ea13b141e50b9a7e30e2108c561b046028fbc5162ce

SHA512
efa0698aa7735346ed8eee34b2512e3b8212b73054ce86c999e36b03b2200760ad6209e3f44dedb7f44c9e3fd52ca4ffd1c7b70292bf886570616face7ab6189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7e26e9f95855cee779a7c6e94aebbb2

SHA1
5d2c1e619da1e25df4bc982ddd2e9d77750b092e

SHA256
43a7ef54b069d1f6d73126287679022853a8e39670fc1cd8dd2e0ee1cd0456da

SHA512
2988708bbb82344aed8f8795da383b79f36baa328004eab6a83d046fbd3c6a7e0b6ea4dd8666d7eaf2db1d6fd650a4d855f573a72ae05d479dc78c41f11e1eba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88aa460f7b8f29566d3d4bdff12ecb70

SHA1
5a4225092e9116c9359f8c2628ea2365eda8cb48

SHA256
a6ab67035dd54864c87c01a2a040a8b12d119a5c3b7b0872d588cd158aec6a7b

SHA512
4df9fe9b3861fb1c2f6203f1d06fb7c05ed603f887e955cb927b4e0ba93eae8705852417db994c243125d95335f383e6b8cc08b75f40ec2079074cfa6e54ca8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
f01b53b034a11859aa4a3a8e37da36f5

SHA1
37f08e5c07e04566f000018dfded002304b71bfa

SHA256
78ff44f7454653188df31d36515d312ec0554746ef33f30eb5424943a4981cf9

SHA512
dae9710b8e4669d9aebf6320fec1e7d3c4426d2c5ccfa39b00065b3c9b734d332bdabf20468404ae6f2cc0a515e9f5ef265e537e96a65c6eb0dc32fbb07436ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
14fcad6ffa1c5bdb252e14431cb0f15d

SHA1
def58b4996f2698ca6f19aef11bb29c4a285eb5d

SHA256
e0f9ca47f59de03c35ff9a09cbbf4b7e8190bf20b1cac9d3ec02b586845c7a89

SHA512
46b57def232430bd632cfa9f4f63fba018b06eeff9622e861723c07284bbce3ec82f25b0f5f24805387e4b265dca3bd5551a5459527e88763ba16f28c914af7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
504209ff578193e09c155c257b249002

SHA1
465380206e1d7d8b6a71e9b9da2ed384fc934987

SHA256
45ce8d85e2f7c9894dcabfefdba5470479ddff89a36dd40e4233f041e2f167d2

SHA512
1f6472cb3f51135c02623e2128d8744d828c1c4756dcd33e596d9f2173cfe76f5fb67e4d8224b6adc5e0af701edfc06f89edf71845009d510c821a158ff9df07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7025.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7024.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit