ca2ba1cbbafc0d78a4a3c4e46ee6e20dca373428bda5340520f3b6bd3079b80e

Analysis

max time kernel
136s
max time network
145s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6131116c8fa24e8b2ea4b25702806055_JaffaCakes118.html
Size

61KB
MD5

6131116c8fa24e8b2ea4b25702806055
SHA1

b931896b8b88c77cc56df450ce3aee55600bc696
SHA256

ca2ba1cbbafc0d78a4a3c4e46ee6e20dca373428bda5340520f3b6bd3079b80e
SHA512

836b1c96a95478878ca7ee624e41f362804dced4643d6e5e31de03ef23607c8f918160dc1d0977f92baddf32db0f4dac4a29b0da05bc62fd73a1935af0e3f31c
SSDEEP

1536:ZP9bV2Z4AbHAU76ntZnWxZF8LzA74YfjzAiZttK:B9p2L8LzANzAiZttK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9BB74931-479B-11EF-B8DF-E649859EC46C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427753782"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
560	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
560	iexplore.exe
560	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 2588	560	iexplore.exe	29
PID 560 wrote to memory of 2588	560	iexplore.exe	29
PID 560 wrote to memory of 2588	560	iexplore.exe	29
PID 560 wrote to memory of 2588	560	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6131116c8fa24e8b2ea4b25702806055_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:560
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
636bea28c94b2ec3ec6fd571eeb464a4

SHA1
632ba3da19f1680271aefa156ee5e5bfe115863d

SHA256
e2d7a6a3ff2fc25e40c9f72565f04f821084e4e3b39a49d7ddd6f21aac02dbb9

SHA512
291778da6ded60c602b9880cb86a1f320af6dce7dba43b407876797543f3fda2623c82fd11faf71445929571b50c09f81373b723ef75545a19d633fe606f3b50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9ad01e3f1c90b01ae1db49257055541

SHA1
6b68e9a15926fe68c9b20568c42568308330bd61

SHA256
aea456d62df3aa55e1b2545bea1fab8bf0a0a623f0862ea37397981e0e7e62d4

SHA512
32ec0dd0e64745d0336f2d59c3e62b1ecae1b9fdf5c18ef9b30ad5c3f13e76a5cdfa66d67eaf262fa1d69b955a1880f21fe5310c56c9b43e9f18c206b0cd7dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a608b7cae3402ff23970938d179d15d2

SHA1
a4029124b4df73099951390d29de6977be672a2c

SHA256
690c6cc726e4190964e7f2af229dfee337b9982d7ad3cd68fe0538466e3d7ef0

SHA512
70a8c12d23e2829f012a911c6e7d14aded033c857aa6997d148222a20658c5696b474836ed778c4da1afef21b009326041cf6b7dba8d8d15b6e4806854feee78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51ade773f5b47fb6d47c2707b026786c

SHA1
97a68ac03e0a4b6492b127d727849c589c06b356

SHA256
868ddfdb9073ee429f6796dffb96d2c278f657f70af8e817ca69d55893318434

SHA512
2fdfb76a1e61c91818302746607ff63e780e987d0c46eddc8c00c0e88c1ffdada78ef116063e61205bf34b7c6448d6485e5bbe19e9e43f9800a6decb08d2316b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d45258bf6920827ee7f53db8fe854b8d

SHA1
a6a3c4b98bf3809debfccdb62a865e3f2d5e0627

SHA256
cd5682cff1640d07eae774a25b24ec6fef42dcade385c5792f5ef1ebeab8afe4

SHA512
5127da6328c7790e4f53f02e2646e9710013c95443f8fd0a54b89605f0698a62a247e1a9594ff84e0c6579e4666efd25594b4a6b79241947bb97aaf591bc3630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a95a6cc68077e76d087df0b5dfadd843

SHA1
b9d22d935b84ee0f3a9f6820ad50c605d3806a3a

SHA256
54f2319934479111abbcba664594739d95109fd0f1315d18e0fae9afd6891756

SHA512
b493862d92bfe8846cacbc6979de78cc1b82d4432f93e2a61cc81323ab7d594fb4c9cf69c6c0eb666157073b2c4c3bf79f586be9fc383613c19799e69c23072f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13cf1f4a0095c6b4b60a614da0070336

SHA1
0c3be68cbb45c6c88b2a9346d17ebfdcea785745

SHA256
e5e074a6a14bf180fd5de7dd18de13bb0632cc2a140f45ab595ed018d74e5b2a

SHA512
61af656e29e2f0e63a9545317fc02993ff3fda90236f58ee1abd57f0b1e76a2b5dde3c0c26a9474fab0ac857e94634a4c5555e3b432325c75246fbfe764ecdf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fdbdc018e26303eb8b02d1f5d84e00e

SHA1
a937f098a26e0d00e71d0d610c8814cbff6d2b05

SHA256
e27e70349e3bbef6e08dbc233e79d4928a0f84fbcf517b5e65f9ee868c49bf55

SHA512
d2b059471086c40610188266d05a5a283864b614898f5ad463181513619b8527edb4669044c907d8b208a135894e670901906d377a637e0ddf65aaf6e3b7b88d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc570483f00afd5e125d46637d96bb89

SHA1
4e2243f79917ddaabb72767c1cf21a83521e6784

SHA256
599315b0891327ad2873c3e5845b68cf56e9ef75d4b39a9ef4c3c18008f44f46

SHA512
771b356e0cd741d63d4659153d99973f11e44fc90f02dcac91c2c97255015f301714c9dec7f861b9843618a69a7680b88641426672bad4c78a2157304ab1b5f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bf4a6a0665c06c915b07933b76e48d0

SHA1
1a636085ca39b20a7486f33fc9305d476b7f972f

SHA256
4dc3841f7c5fb8628eb279539ce8cf1ebc6184a7155dcf5d05318a8f78cf6fbd

SHA512
bd12a5135a05946e1f8ebab7c05620f48251994022ff9883d0af090135816724212fd0cc0e84b08bd80ecbd146e420e3845c892a6f4379c211c85c7f7a7edd39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdb9e6bc3924937cb6958901d32ba971

SHA1
401ed61c42b510ac7a11aa6aa004cb81d8e1ea73

SHA256
868b231ebe7f4a69d565b9e4ce710c9170736461e8deb23e396e4d530f933d8b

SHA512
913d310f373373311f764a7678fb96eb6288ded62e4cdae97196690a7729fa7301a48c39bd31db41c377afb9295ab6b04783653195c0c5307eed3f7735e8947c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff064f5fd3ba8fcad8fe35d6dc5ad34e

SHA1
6a6a9a2a90a98350edeefa44030233861f2dadfa

SHA256
4318ff7ec43865924bf5237193be9e630bdeac64f386e1e1ae8d58e6bd6b4d46

SHA512
ebc4c3faa9023a5c47e001831793a048d07b63e0c846720a0834ec24d97cfb1b561bbec2ebd8d3304b94722acf4685641ad21c8df61ce393341b6de0f312b419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d466c40a604247a7ff7c006b4fde2604

SHA1
681a99f0615d7a88420d5bf0f54fdfa4ac58f58b

SHA256
3c41b10bb4a8fe1d90ed12362e54fe0d78d78f53557eec3d65275f1961581de2

SHA512
b631daee8681647370c630b69f77344e01dc8c6b4736a32f6ecfdd997ff4a152f3292f731a260bfdd8a95f9bf9f10e9211deda66535cdeb42aede441430620f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9a9cda0d6e2680520c63794dd0977e3

SHA1
0026520859d6417b31ae49ee49f4cbc238b3210c

SHA256
ff6970b05693602242b158a34bf24fa51fb1a501e60052ca3bd5798fc0fe1989

SHA512
a0ac94aa404ffdc5c02637e65f438d2e2ba3848f2797ccd4f3c8c672be866edaa837b501dcaee2981ffabdb79847a59f33e135738a6e1c1b7561d00f1a2858ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82e51e6b293ce2bcf7038ab58d517717

SHA1
cca527af175161c36e9946b0546cdfc9a1997145

SHA256
dfcc13ba36871809a799ce0e0d6a00def342f37ff4fb00711cb7dd3add6a2580

SHA512
0b22dc5f211acf1e1a6285d2bff369e2453909eda5319f860715bef96c792e5c13c8e8c0fb666d93b63365604c4b0d3906c7dc42a2ce6620f2c864e5d073f03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d02bed8bcaae28f219473cffa8e63ad

SHA1
32b48a2cd9fe299e031bce676cac94bf530423a0

SHA256
9648a7b3d5c75ab5161f82293bafcf47b66643c9e539620086ab2538585d844b

SHA512
ffd97cb1eb82e587bdb9802ce750e6f2d3127929489379016366414d5470520dab53b8982c89bd08c91f58052e57eadd365ce59f4df746b1dd3febce41aa3cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DB7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2DC9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit