bf8ba8d5e48db57b2fba59046400f917dbfd89a9efda26b54b6e70abeae2883c

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2929bf96fbeb3c820bd7a8d24511f46_JaffaCakes118.html
Size

2KB
MD5

f2929bf96fbeb3c820bd7a8d24511f46
SHA1

76837e5575b2b3b443af4e6aef6ac880a42dd681
SHA256

bf8ba8d5e48db57b2fba59046400f917dbfd89a9efda26b54b6e70abeae2883c
SHA512

41def068c309c0f9ffd7367a5670bfe23c983cc27a40230c0f2dc5c68f6035828116b649d1ddd8cf080233ade3caa53bb3938e68a9eb37086c47a71f6f60babe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419399649"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1334131-FBA0-11EE-A596-F62ADD16694A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000002bc170578a75447a7f26ed07e78819e442f14a33e76ea78f5d6410a0eed47fe9000000000e8000000002000020000000e977a8ad5dc2ee90a09f37d27ec7d5a3df72ebddce93189ca99429dbb4fe7d0620000000405c0f354e723efaacbb32e678d527664e146f137054d6da8d908339a914a0e840000000b861a2cfb5eb8a43ebe77136a7e2690ca764177fa3fe53b9c972ed79535207b762a445fcf33d33327b76a4424fd1cb76bbb7a72bd2204cc7355ca4c131c35a12	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10012777ad8fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000093cb9711782db3d888617a0d0fae4a024139e3676dd406037b6e6e2bd8cea91f000000000e8000000002000020000000a15cf07f4f3cf73171a411941b107bc915c28f51441bde951a8e590487b7a07f900000000b584fdf9534746277c9ae13e73031706020f4cd6e87f8c644ebc6156c329b63adc82e238ba5be302c540b0a2d0ff287831e46e7da870cdf08053d31202b4bb10f47431e2d001218c2760c3e84f07c1d1fa8c1865f6c88c65b01d0555f78c0ad74d770a5c1c65378b84a882c19c8a09bb8eaf17941dc4c7c91a8a8890419b3376a2e1173acfbd6ab735d48e4c5e1ef3e4000000064e447668e4cf8299896f7b86d3f71729ecd7c9d539601163f77039c2ed7227313da0db9e8f473ac59e6fbda08e26b352ca021e0353c98d81ed36158901be6b3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2644	2980	iexplore.exe	28
PID 2980 wrote to memory of 2644	2980	iexplore.exe	28
PID 2980 wrote to memory of 2644	2980	iexplore.exe	28
PID 2980 wrote to memory of 2644	2980	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f2929bf96fbeb3c820bd7a8d24511f46_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fc16b0c9ee41e369898d93edf1e6ed4

SHA1
53cdbf83013100fcc29d35aeeeacb4069c64b4d7

SHA256
ac7331e9b82be307da93789d6c97172e9a791257159ecd5fa8d51cf2d305d69f

SHA512
75fc60fa29f20c7169462ea15ea17ea990ce63fb1779353acff910b742c3c5a176bc4c8dd61a88d6f49e0a46d1b1e53754a85c562aff4a74131fa71d7a01c6ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d26de7fce9a1b3ff50da9b88ce2c4af5

SHA1
2ed60898a02dc358ea96bfaa289fe056a410f7a5

SHA256
fec06086a5decf2204cd9185eeb519b7aa55b757282e90805fb4ba4fb411efcb

SHA512
21b6ea3f105a5554d18773ac9c3876f925897abbd5c24af29e7e923eded458346ba42fd3de6bfe1c86778d203efa2a0c62b9291fc31042d93351a73b87706bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8f17b8ea0b7d5b3b4b1dd7255246160

SHA1
1aa9c714a2c7da62b8da2c133f8e83a628f2f9f5

SHA256
591351e2376bfd178dc8de712861214589f93ff30b26957c22d9ed4c79d9b9b7

SHA512
8be0c056d3f9549d350cfdd831496f09db31366778786aefe420c1ea3257aa10b7260d83d0c40290da61d467d868a1c5804940a82da8cae8c8ab096981663f7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69ccd50478508ed2e60ceaba4ee577ae

SHA1
fca0932705abebf5748745ed43f8dfe0752da2bc

SHA256
a87d7f82fce71c97d48232feeb864c73626a10204852aca5286552ca4a858aba

SHA512
f3c527e899d637b36d137a574c2a1533446c29c3dd363f48e3e3ff9d6cc355df1747fdb9cc4f88aea9cf54196ca9fbb52bab5302f7880a98ae3e996031744e8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d92a71829c3bf54a039b9fe809cd606

SHA1
658afb48535a8c802e63445b9d42eda0476d1d7d

SHA256
c63c777e84325e81a346e416c8ceea0ffe9eaed4312504a172dd7dc382b74eb1

SHA512
368f6a9af28b9ceb3814ebbe42f529d24c8a2ff96beb95ad433d8ab42a62e771b49edfb5c88754443dd23a69dfa027b5e6827b11316951bc16ddb933c9509f9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a5e1d499454dd8d5191fd404ff8b167

SHA1
95ef20c51404e68fe22572bc5dbee72db04abd51

SHA256
a8b6f1dd240107df5c6c946899e816bc4ff0a42b64b00d349d07bce18316d89c

SHA512
159c8d784d857e514a7e8e91975d505e327e9f7414e879e7bb2a3762019cc71f2d6b890550d0648bc68b86eeb6464aa73d86d4e6c48285fad4780e19d7769702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
180383b84b1372832c62d1feba3531e5

SHA1
c71b379f1d880c6c61c4662d6a1815dee5048136

SHA256
8a7c8c712b36c3dca37d8bf15a7bab599c93a022e87f0b40e240bc12641235ea

SHA512
ae8390bdc9ef8ca0ed89283d87fa4cc6a0edc06f9ecde2843df2d95abf742f21dc5c0e3eea42d0e3adb00d47fb1e11734c6cf5acaba8b8481017fa3a2148ada7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
babb0e6355f9d6a83e3fb9ad6af65225

SHA1
6a59531a92896e9434fd6d24ec775068aae47d02

SHA256
6523cab3abab80a4a7d38e07b6f37cbc524445ffb087e591377af3f9e9242067

SHA512
95ed1b540ee12573ec0012d2e98c9a3adf2df68bde07ec94f08faf7917dec3a677a8cadab710af151a42e01e99887ff407c397f7a43aae7aa705798bea764725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0be0099cbd653cc1829ec7fe2d0f980c

SHA1
f8958830c15545d8c9d877b464106c8582fb732e

SHA256
e0b995119378c66928effac8359f6f2fe56e76336a14e1b69f07f46ceb6b05be

SHA512
99db47d38a52076658708b0f43c3b355df71280dc56fb5cc6a4c0fe9829ee1d1c4dfb88e7f39eed764068477c145d1c42b882130dec4b304870484001d8c12a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da393817260f2d9985133518c9eadb75

SHA1
1a527475c0c4cf994564035bf12a8af4ddf42e03

SHA256
5944dc22235c338fb6e9f19ef9c860244304eca04daf3872689e5a994cb8acb6

SHA512
7535ec7d074d681b13e40ca2c3433b6eee4b2e269f9841cf60667b4526e86d1906f0d4cabbc2fffe6f775cc1103a3c280bece72b5c35a0f8cab56b8ea5716d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4478205ffe6f305006514345164c013

SHA1
9dabb275e2a85b22057764f4415a94f1e8d536cf

SHA256
4b73509517b984b77606a56e9d04ad4b4ceb8cec8ac58ef8125650d45dbd9021

SHA512
a193692a7c7c0fdd911931bbf36f5d0b1de394ccf97456373f9651244ddf91c24a9eb5cf5b2fa5ab900601e1cd2b3b5fe27852d91b1e9d6fc7a87349b99e62e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0530f9a2fbe080a840f31a93d919622

SHA1
f8cc0b639eb199bc35cae182a27592d06261c7fa

SHA256
11d931c387302d75a60af670ef21767e0e259238812bb69b5b04a26981362ced

SHA512
d7a3fd890ed735dd858a8e9723b5c9f8f9928f3fb0060e52f042f325e82335b2e8c132ba53b8d187e4a8aeb7f9840608b3a26a1df025f2165998690a498bf9d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35be33ccfd81b1948f85868c00046110

SHA1
f2712338186ae5e70cad2e19d4a4c2936098cf9e

SHA256
575a26e2f4117f6ce2ab94bf6b88f9a2fed6d3238de8f5ff7a29049f77688d1a

SHA512
aba9cc41b364083cc894365544b77a6f2e64c211bed0f65edd4962f61bd13d0bf2c4bd646278c9f69cc77a70595943c8106592b2be63c146aff836ad152b8d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca1c7f88b51446984226fb34974d4e43

SHA1
357ef4c05a273b85fc6d71f1d6666ae6625d3f83

SHA256
ebadac7a7e6182458eebe0527447c842aa3e8afe17999f02c50fbd067bf018e6

SHA512
a205bf28cc8814ca78dcb7e0cd5757b0aca5bd0672a881f82761c8ed774f4f72c4916c7341cc2b956ff894d7ffc786f398d7922c78d088e6e29d20852bdeaccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b4dac2662b4c4793bbfd1413df9933c

SHA1
8d3bea61cf1b2e41bcffa530e049630a3fa502d4

SHA256
1d7f2507facbed22c7e0ccae0790c9518778e616d010ecd9d7d6ff6afede06b3

SHA512
bf0b63621266a9867725559a8dda2421f615590e9578927d86cfd453cd180c55017e716d2e9b622d5fa9df6d0141dbb6617cb0033f7a38627a51d413949fd29d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
478e33c2c6eb6640f8e291af1e299afb

SHA1
14925fda03d0fd80dbf5011fd8f4c589fadfce77

SHA256
f850f54a3fe62b2d3ba614d873e14436a9504db79fdd42f3decf5d361f503d9a

SHA512
4c98d576ea9721e34deefcd8e8f82a9b7b27f6b4d18c2a55a39f0a6740d3a82bb062397a6616d87e922d9b184c52f1a65759c16a44d6d27f73985aa1789d826d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f093b793fcaab1d542ebe5562488d37b

SHA1
bdd578379c25764343da0d45091b528939090bc8

SHA256
34aeebfedfbc2fccfe657dbc9723da91bb83b53f42bd9bac4b4f37ed8561a575

SHA512
5329ede577773b47290b056c0238ea19d35e602dc86295899471a23c57e07cefcfcf271120ae294dbc5d90caa176a1e759ae9b974b401eca57236626a890acbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar29D6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit