e5be41693f359643b3de41ecdfa070351ef9feb7d537d56539f38e857b382d2d

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdd2d1e702b643b196a122145a0fa099_JaffaCakes118.html
Size

9KB
MD5

fdd2d1e702b643b196a122145a0fa099
SHA1

3ee56e842d7816f9431ace473acb1bf278146832
SHA256

e5be41693f359643b3de41ecdfa070351ef9feb7d537d56539f38e857b382d2d
SHA512

70772ae46f63723053ebc9d3804f26f785d0115ed98f695643117abb384bdadbe6c2ce86ece9fd0250d9a561e57fd5b6c412a8bc8dd314fb4f031756dd7ba964
SSDEEP

96:uzVs+ux7tOLLY1k9o84d12ef7CSTUHGT/kTsOOpqaK35RlVHcEZ7ru7f:csz7tOAYS/iTVUTgPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000f90806a8d6d44f5349de932c0799635877f52f102ebd0bd5c1b6d76edfefdc56000000000e80000000020000200000006f7aebc9a6e9133896d43d95e0561b706b5aa0fdd57576b6bb2474b9b3950d729000000056d078aac488cd4af0dab727fa579a8737a38e6eb5ae72f11fb5f0aa065063e14b09fbd12287f40ace0e011539948115dd328804ce121474c7eacf98b7301b304276df77549127f8742914db38647df6aca7ec3a04b859aa91a9e28c81dd05a31bd606eb40a129eda621fc7d4e89bcd53c113e3201a596a99ed63ee1a31a969b3f25e2af2c6fc4a449a234bdd9262b4d40000000b273c4bb1f71574cc48ff5919423640454a633a8f3720fad3033090e7c4c862338b2213d08f9cb3388eeae451668f7d437de493d22152bfc44a0c59e0f6ba595	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91820DF1-FF67-11EE-B937-729E5AF85804} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000cb980dc98eb6b5c3704eb13c428f9758f2d29cc4b14794d480fa31f391ca8bb8000000000e8000000002000020000000f0bb03bb8f2a9b4bb0a599f8a82803a415de0d1a209c14c92cba13d067df17d82000000081d75a2b76d91b05138d79566fcd405e7833bc484b32c8d8273655745271a1ce40000000dac53ce0b974e5aa9bb3e2b9b6462e8b88a5cc48d03a11e38c758b686c72ffa350363e3ad34a9fccd3cf1a4ef13ec3e9812db8dfc5b0b58a31515b8e3bd6c451	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0096f4687493da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419814946"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2944	1700	iexplore.exe	28
PID 1700 wrote to memory of 2944	1700	iexplore.exe	28
PID 1700 wrote to memory of 2944	1700	iexplore.exe	28
PID 1700 wrote to memory of 2944	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fdd2d1e702b643b196a122145a0fa099_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4c445136ec15aa63c5541c5a10c1ec8

SHA1
c4084eb5a065d86fadaaee793dfc6821226653a1

SHA256
f9bcb02123f3fa2faf325709c3550bd5aa75172a1b51996267aab9f852b6dc26

SHA512
de912b1ec608427b7743321173924c5cbe266b7c74fe301c63d2b63e9a3068fb6dd84a3d928d824be67277c59b2f573efbb2de4767e34e20298c86b078ba951f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1b8c066b457bad6628587cf10753f8d

SHA1
c354e778a39cde059a0a6ee7b13e3d60c9f3e542

SHA256
9e53a8a44688df7c76320a4813e1fb326f0fcf6462eb3e5dc163a852e85ce106

SHA512
e9d931b78380b6d32e55c34313c43cade9049c3fc3e949aeb72002cb9e9d3654a9abbf5de53668effabf3d6f3493e3996119330a7aefd41d7de7a87904bcf8e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c015ecb823338bc0775fe891c8ba0042

SHA1
8b12300b5e220d8a63f1cc847614a2354b9932ed

SHA256
43867069e41184917b962678715c427d3938be5ee2bccb8269538ff10ac07265

SHA512
d466feea9849b86cf275af76ac4740925b5e36dd1e2ef19d955874d9a492f24791f800adc881feb99446d1e82cf15facb001da4acdd9a833a8f805d1d43f4086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f20ecf82161719524112d120f392a8c3

SHA1
dc4aa74adbf9ab156b4ec448cfbe1b206a3f4d0c

SHA256
511afe3fbdb5d7f869ff51f7fb890bed45f57c788115da54152e565a682a0ba9

SHA512
64ad38b6ed43f57b1bb9950a070b63642d5842b350c4e6b3d484b1f9363131b13535e1b6a95fee128aa0234ed00af31e40b4aa5c92a4fa2390298b9d89bd523a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d0df6acec3b2ec441f999aec54c3f85

SHA1
d62d538239a15310117541acac5b386dc71189ce

SHA256
b9a6dfae3dc74ff8b62a2ed6d954fa79329deab2caa33a612718a411d0c68fd2

SHA512
2726819c6ec0cb3b4ccfb43ee3d5cc19ab5f94119647e37630c245a3c554f8a5b01f26daab74082c917e4f06b099f5c38d0f2f31dd7858ca13fc9827c10b2a47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
993ffc7c940d7b29dbf18e558dccaf73

SHA1
9ff10e1635517baca16c6bdd9e07da7b51049616

SHA256
96b45b43f8f074dcb4cab378ec7ca1c6c886d3dfe373b7e64b48a3f9a8379efd

SHA512
b64b9ab631c901516b89a33258212ed71a9271d27563d1a19d01ea1f483aea9fb1be56fac50ab58671d0d1c55227585eca33dfa1d1fff9fdecbb539cc8b8dc7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7abb0fd36c00877317f2d7c1fec1949d

SHA1
4f4741d380539e8fe8f8ee7210f8764b63ef1907

SHA256
f8cdb430ed3ed6dbfefaf843b7bc970495ab2b4081d7393faca6e52c0820ca15

SHA512
268500c3473d83c35a8bdb57325bc9508b8ebc99fb792c71c7d3fda30e8e02d0d8cbe4dd2770327e8490983c5abae9a989e5dd84a9d6a60ed763c288dabbae3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f13cb5c9169afb203fa8af2654e1a428

SHA1
bcb3d56f15edf687f76c254676863233fdb48638

SHA256
a0fc1e97dfb9a01bd36d990b23da9f95258f812a692cd4a3d6fabafe771f00b0

SHA512
4b73bc015520227f1ac96a494a2202ac2ea2c693e4eb92bd287a49290c22843da395d814286c3de96cb260a0aba139d4f657ac90a9e62f80e8335f673745e414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71d48617de486ce2f929ba1573e91b59

SHA1
707ae388af56487cd345963e57b43e8cf66a0060

SHA256
d62f611a64f8f89dc5c49bbe4738b801420c21e65751bc7661f6763d68e40644

SHA512
8c295c1bd7baac6e5437c216be2d50c3fce5ba6d6f57565022f3848612b188f0a73495b4a4ad41a277babe9b0d918c12955f273bae3d84a375389c14f70a4bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aeec004fd2443d3a01458aa1c3da7013

SHA1
714c03a374b47074a8e3fe782bf1b374724f6abd

SHA256
6cb2ec992ea443d854560835ba9839ae0e70485c5de58d936cafb428df8c3be9

SHA512
9103fe1243f08cd509633d9ede2a611f09ef919d8bbe42ca39ef54b429c26b4b244dc8da1a700eefdca50582bb360a6533ce5a2bc1469d4c9b972ebf217520b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b1ed0fd057221601c6fec83029ed742

SHA1
17709556326ac641ee6bec0203b539b49b71f561

SHA256
2d161b94401394830eb4f77079cd3922605be81ddc8b8518fd09d35b2aaf0ecf

SHA512
817063678e390a59c9cca20c37848dfc42768d7849890630e14838416d1d79ee4cc0a1408d36d6044adb71aa01b3fa82ea9e99855bc6a1f530fe042fc26ffc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfae9b21779878b49e81f87153168b71

SHA1
1ae2ee5d23ea9952351f6dc0404e000fa1d5ee87

SHA256
85f8e546a5df04adb89ee312fdb3e1b2242e0d753f18f9cfd21a5f0298cd141b

SHA512
54982ad7c16166dd84e8f2353b82db3dcdccee4b4b31fccb17e7c13984e4be8c834dc0dbc185fcf1b03ef7f5272c4e5294f19a53b303d2e9bff735ffce128b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c5ee4dfd2f720ba723803420e1fae52

SHA1
e9535e9b798402f30bffe321ec8e8bb5b265a324

SHA256
f1abd4f543554f1a7a6fe96fa01c2d4ad1b9afec18532673c6654b3bd3b70ed2

SHA512
dbe430e21ed19a5f2616e2e5ba88eb7cd876882c46ba97f80c60b8e20b830d04028e361fe287b6d253417157388376b3d510883c4f66b0535e40071f3e8fb0de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8154e25e4c484c879c98f78e326f778

SHA1
eeef870ef13b6241fd9dd0fbe8900527c396c75e

SHA256
9321e93dc7d0698ec22bfb97b1a36f79bf72a29196eef73b990a79deb5b9da07

SHA512
4649188a000547509e7981d81bc0ffff9cb70b120bf2b7507b9bf64d89f420c421586f67106e0aac554d4438f73624fd0380871333efb51828970c482fea1209

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38873be37a059d2b39828a1013d8c3c5

SHA1
65c7e1533f0e31d3b68327c63c47c9de61f47af3

SHA256
53a9318447be9934911ef89e9c4851a774f8f585d815939c45a9d21ca420a897

SHA512
25f3b9597e7a8276021a07e9b473fda562d3bac87a4280ac57c5efa3465e026acf72964e535acc630eb949971eb88f45cebe7ca87161eae063a1ea9c3792be8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5e47a8d93dfa01b2703efca88b1356b

SHA1
107ee5218c4f0c14904c573caf242fb51dc81661

SHA256
1ba210ff3cc3b67a802c744b70fa02ba6b09f7da0fea98bc5d8f93ecc16573ef

SHA512
d139ae14492af018a3afbc91c3ed47049896e9270eeaaca6a1545bc686e3675fe35d7bf2900d0b055ce481a7887526981a2487a9e10252773a9b597155920869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7b3d6ef182bf2aedf241332ef800b03

SHA1
45b2cb6a5f1609ab506827e6705a61b82455589e

SHA256
b8a7b908845716ffb9ba8d728c017c30a9a10f80bafbc58fee143ce07efebddc

SHA512
7a03dddef37be5cf9a4d3a6a8ba42fb705274b3fa9cd1399a56693d025e78198844a4691da11069294e7e5a2ec21691e04fc402bfd25de318bc3d55480face78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3886.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit