e259e7b187bd5f4a4010792fd02efa545801db7ee42aad7c3ad78e5340c76901

Analysis

max time kernel
118s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc32de305a5f076d1e468e3f7805f5a7_JaffaCakes118.html
Size

77KB
MD5

fc32de305a5f076d1e468e3f7805f5a7
SHA1

05651a63c2b4290e0b97d87a362481761e1ab3c1
SHA256

e259e7b187bd5f4a4010792fd02efa545801db7ee42aad7c3ad78e5340c76901
SHA512

574f91d664608d441b7980a2df6d17c269cfe4d0d246d9f79f99b37c08aa9673950da43f98299ad1cd60a395fcc48547aaa2b258b87e1b9151c369e5c1ed5e61
SSDEEP

768:Zcd9QZBC7mOdMIZpC5I9nC4kSPpCcOhiPd:gQZBCCOdR0IxCMqhiPd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419758628"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000007096886624f48edbf802f8c9ba9d98d49512e3f56966c04f020d9b42be2ae8f7000000000e8000000002000020000000e62d5a3663dddc41bf24e7b83d51cb417d7a60a0de10197e696e9cdb1496c9f220000000e5c4b05e964cf73c8f3668bfb821fa4d8360edda627465678300f2b44adda8ab40000000f898faea630f861dc0c4df639d1a33e620f93ec45e06821541fe5019bdd7f4d8ab346677ad9795e72fbcd4f5e6c6a8be1200bf77cbf2419b387340f9da95d34d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03cd646f192da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000023d705b0642cca3c7a8822826c1a1e9acfbf18a3a4ade8def4234e007a3bd8eb000000000e8000000002000020000000b2b14449fbcc7c106a479a6386aaa35e27ddf0b5d337018ef4952ce0349fbf3290000000e55c480fd615c8ee271ff20a3c923726597009ec736689d9d96ba08db4ed4cbbadf53232f6f37c7c540fefe1dbfb12d1f5680c9c89fcc6c024367a048f3c6aab8714a2ee6abd7c193c2073955efd7b3b03b78bbce47654883462fd751e223babe964d111bda7611c63e715afc6f9f81eddda2ee85c19406e94e978869b99e8114a3b8b965d9f59c540aaca9cb3133a4a4000000043c610ad8c286b38ef265901886551b7744f4802dd059f29a28b5d267a1fcf032b52e192fbff75cf1b8e368b3d23b338fe4a94df805eff0c787f06a12ed19ffe	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{715DEEA1-FEE4-11EE-8178-52C7B7C5B073} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2784	iexplore.exe
2784	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2748	2784	iexplore.exe	28
PID 2784 wrote to memory of 2748	2784	iexplore.exe	28
PID 2784 wrote to memory of 2748	2784	iexplore.exe	28
PID 2784 wrote to memory of 2748	2784	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc32de305a5f076d1e468e3f7805f5a7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
46560bf36cdbe8698984921b27022b18

SHA1
df201cf35f9937554d8064c2ceb9aa4f43cd6707

SHA256
55a4cbc3d8c3b3ea5aefa3ac37c9ca75c6e08709684a6bbefacb3fa516609214

SHA512
91886f6ab483a43bb8340585de7d69b336ca72475942f06cf227ed0ace6fd8f8cc9ca20890c9ab09996cb02ec98147a148f43e50cbe8ddfc5d4fcdbc1e131517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
84d1ecd0539cb7f27bc945fc3ecfee20

SHA1
87b591b038fc2e13cfe9a8cd533213a4388c78e5

SHA256
249511fd4bdfba05e9014100eebc7fb68cc53e793d58ff0abcc4ec242636b2ba

SHA512
9eda915f87a2e94ec6df2d1745a1b6d20a477ebf9aca9f9fc4b77ab775de92c9dd547d1402c456a996163af0149f7e727633286d49cabe9b51d864f05998ab04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
04c33a5139dc6c283a8a23d5cf244e32

SHA1
4b13f23232c0eaadca3d187794eac9c4baf462ee

SHA256
1cf64a0ebe3bcad95cc30c2e72fe6d07bd132aecf8f9e468d4154e35f0a4dbbe

SHA512
2a01a66fcab9d24661e730739e4bb854e17c424d6802cba34f368f29995ffc6b687ae9f1644c0eb78ce30206b4dcfc3850fdd58052cb99c673678638e8e1a866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b8ced035f785b09b873f1f47e9f1f2e6

SHA1
02eb3f2d8e59ff90820b5ae8c4546579392a1e15

SHA256
a56d9f27d66f8ae89ca5f0e16286c18a91483ed802d94e38c56184480215e56c

SHA512
5f5bfe2d5b52fc239dd2fd411356bb10c3d343be4812ce56e1c6cd91dbe8bb866a25cf275e4134274f86a6aebcbece243c847a100c573ee5a2b071e63dff1340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b59c8464c73a88c4d1feba9ef316bcb7

SHA1
a93b3e330eea5e634134f79028323b46f69faa0f

SHA256
ec796dac87ba81e6f4babeafd84dfca58dcda461d3eb53a88cb3de154b39c095

SHA512
f70ae8c6f606f8cbd06a484fcd31dd223ac57a8122ee85e4f1e2ccba934efacbf89b3bb925e379b7689517a5dc672f9c39f16c4980ab5f6e4af1a2a7adf7ae9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
34d9d2e73970910352b6278f9472501c

SHA1
8eaabcbf597018b74f7510a2d7c14a548cd4d1d2

SHA256
97cf92671ca015ae73e282ad2c01ebcfb6380992922055ce4b606e61c88c8f0d

SHA512
b15c3f9aa6b156ccd4d40845d61fce9afeeefdad8abe93dbfe258a7d5b9afabfb952be94771fd7ae790888eb6680f48e2e9459bcb6d9e8cc9e3b308b1ef3ff7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6384e42c24d715e3416fb040cc818c48

SHA1
c41f510f791d0c7755dbd1d81937da37cc41c291

SHA256
dbc0b4d4c61374b681de37c8332898a3ef8dbcdcb4858110463132f48c9697fc

SHA512
891a6bd14e01a97d092dcb9bfd953c8b243e5d4d658b82f591aa27dea1e6f9102f3028f79c4172277836e1d586c1786ffbaf7fdbb96cd92a02895f5b17be3d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8639c7f6323b0c419c5985779939f922

SHA1
10abb3935ea6e27af56c3e08e574e94882b12a9f

SHA256
f02036726561cb4a933e65b6cc4f38cc071ab9b2a069e0d166b2015bf51afabf

SHA512
2e7a5987b8575569c66b8a228901ed0d5a8df37c97d4b5d87e311630f71822bd05a6a85510716d99ddb415cb8cbd877545f581d7fb5e4113865226256e7a8ca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d28224d22fdca785ed1af276367dfe7a

SHA1
fc6133dddc089f7c560fe947c18a0bc21e69e17c

SHA256
88705c6bc84b95245169e47655d1720edb1c9fea02f67375b3566c8dd908ad02

SHA512
f1e39ccf105103914e05d516b98deeaf699b550894fb1f36d0a44ccc164d5b6616ae081e43166991f0ab443b4a96f1e109d21c6bdc586a1b9ef9c8745d74e651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5844ee694aca3374fe49d7195735d4cd

SHA1
096c740800d492f4aa6a1df53ed3d2f0542d7f91

SHA256
14d8ff3f785a267d2e34986893177d70580516e283ac1195bc076b4e83c6ca42

SHA512
38b66bd12d4b65b4b3526f8ea71878a95cabed310fcaaf7661d841bf87eff493e6fe1eb5276906f1ed32603d9aadada96270a95c141e67890e0588786101fd98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
59a882ecc6f8863cab689dc03effc782

SHA1
cbd35a871912d6ea5c54baa79fc28137425267b4

SHA256
e246dcd5204a4bfa917d14deea01d564fe91572deff1479b3d5f3c963d67c338

SHA512
1309bddef37d56184eeac86aae1190c483a42a69bc9c1e3900eddef4a33f964f852b19c5f55038cf9229407b0e76e74000aa0597814c02b66ac8b8a4006f2361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e6d44500dc4f83e76a3ae9532e1c7f21

SHA1
502bba64f943b3391e3832a46574fcd2e44caf6e

SHA256
dc26c3265ce5cda889448eb41a0c8760b55af9d1e21f35bf4093def1fbca1321

SHA512
2300fd9eb598164e8539fac22ea0ef38d49607129000fd117be9bf30715733a4cf49e1f9ebb92943e379239c283e6fe8fb2a476203617786c644511b02030030

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
889ea52654830958cb3daa439460f83a

SHA1
f1fb738f572bc75f285bf182fbaf0c3c353b2681

SHA256
0b580bea895791fafc97da124a91c1378910087906a84f4039ea440b3e3b2787

SHA512
606257144cb8aedcc2e0ffabe4c786425f21e3386e5ef51c751dfa2a9dd7fc56b3c529b4a052793c239c2edb399d4d5c98bb745dc77c730565fede7d591fc860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
84c5e5cb6a854e818d19bddc0b22f3d0

SHA1
3e589b2038424d18241a07d21d97a360b1bf0c37

SHA256
31d6b4588a7f7df929451a921261695d80bab5056ff6ac499496bbf8bdcc3e41

SHA512
8779cb54d1dd324558602d5d684abcadf9ecd52df06da70a5b3b0d31d4e744ef81edb68efb68bef5201c5cc1c54cf7bffd66695b644e46730426ce534b9fd2c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e3583dc316923d2c238adc25f12c36ef

SHA1
b319b78b9efd59bd4357c321ee580b52aa7fd7ee

SHA256
6edcebeb3f080a51d81e1bdb93c857bad7b51daf0d79dbae2dddefd245163c6d

SHA512
bc08ea522730272d9f790b723649443aecb26ee8c2bb3a21e2815a596b9f0956f9914da0210ccc30b25675026cee1b229783b4c4795b0f015a968462d62d3afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2935.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A36.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit