b8aeb44695964ccc7840cff04660de9fe4a7d45d121ad34496d6f1fd4db12a20

Analysis

max time kernel
135s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

091eb03663a6837a3a25fd0ccc00263d_JaffaCakes118.html
Size

225KB
MD5

091eb03663a6837a3a25fd0ccc00263d
SHA1

f87520d50f40110a819d58facfd782d79a0f69f2
SHA256

b8aeb44695964ccc7840cff04660de9fe4a7d45d121ad34496d6f1fd4db12a20
SHA512

224da6b3b6f95db7f8612a6d3786bd38e75d6c176526106e0d65a16a3465e901a957cf9c5128abffbb916da62d72333302088f61044644c8315b32ea92e56853
SSDEEP

3072:MIb+9Nrw/RrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJa:BF/Fz9VxLY7iAVLTBQJla

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007d88c9be9ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4851861-06B1-11EF-8859-DE62917EBCA6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000008c2bf1603299e5c68f98a5b51ba7ef323265c97dc04a6393de54d053e6bb5d40000000000e8000000002000020000000dd8a8f4dd071942279046af458405749909a23b5b9b6671c21cddace964fd3e9200000000dcfca17fa24af37f3e3f22ecd4e068e0ba4f7e16833801b865a98fb0e6dd06e40000000c66a03b5f16a4c71142563cb60bbadca7b92cad81a8d164f6b08029c6cf902b75199b49b1896d1569858b9cde0d193d1922f6ea19beac6be817b6bc9571fd6a6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420616554"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000009c01fe7101b006c0ef9f6c001998834b575e8ee4453adec827456b3f9bcd6091000000000e800000000200002000000085d8c65ea437eb4b01f48c9e37de5865577cc19a93562cc562d9599834ffabfe90000000788692fca0f5393bae97262557e386581da2da56a3f39325f415ceadddc06448d6544486c873c2acafd790bf8eb76442b4db82bfd096e14ee4477dd953d3b68099bbe64364a728b8ebef1d3a748f377a2300e30f22e41c43a60ae97c98d89e686f95a163ec51d99a345983167c2d85a603fd4dc983ae67d82464331b4e85a18cb5fd6fbe61272bf6808d44c217e24e9c40000000ed150cc9fb2e999fcff878ef3e4b301f59554d4b8d1b39a7d0cd2ecc2c8ca10dc31a105cd0fbdf155ecd9eb4699471b2af22e140df180c239d40f8348569b8f0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2504	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2504	iexplore.exe
2504	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2904	2504	iexplore.exe	28
PID 2504 wrote to memory of 2904	2504	iexplore.exe	28
PID 2504 wrote to memory of 2904	2504	iexplore.exe	28
PID 2504 wrote to memory of 2904	2504	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\091eb03663a6837a3a25fd0ccc00263d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1202a40eb22a9a2aaa12733913884943

SHA1
6f7aacccc84c76df366a3e25aa8175430a193b06

SHA256
81a54449df30d46a4bd76ca25a091707145d383684b31dd49f66f3dcf738c7a7

SHA512
6d6035ca21cbf8c60bf5ac4e065cd3fa106ae348dfdeb2259c26a04ff8b1b23abc9cb1d3a13d1985445302ccc76646f08cd5bb7d8cbf2ae2e41f8ad171f87b3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ce93746685288f012cd883ae77c2937

SHA1
08e23890fb37c0a10d982bddfdb86a33f0006a77

SHA256
36669dcb4dd6119549b6a03d3ea9ce6a323dfe4d91b6d031dbfe7e3a7d85e762

SHA512
22b56e63a5269c56ea928f1784d576da954bc39e4be8b458376b0f2c80c8343c47c07189120b6c13d09e96ab05eba62fa1316f73082964daa2ec30291bbd28f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7076ee025c5ea515c56d899449a159e5

SHA1
d669d38e17511c18b68c37ece83aba60111c15c3

SHA256
5fe30d0315baa5cc15153911c1198e89e01924238624b6b0cb0a360966305b4c

SHA512
d83043cf7ee412e6a1ea36f954d136d18a5514d90645a6941b407fac10bc97dc00f51aa00b10dd638e8063891649232bd8086ec5d6f8280bb0f2228a0826e904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de4fa73df54a4834302551722d446af3

SHA1
a24e6044ba113b964ca4287b45b0dad383233341

SHA256
c5049f09cac285ef49e67b40b92e4b8f11f370f6718217620bd31162b76a3975

SHA512
71d13804084d516f1e3c49609641b232cbea47691ccddc3328c6b18faf20eb3be4e4d63725d41e97851b9f26aff3a2272e69fe47675fba0a2eaa695b9611421d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11826e42ee9111328e2d28c8d6ea8734

SHA1
1588ab389c1bf2468bb812e91d8580f13cc26771

SHA256
ba53a60673f03e1916718eb2a29c258e88f734b29fce1a9591db657c1035ff7e

SHA512
d61f2e64d45b0d4d1c9a52761d9660a21b3c00c16ae56847ec04dc94b26c516c0fe2f185ddf03db279f1964d46e66d52a42d7426dfb023b6ee110b3ae6a98163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d30e409da46b57cb0352dba22f233438

SHA1
94c4fe7f344422b06fbb5535049fdb8c1fa3f623

SHA256
300abea7a91bbb88ed6eeb0ec7a90d23a871af35d857ac0aa804cf963433a1ed

SHA512
987b5b9ca74eb2cd7eb5358d9de35c01ed4ec7dd3e5b8c90deb6389e0bd42be435450699f7c66668744c1632831683a0a3d9a7a0c265fd23c1f037d606f0b226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a7365bfef7863a2a39212c0d6446d28

SHA1
8063da761ece62313c5fd55aaccb049951929804

SHA256
31f78ad7196960f76caf2a78ed24c7ee19edf6e382b33e09b42e4c50481fa0bc

SHA512
9d671030c823dbedd14c8be2dd4003d9e7fdf84d43910efabdb5de8e3ed9385d114a831b3885759ef1a72ee902b77f465cf61a0e1a6ef5febf388e1a1a582be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d48b15e92a106238ea4e2d4f11f56a6

SHA1
ac11852fb5952a17ac501b56e659a116e106b9a6

SHA256
90f4c16e8f3c976f2476716605fe39b7f49da588dc6f29b65f1737fa389c9159

SHA512
c55a6e8e9d0c3cb1a100c71731dfa43a4075839bf93048d6e27121ae67027f788b590296fd6d80cdb785eac7975325bb07773c81f81c91cab2ee996279cbc364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a80e9a2679cea9e6d9722ac9ebcce57e

SHA1
662db6b588e9c7d742f917aad0ec6b24a89f0e41

SHA256
288c20b5af20668627ec8eb77e8e673ec97ecda10b1f143a34e0acabc3a33d98

SHA512
1bb11c6fef16549f0b7e8f6e1c513f245bc5b83d8e15efc186184d431ad6ba47f3c338fd78b1fbae3a540cdf692b286036679d28ed3fced745152065643e730c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e8a02957a55d7a556c1b41774668e5e

SHA1
06dc7b8deb426e2d53c247a1e52982ffb1b2533b

SHA256
e40eae2d8fa70ae1c964893f180ebed30b08e3489e18ee87bca8d989bf4cd63c

SHA512
dfcece0686a805ba76f367860877f264319d918e6c31b7b876607c67eb6779d11abc25c0fae82d664e23db33fdc6ec62e11e12cc96ae05515872fcd1df552243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99f997e20d782bee2b6c032b90f4154a

SHA1
32ce5838fef3a714b9e5cc3dd62fe73f64fcdf55

SHA256
3cd37576934b5a9422b166718adc7413b96805045c142b4e043437a34e318f7e

SHA512
52c0432d230f0b21d5ab8852487baaf7daf20f34364bbacae0a4b56b9ad2337366f3f15dcc16e0e5942e1d446febff699ff5d4d198643c10f225f41c7bb74545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d40aa2410283c31113406beb540f4e18

SHA1
b4c41bade67682e83272e4fe4efee361116d97bf

SHA256
f6044f4e371108956bf60e862b1c06a9500461ab01415269d1c86e570b88f184

SHA512
bebf80218e299b2853fe1de5cf12ffafdfdc4f21bb9a08a4bebb9f45a781a5f14288ffea1ae3a96dd923dcede33186611751806006814cccb735df6929c0c6c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27691f9e16c600cb2e403dffe55f6066

SHA1
a964859c976eaad540d43e3a4404954b3dbea3a7

SHA256
19da5a5c5907a3b0d330f487b62aa256ff057344aa1317adaafb643e22d93ee8

SHA512
d42cd1c3cb5dfa97326565248b1669f420f70861c017aa738e0b596f7f1f1b8c4786829fe1e9aecebad8b326e5f99b8669df6d2cd232f06d851080b3abc5998a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d4c4c4d6ffe71fbc884c8ead0fbd691

SHA1
048617bda855db575e3bd5a7c180028d8d2ebf20

SHA256
806dffcf9db0120907ff463d449eeee2585fe5cc5f288acf1461edd39382b32e

SHA512
2ea2311804cabfd070c610f1cfdaa77b836024a62cd57eee52a461e645ecc824a788e8b49753b4fe022be6ce5dd661421b02814ca3f5ee3ee6f7286785ce5ce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31ca20cd3e75066b1fd4a9a067222170

SHA1
1c87d60d3fad751137e5f8052701f64c5ad8d6ed

SHA256
964762e95a89ab40d535a756d9dc660d8c3cdb8c8077d728d806efbb02e01755

SHA512
c70287cf8a094f0abfe4e75fe5d882b40890f1a9b325952fcf0c3ae4e4560a02db32bcb97f9b338b47c045865457f1d3ec2bf7a9912c3c507342996f3d6fd391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82a307bc0de90c3a028d45df1ddce43a

SHA1
efcd8e3d5b83d47c573aa1f2af0378604117e6f8

SHA256
46d0346d38b1d02ba911dc75374caff8fe456b107676942a1968516fc40d6c8c

SHA512
e167661c33c971038925258ad18b27c9585811c773c5759e3ea7df1bb7a49d6b4096a6551caf1e7d5ad1ce10efac9041f7f100e1dbde816b924a78124c760bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAC49.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarADC7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit