dcc16dbfa1aafce4032a8ab5f6b8ab53ebde9633b62a582991ca4dca962d82f5

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e150e16096fffa84e6ad089d2b59ffd_JaffaCakes118.html
Size

29KB
MD5

0e150e16096fffa84e6ad089d2b59ffd
SHA1

a8dae7439a6ef598e043c8543e21ea15608c5435
SHA256

dcc16dbfa1aafce4032a8ab5f6b8ab53ebde9633b62a582991ca4dca962d82f5
SHA512

7d0343eaa00edae0a1199d971279f53b85b0159c1844ca37145edb75a788891994daa65e436c3fa62e0032ab66cc7043e30338b13ad91f7f829785ac34c4c063
SSDEEP

192:uWDzb5npDnQjxn5Q/InQiejNnCnQOkEntoanQTbn1nQCMCUAGH+OhgamdMZR9BLv:QQ/Pap1xZ7BLP9QjfkiscYOo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e0d93d709cda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420802720"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69446811-0863-11EF-9CF3-F62AD7DF13FC} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000030861177a5fe852a30e47a0b753edbd142b2e188070ef71efe78733444a774a9000000000e800000000200002000000060bcd807cc5d8bc792d433820cdc325060dc485b5a57fea592613b67ef56eb0b90000000d16f87c146938370b05e1d29e4bda663df501cecb24d026a0484a659752c03ebe92461e934d31e55918d48c0bf60aca4f52c3c7b9d536679d8821fc61cc2f47790ac4fa65e2698edac69cf701c8c6a7f4173bde8358e8d21dc1256cbb383377c671c177f58d33754ed251291ea769f8a73e4a7a93a24007fcbefc335262737c5a7f16c6c5f9f0df3dec00842f2f7b65e400000009c1d9ce09fe399efc5882ff1fac50496b63f0c40c89fafe3edacd9c2c15f16079dd595210040772dd9dafbb414df965306747115f3991b35b31d1af209c30c49	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000723cf7b03f910744acf40402de6420cb9fe45d914ec6495ab5b1962854280144000000000e8000000002000020000000ce3f4fdc00482dd240cb0b9a2c44cb619e14b356fc7d7b2df3fc7275c26bb825200000004c50ded0072fdc7dddead72c213a17b4da95ed0e42efae4e7b833340ee4a4296400000008e090a69f69acfa679f638f50788a8c0f78280f629436d18a0e4eaae1447080e7773b28714a54bffedcea3540f642469899fa0cbebd769d8f2810c231b700046	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2132	2172	iexplore.exe	28
PID 2172 wrote to memory of 2132	2172	iexplore.exe	28
PID 2172 wrote to memory of 2132	2172	iexplore.exe	28
PID 2172 wrote to memory of 2132	2172	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0e150e16096fffa84e6ad089d2b59ffd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1a7e03c00b27f0cde701752a2e24f1d

SHA1
4c69450942d8c4c0e359cfaf5823926d8177771a

SHA256
12b179dc21d844c638631b95431f22c6aafb4cfdf290ce3b9c38ff03ccb33ed5

SHA512
3b46a5372a7c7009ef49da9b0b7d0b15f6e56dada7359a6d816f92f80890f6e47375301391a3af05dc9ff6efb311f20e80868410a5654012274c57caf818b757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2075e905e640d137ad20cac0937324ea

SHA1
41ed39c6dcd747472eaab48c157f223a56018cce

SHA256
ef3bb340b2d41d76e454f4ada0be5f6884e370db390369a7fb516f6f2f1579de

SHA512
e0d01bd52efe7f72909705d3813817e14e2ddff75b8713c474889d40142bb57a17ff3f66257aa3eacb6e81e58b7649938b63856332132e532fd48f9e0ac10902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
625b3cdeca17ff05bd2526cad9e35664

SHA1
5ef9cc9ee0fa1ba6ee7615392e32c0a167210024

SHA256
ab9a584543b7a8de1478f713cf4b9a9061c0216509768f557c59c813b5a494aa

SHA512
01e0ebb685cf406312934d16e77c2567fb4c27576e3d161c0c3216001f1740eb8cafd3c91d49c06fba0e0239b839612de5248572cf90855f4ef80c63f321baaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a056d8fa6da92070a8f40a97ddf6481

SHA1
b205125d719ef0403f991344b25c6b7014bf6a2a

SHA256
5e56171976e80738b171f5ae32919a90d64a1f21291276ca2fe7e37efba9ea18

SHA512
2b6606fc9746125a13885eb2e38e11a106fe5e15c5caf138b41f460016fb8df755b19bf99d1415e05b476a5a8cc5cc4e5d62f2528472619c1a069fe213f43ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d17b6d6db4ca1ad36835dafa188633c

SHA1
ace7ff0ff89bd551f876dd98f0f439db59fae71a

SHA256
60b71c59a73f20a6a8553bd5d2e5f9a47833bcfe5b5b72bc7e89b31b4c9f6e66

SHA512
ae75b3dc2bc9180f28375004c487daef02fadd7c579bb5caa2b6794c978b7f2e95783994f0e76ea5b14a6f1791dd466352a2f8469f898d2cd22d0e3307395efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a6ab063d8730ee79b0d24826c9c5a9a

SHA1
c7d8c27a6f6fa90964ce9e0784bd5287a6160048

SHA256
e30acce3ac91fbc2f3b886d550c3e758ada5f6cdadaa9876d067bd6215866bdd

SHA512
c969980721a48dc2e2a0986e42484349560f744fe53197d5aeaf26dcc93926af61ce6be84165aee4a5a042d243818cf429f940f2ccf41546725eb35a9550685b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e49fcec0e1e276e19a5cbd6bc42a5179

SHA1
65781add1af8ec7b2cdc8cec18535ba2dd7c9be5

SHA256
107dcfbc2bef50448a5ece971878143f0fd01e8a840e679680b31d9f5c665fa8

SHA512
248b5a9c16bf3113ce0e6128d78a864c5cab7b1dd313a01686699363f8e817dac61070a9f31425d6d00a22cb9df570645366a73f54e5283873fcd87a37284424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33e48fdd918068cb064094c681197c00

SHA1
eef774e8287ee1d9e9e6b4867a20e395a0cc14a1

SHA256
a0427182e8f9268b1bf5757e35e3a023fc974ed44f3965f283192ba131b33758

SHA512
05b4bdab9420f7820193ddda30b25ed6b802dcfafae37b3b6cc4f07aa8e84b20bcf6da438f83bc3dbbec75f03277d271560bb42384e0577f613c4508d0d23c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ba8104b556b31f1a35854e1112daf3a

SHA1
007d34ce9ea7538e4e24ace56d4ebed816909f14

SHA256
1ac68ea15ab85935ad0406b30d2622f2d16041ecb51a08e85ea8327a871334cf

SHA512
6551a2d9ac76ab21e67cddce0b1d1558b382d5799d6bae405a507958ef0702b318eb239a80094c12097c7ce443b3c17bd4d145c93a60573f1a2a434a225f575f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a62dc8e62462369d2e4eb74b6bbc6dcf

SHA1
e16580083defaed25ea138beddbff0e24727294c

SHA256
3b267e94c7dd35585aec22413e72e93b680f94f08dbaeed44fd579eab06930e8

SHA512
81ae64075e7ead4968613d20ad09949dac8898f0973ed0b066b56871edc3a692fa9bb8de94d776f3caa8847a331f477514646598ee9e34cf92e998649067a55a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4693d630d4793619d4aa29c4d28d05cf

SHA1
0fbf5bf5dfdb1551f1e8cb0c8796a2d328f08d68

SHA256
2524cd7cc9d032f4f93618d257752e0dc27412691a799a2a50c9693617b023ab

SHA512
3ba036597cfe9c9175a1d7852ff531ca8b54eb7d8fc6a9cc094b527a7eb77e3b7d62bfbcdf8c71aae65b578235873b14408d1abb0b752f5d5afc12dd26710516

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab42FA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar435D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit