23f696c21e20e7d496c8e9aab0b2c3fd0cc6c743d82c34ab11d27e5aeacc288b

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14c167707389cad5eb0edc37237b2705_JaffaCakes118.html
Size

4KB
MD5

14c167707389cad5eb0edc37237b2705
SHA1

354635ba48beeff8d8392501cec2dc970382bdbd
SHA256

23f696c21e20e7d496c8e9aab0b2c3fd0cc6c743d82c34ab11d27e5aeacc288b
SHA512

70c5f7b376e31733f3f5e21738b3652dd0deec005960304ca1415ec071fe033156129d50e6bbe9d16284078fa9c09b919346ddceb93f4090fc393911bff59cd3
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8omwFI7d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40ad8978729eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4152AC1-0A65-11EF-92B8-52226696DE45} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421023580"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000042c2048b235421b7ca504316e9efa4e622df8242c5cc9e27ab8246a452ecee1000000000e8000000002000020000000bfab1c5e1f38d6698870ceda8ffda4323ebd78da9c527b84d8e557d52f8256b02000000019cb28371a273e581d325f2fea848efe739dc44f9da6b9f000f2c0dc165d46a740000000c8c8c16bf8e831323663ba4bf7c231614b49f50d643ab25a0c9c506ffa33ce0c38c3ab07ebbc7971f1d5d36b4fd4c962f827dbc35764b33647a877869eead79f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000f676f80934dfa7f54a00d1692e51678ef18863550c546fa010c88df181236ce3000000000e80000000020000200000007d54a4747b32b8554972a47a0d4ea0cef8469f311ca1b7a66e17e8140fec01e09000000007e4e8d36e9aabbe8c59c53bd46a56efd81aadcd87e9f3b56fd2ee53dc949fae0660a3485e820807ed62bc41e5ea6f01026af79ad345134a8455d5e79ba307e266ed8d538736dea0c498e5639243935e9eade406b8ffd76b91fffe9584c965d068f621e6abc97873e601d686e98b3809a02637407e2ba48d392c5be90718ad7f24235378f8e91e14919ffcaf4c13f0f8400000007c40dc517207f95f10a5e99f4a70ff27070530ce92b54d9bffbc04d09d58c0b92aa834400099306dde80c79efeef0262ed9af8248461d5e43b33926375112071	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2208	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2208	iexplore.exe
2208	iexplore.exe
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE
2124	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2124	2208	iexplore.exe	28
PID 2208 wrote to memory of 2124	2208	iexplore.exe	28
PID 2208 wrote to memory of 2124	2208	iexplore.exe	28
PID 2208 wrote to memory of 2124	2208	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14c167707389cad5eb0edc37237b2705_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7db012bb6d28d89a443fcf468dbc6b0

SHA1
231b7de209b8a438d030253766f54ae5ecebf455

SHA256
fd7324f438c3258300d227153cf543d62377fa77ea570f4748d57157a38a3e42

SHA512
e6fe2dd03ba9460954a296378fbe61a2315926ca68671d1aca6d7e888c35565bbf08228ae0b1e3f87259dd495aa27360dc8d75e1a57e8497c403578f5963d59a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc58c99613d81193b2a58978a4a40059

SHA1
63d8f84e2bee5ea467c795cc4323e8e1eab64bcb

SHA256
2cba53486ea25e782ca0bbdd2f4f935cc46dd30dddfb7ecb50d2d4ccd0467f51

SHA512
ebaca1639086c06e292445ee7fa2d3a6fd7137719065968225811c0c5b7868ab4fadbc73d4164430b00ca2ff944603bbfe9efae6a3632518496fd82e35ceeb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8614fccf75f3531a1349ffa780f7362

SHA1
e114bc34ca4a2f50f2179e518019ebb6dd9f5ff0

SHA256
2be4d995b159f98fdf6abb0e2a8879093b156b5920c35c989a2956a225996316

SHA512
310bc71ab77be887364f9bba5b97ccb3582ff7167d507ba89f0a8db71312c7793e8aa0daf075d260c8cad2676db00a8b59c58d49ef117e8f5a2e6534c6f92041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67e41316d8bb71369151f0a585cc5157

SHA1
0b43c533f8b953d5108c31defe4cce81377d150a

SHA256
508ad5e1cac58a9a2d9b80b9932f05ed920c235185103b4bba0e39ebfff24035

SHA512
0235e460ec8d0314b897dc1c39c40308fd1d7dc62f84dfc53ba479b9a3aac5ef7a93095e1f4d2244e08c5b9ffba1b1d706acc2d6ff8bb90d321efb93687d7e46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca0aba052e6a04a04f97b328e6aaee27

SHA1
6b81f99aea28f9f51b185ecbdb448aa11e44ae3e

SHA256
ad6575270097204398bb310ca48910345286f73c05e7298d4cc1c7c1a3f8e999

SHA512
b5786db433eff7d47b7f92671dd0a019410269859a58beacf46fdf4a217b63591f6fd89d3404677a34cb9d7ee878bd4223f29a5e549f337e6f1b0d46d6d1d6dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0780c44fd2112f7821c20853c1a3dcd8

SHA1
f9a323b3defad93248d36ac1632e97be24ce4e47

SHA256
2a910eb53168bb1b8f4431d8841ac7d24fd7792f84f10ce51cfdff6a949ad932

SHA512
82d7b0050b238d7f18b5eb90a0bd3001724d30665081674b0e9bcadcaba387a30b49f7ea5dbf5eaa81cb6ddfc75f367e9bd9c1d7b5852800c3219073919c3356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b57073746b5f29ee57615def5806d664

SHA1
4c02688557462ef08cf7402cfecb370bc2a20902

SHA256
afe8ab4c8efc8aa3351338eaf157d0243eb887f7a82177a5fc99975d5abbc96e

SHA512
3e34c04c18f5a69328b344f8635d4abd444033c965be7aecf62fcf158df16cd90844bded392d35f85ca3a7343894430ff75aeb9f12b9a5826c92f08a17e658d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6945c2d8fda6522dcbcaa41eee1a5cd5

SHA1
abe14dd3c56c4587082f6623535f50016ad59914

SHA256
6892a1e12461c0ea0ea76ac6402ae44fba5239db38658b7734a62861ea391e76

SHA512
7188da039b265673a4577bacd07caeae7a81266c05ba6b278be385b16112b54b03530d827f855da904c4906becf56f1937d5c8a27d17eba347367a8df44fadd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfd750971e88d08965ac72cc2e04a28b

SHA1
c8b8f1b20fed38a35e6a4e722abc033b3d702861

SHA256
f700f3eb8586f4c8cb0f648e0423114508b00a2fe041e31e606d4f78300ea3c6

SHA512
0be543e501ae47e139066d6ac81fa6ed36e783b121eeeab4cb5db75d9a157667870406307f1b27f5278de7a286527e739df2a34c11bf6dfc4f0225b869ef3f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed7adf7d5caf17e190dfca368b66c309

SHA1
3284b99866149e3db64713756dd8b8fc834374bd

SHA256
5e7f77bee2ac95f06309d70142630518174e694bb0a8efb8c4f791735aa39cc3

SHA512
b3655e653de45783dad34595e00556b60662e3be5bfa1ae0b3c1907d089e0a7f0437a97c7ed0105068520b0a6c33da317a2e53b03fee3b65e15389c5f36737c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26f59b01fe59fd83a6a85a951f412ef8

SHA1
77542f30a7b62796c931f5634b159e847efe88cd

SHA256
81f5ff190aad4b7343dbe38221bcd4d131127099aaee8c36b375ccac548fa227

SHA512
d743b27b1aa2f3f2b46f3dd8bca8e1a48420014a4e9882c9d4f181e26de38060cae3842fd712be597e5f0dbe3b34c5e2ed6baf59d2849f92ac4ba9e49a3eef0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52e82df2b384becb7588e483d86dd017

SHA1
b261745ef6b8ad9366d1edf7180a0def0d270169

SHA256
7c59c1fb21ad02975411cc7c2adfe49f314de369eb3b013cfdd262589449c546

SHA512
dcc63c985cb719cd1e789fa00e5ad6ebf589f098f50fec6641667f2b80e0cad3b371907e5309723817bbd17c66ace03501a58e5820dd1e53ec98a21bfd54ab84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
284e498b05d10f7cfac6b95c11090078

SHA1
48811323eb31d104ae35a670efe4cb604286fdd0

SHA256
9f25d3d0b62f1040cd5a176dd1290311facfb5a77d3e9407145c478c310cd824

SHA512
a324b4583a5e12c66dddfd709219abb0c9bc3c6f557bffad1ca54f3924eabd8d6ba58fffee24b9e0b0c455e7e9a91998a887b83e8c9b42dbe4510d07480e6e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e208d4e8a54253c0ef803103db4d0fde

SHA1
265ab2453265e45b585cc2827012e508d48db497

SHA256
ad8156cc8292d98e999372201aa69a0311f3b9fe9d2867404c93950c8c6c6264

SHA512
046df58d47846cbba53e38eaa6fb740bf81d67381a93ab60391bb405868c72ce622793103df48d9d992f26c251306386f9ec2df8335a5a9e8e79e0ec9f1e131d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3bc3ae19d19b0659e480dda23c55053

SHA1
faaebe25c363e1c5c4df26c91d8dfd0d99e9b941

SHA256
52fa1601968b97a824de5005a97e669a57dd8edc2715164cb3b95745ad760c64

SHA512
1eb97081ecc04d66acdd8b10d59db54f727d2a7b5ff22fce1454dc99f17f59b1d25c0c0af06dfbc58dd6b12751a0326313a71fbb06e13af7541a39f7b70587f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31AD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab325B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3270.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit