17312f3c5a2d03f902579aa03fc71042e8381c45ba875005d565d854b06af6f9

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 07:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11ca82420a5bb55d40da0050f79724e4_JaffaCakes118.html
Size

4KB
MD5

11ca82420a5bb55d40da0050f79724e4
SHA1

25a5820fa230a19172d518bc0f2326ab34d30fb4
SHA256

17312f3c5a2d03f902579aa03fc71042e8381c45ba875005d565d854b06af6f9
SHA512

32ec7a500bfb5b735614bf169bcebeb6aee609401d523169aa5f4798b9105455d926c9292857dd24aefabc951d627ab2ff9e4af662ee7ce730e23f24ed37a851
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oTWKxqoo:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000069737f6047a746a73f6868a2de5d2effb4c9e081674cdbde0bad316801db3490000000000e8000000002000020000000f67fc16489ba79a8d725444844d6f57d7aa76ef2289103eca7d9cce36c3095592000000089b0de7e9c41b32c2cb02d3f4a1450714af8e350018e9119f9a1b5b21e0ded8d40000000b2cba4581b4f5e9d8cf8faac4d20c0cde1c134271250e10047d5f64e2aa3294611f164fb7677cd51e68f839d3054808b44e118566a9b043499f24651cb2309c5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000b746dfb4483324ed12f154f678b939484581c1d204a3a7d9740dce17b736f985000000000e800000000200002000000073b57eb856abccdfd4333650e33664879e631c372f1956654e33f44894b93bd890000000bd6de038a01e23ecbce60452cfd06e0e1100a33421dd4a8dc79c7e6754a1e8f3a30a760c5066fb93a79d44897cb3ffdfcac5d28b2d184fe897f41989f783b147a430d53240b06cc57c53a800abe24ad2eac2fe61933f07035dba4de80a72ac3c674dbd59a324fe73efd1482596a05f33349bd6a68cccda66d4170c275a23447e6fa34e36f93bd538adde9d12466ef5d6400000001c7ae0494c28aaaa2861b173434bd1000f1fa7e99c95ac3b5af33d2d30b01cb8ce8f2ac4db5c6039407726811611b9e36d6368437392fded9ecdb982e68affc6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A9C3611-09EC-11EF-9A09-E25BC60B6402} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9006fe1ff99dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420971464"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2660	iexplore.exe
2660	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2560	2660	iexplore.exe	28
PID 2660 wrote to memory of 2560	2660	iexplore.exe	28
PID 2660 wrote to memory of 2560	2660	iexplore.exe	28
PID 2660 wrote to memory of 2560	2660	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11ca82420a5bb55d40da0050f79724e4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a543d965daacb6085ce370106913333

SHA1
0e9028a891559371700a9ec180ad481c2364a92c

SHA256
093f0e0976b60d517d27b9be1b5fc3f58112b5ee8a1a289c3926fd39738758a7

SHA512
f25e2fc54b79115d970ad76953fa583ea0be2fe63496df34bdeca175c373ac6debd0780c357ad4eec38e6aa9b1cd2659d62d1f6d6798cfdda86eab9c692e08a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
298faff036f718639d0d8340765638c3

SHA1
bc41cd5c004249b883e5924cbf059a18095dd369

SHA256
3a19fa447ca0982efc65e488e106cb83932063bcb14c67ed1cb30bdf5ab78166

SHA512
e3502f88b0c692e1cb09edf8285c1bce0950b58ad752d7484c03b69523f31bcdc0228b300223bb107fda67852b9d7795cb1160d8a331f5d3e54e112ead871e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd56dda6155e570e5c7f53da10d9112a

SHA1
2b91b13aacfd9558120c2472f66a8a4e31062231

SHA256
81f66f4ecad272ad7ccf4a2f54abb2b47c955e7769c2c40aebcad6b81f810309

SHA512
6dd116d7e841cf5cf195bdaa9362b17fc2b2e876afe2b32bc859712466442ed968f1225fe0fe6b1c8cf7b0271acbf4ce26c99b64fee1ae6e33ecf51960bceba3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e10f987d357293adc1602ebc5fc9b656

SHA1
224bf585d5ae57559b8350ce2c0af207d89c835f

SHA256
3dd6c8cbd36e0827cb41522a28eeec5d1e725acd6f9f1ef82971fc9c46b43053

SHA512
5d029984e7aa7e26507b5d30e10ecba9ba3f7e8fe49312e4145f583bc07a97eddcf593c0e010db4aaf59f331241aae0c26c9fff51fcb1088e9cb80ee929d0caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38cc22f47b0137a9dcb3d1ecf566a69e

SHA1
d064fc02d623fb3f810657ffd8a256a1f8373f40

SHA256
d293fc328a927f91f72f6370c3f3eeff53586d2be249b8831482c8f6edada1f2

SHA512
c134e50f50eb30f5547db6613cfc1bcf17611f2b53f14e034c7ad3bbbf0ff93c0108a94443d9cbecc64f02834a163eb446b5423ad267ed69d97c54254db86f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b54a835d73a6bd7c458734572a452158

SHA1
5c2f1452dcfb58a6aeb1824766c8cd94eccd976c

SHA256
f3d251da97443cc31a49f94fbfed2569becc54bcafabadae3607d5cc324ae146

SHA512
fcdc176485265704361aa435c9b8842f1cd2627fb55752fb7b20c05a7e7180f060b781a90b56da9c53fef8beb52f6c3e170ee1184cc7a4125410aa37a02d83a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cee8fa4590c9b2fcdb92b1297f7dcc7

SHA1
7696e84fec428caa4b18c16b24e08ea28f7a8292

SHA256
95190c124850ca9628102d5b46c4553832f3feb350f771bf371c0946abe82060

SHA512
538f2d64dcb2e9e62499fde5983f7af5d8ba23ca68e586fc3bae204971095d40291e7b7b8e48a1301cfbf47497b6e4ce67dab9b4cbec67d8df64e29c71f20643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18ec26b2c920ad96b2a01ac39caf830e

SHA1
96cdc50f4be1cf2e910cbf5b7c4779b92a707f26

SHA256
5ca20ab00ab3eee0bc427de26db481bb55494a7f64436ec5ff2f3835d8f25b91

SHA512
6826e51235e8c06317cd4c6943fe09a9cc6f4abca17d2cccf3398f90cf9da77ad650e6a47595c37c97281b581da271b70ec00d74c22d3733464e441121467e2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e2cecfeb4bef8006af5f8b650f3d1b3

SHA1
15da57ca0095e09ba9d685594fe494d03231a1a0

SHA256
04399fc872fd347ad4b1e5455ded3b8ce54c2072a354dfd486deb47f50afd6c0

SHA512
d3aab61c11ef0f0ba6ad5fc2037e368efb137db7eeaced37342b6d40e88abe01dbff530dbe2bd8f7c5ddbc31ddce00a191d2dce5a36eb811c56d0e91f883c945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea7272c64fc82ed8563563d4f7d3b950

SHA1
f11b0378c56479d528029ab85a6fa9ec59537183

SHA256
5b3d2b171e1a46c9a481a1c81504c91cbb490e17b731d6515a741ad57f250196

SHA512
6a7d856ad64cef6779185b3b0b1115bc0f615d63065a972c9f582f30057152958a8db705044ecc45da56eb06d627c63b91022b5173051d84e0c235a684ce53f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed763e724cf468695612738fa055d542

SHA1
3a9492c1ef519c00f70ec56729a36d28c9dbed84

SHA256
0d6c5dc9ca3bcaacaa1a2b36d32917fb40b1437c3eb5ceeefa02f660b9b601dc

SHA512
8cdc0dbf20a77d500b3c88b21191969ea6f6d1b2b9f2050ba7062ebd5b250c05ed53202eed1bc4d3c5a7f912110548fbbbc5c1429d16d4c225a3b70e812d7de5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69ae3cd4da7752c4e1b35212b0cbbb09

SHA1
7aaedc5af73a9c36376257c79b35db17bb446891

SHA256
3decf93d79bc4cdaad335dc491cd0840148da629ff013fd0d7d01b6f2eacf722

SHA512
81160f100524ea0cead65c30d5509d87a8c0e8cdec7f7f0c40d380923b0c3f33bbdc4cdd7cfa57f80ead46e1b5f95592ce6350e30f11e81765394c99b7cf4850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
044dde89c099892dcd03019c8726ad68

SHA1
13812b830281b56b15c65ae3fc5449e13e7d0cdc

SHA256
5079b0232192100d210fd4bad59f1991abdda4d2d883342597e2ef072c566edc

SHA512
67644d9610d2e4a7765549af23b4a6c92dbe9dd9040586f97f5687320ba155d01f510bd9c4fa98c3948e93e5fc338b36d43860836b708a52682f25627ae43911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
007f0be84d171be205e8fd54b780a738

SHA1
ccc91a4af6a9e8efad8739dc5234020c6947d772

SHA256
55dd7b286be811a60a2619f3121c1584e696e36da3030c469b0c6d097baeab03

SHA512
ca83e56798982a94ebb2bc5b8ca40e2f5183c9d9fb2863f757e8aa41b19ee76f0790f9fc1ebf7c1796f68b3db24e31625d15e4b6200ff47d98af2255654179f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48c929c9a8ce49f94d0480f049fbdd57

SHA1
6eacf645718de3262abcb3838b7605bbfdc14d2b

SHA256
58a2bb2c986812356a48586c58d7eb69c946b8478968e322ad08a00f1197f898

SHA512
2a37a06204b6e989d2e4b870cc2dfca2bcac506f972c7c055eaa942b7ce0c8397a3f488e45ebfab11b9ccc0f5f00a3cf27dfdb3e867d4b0e5660e1ba5701826c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0638d2cc5fcf1b1f7a50a657d27f815e

SHA1
bb69bb55a60664146b0d0c4d4c41ead6cd0a9322

SHA256
7af6897187f259d03f4391638bb7eb912f20501cdf1cb524de8c95c47358c7a6

SHA512
2c0cabe406669331f0fc6443b1d82f4475fa4143d6e3460e27c07f5788b44213558198a604a74c3efc2b3c02d7df71a6a04ea712c12dbed46824674df1dcfe24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab96B5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar97C7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit