df819e689eb2766dc1724c48ae04c205b8443eb8f109c6358b9646f177720f7c

Analysis

max time kernel
119s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 08:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16cf68fcb0c3e08b7e51fc84e31b9f41_JaffaCakes118.html
Size

332B
MD5

16cf68fcb0c3e08b7e51fc84e31b9f41
SHA1

8c940e1bf2ee4d53193385a20570ce0360dc2305
SHA256

df819e689eb2766dc1724c48ae04c205b8443eb8f109c6358b9646f177720f7c
SHA512

5f0d543ea7ca3a5f57977cf618b159e8f441f67b172b9dddd2a36179a2f96dc77ecb3fb26383524caf5f7fca42827d5239608b5728579ea689033f98cb430e91

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05c2ddbc59eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421059395"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000021b1dd12fe2cdfe02124fc4200dec5d96a118e57196fd8f8d62d190b4f1285c4000000000e8000000002000020000000b0d51325fe52f03e3cc9edd39222b49140e4862c193cb61f1ea39aaefdb9cb7890000000fc3bb2796715d099f616e2f6239032d2e6d48dc22b71621158f1e7cd77ccc5295f677ffc130eaffa50a5bee2022d27f5b5e817df51c71862f8f4182361194f6a4b42e68afa33f22ab667c719d6e29340ddc1836e382449750fadb32c8c8aa3862a55c6c29f412833bbfd90230bd34b23454c4db95af74f9c05d0d7b009db922a64c6ce4905cbe6fec193dfb6365230e9400000003c30650f40303d86f11b90072c16ca11a69f6fa289f9649064677b0714d2300a3b3d416f76560c57ef13724e4e8a3c1b7ee152b70f34573c6c95c2edce9d870d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{06242BA1-0AB9-11EF-AFF6-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f68ff2cb9f02c8d0011632094ec79b7893def1f01d2b1dd5f2fbd47899d6e396000000000e8000000002000020000000a5a1ecdd968f6f949beae57456e1f5729ff8228284b1845e39dc97a383ed3625200000002acce0b4a987d0d9236b37a2c25d146c2474d326c82587682beb0b6e5531c29e400000000ca24dd448b3979f825105f276555c57ac5c63a170bf3d801e99dcd796ad110f766d4a5ae6cb9cd4a6f7f2958928a2b121d64f0192adb03cf24c83bd39c853a0	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2292	iexplore.exe
2292	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2252	2292	iexplore.exe	28
PID 2292 wrote to memory of 2252	2292	iexplore.exe	28
PID 2292 wrote to memory of 2252	2292	iexplore.exe	28
PID 2292 wrote to memory of 2252	2292	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\16cf68fcb0c3e08b7e51fc84e31b9f41_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a58cd1e9da0e1b52c3d6e2d507922df

SHA1
4c33402d13044bbf2aa0d37287c0fb6cb5dcdcfb

SHA256
e4b2dbf3ed270b72a1c3402980d672ee08c1c03db5dd7e2abb44b9ea26e9ac32

SHA512
27e7ec0e20703e54e201b3631fea1c8fc12f7cdd50c1078f2feb7054202563680a501d3c930bdccdc98bb66a8ca593d3faf990646f775c1c54812fdf8430d952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
914dfa2c399b7fdf72211072e3c42152

SHA1
0a761064581c018d71c3dd6e2192f9ce3d9b4a02

SHA256
be5e82fa61c5cb9c45316197539fe9f860771bc1b711bbdd795efab115bb022f

SHA512
baa18da97a1e4aab30b0c7f96808a431eb6e3e2843b50efc5d8abf0ed77397be468c8e09571aa7c9e1d9253cdcea2272b37f656c6403fa5acbbf6a2e799c9d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d4d0d50f459f69f1b0f2b2badf2beac

SHA1
b82f0ff32e8fa0c382e14dd46c8088f7b1598509

SHA256
7116ba1cac677edc097f2b7f9fc5ce1f0b7c4f27e05056bdb01a6f332c161183

SHA512
a7b40749195fa03f05a7512b3b325a6201b5647390fd0935c4d321fae4ee9344088f44a0c8ee6ae25270309af507abc343362c77b088c9c6af71cbec736a4a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be3eb2bbf3f8fe50d958f9832d7f0b59

SHA1
7df7109259675d02a370c8dd5993acc3ccae40e0

SHA256
b3dba4286de48c9807591a0f02fb28007a4f0850b44a7cb052eb80ad6141c02e

SHA512
07ed80fd925e9624df04da5cafa328b18f7d9cd3342c4eff6ddc8ea4f4f2c7486b6799684acee4c9c1fae2e19f54a047a5ec9fb288412c0ce9c4eb38d024856d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f3445ceaccfbc4e72aa7e74cc9d2777

SHA1
6e5fd6b053aa3a82f41d3fc627d53d69d643fe5b

SHA256
c58433b638917fc53e3ae9642137f41ada408a5b4bbb495343fa0cb083a28c9f

SHA512
aebea64d8971b2ec505ebabf31068e8de653c090ae447696ab87e739401cf18e89be0efeece87850a58a955a3961f0e93d6ff3851b731edb50dcf795a2a17c8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44ad39cb83f20bb6279ab5f14d0c4965

SHA1
18d60c2644eba438d8d6d242be9a683ba964f3ed

SHA256
546d464e6949c231342d766918452784d4c0fb997311f70e11fdac4a8e07c686

SHA512
e7b25f08ff7e856e58f95c40054a64d0acbb07c1829b48918b7b4dbff03cb4d1a61ec37fb8a157246aaeecdb695aec089dc54969bd7d543b55ac0ccdeb7ea3e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c32d95207ee3630ae480adb73c6286dd

SHA1
40c6ff221b4ab782e6bbafc172a2bdd40f30c16b

SHA256
29a37749ba93bc681ed63b83be68c61afce540fa71e2d5e16c592e8a14f6c343

SHA512
ab4ee0549d26ed58528164a4f5a31286d7673ed076befb1ea8c4daeda01964808fc8580c1b0e3a4843d778175845d27f54f92fed0f133d1641c15acde2b5ba51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5688e94c3f2fc975c83b20d5563cc92d

SHA1
e7f5a5da2bebd3244ef6250a0fc1c128ecfa9ebd

SHA256
93a90b3554f6b157e42095751301ae5747802f3c896274bc5a678ee1e42b6faf

SHA512
f45ad1c3c51bbbeef84a1d9e2c3bc1ceeb9012988a1d213e75a2cdfb4da8d41d48ee46c04d0e45a40d7580cd7d261910dc08a7eae45d8279d7e09d74591b20bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ad3bbbdeb69d68ce36b47c1032c6112

SHA1
58877d5d9eab366d8d84fafc8fb64603f49d82ec

SHA256
ee8fc57240f2d590ea697db92117e44d8e4baccca422ad19cda523c817508933

SHA512
1bdd54c92f49c737ceca236cd3105a39d23a295c79dd3a2ca96f48bc00ca926ee94695a05ac014a37618bc1233cb19d849f2d965f56d99e15fc219d9fdae0797

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06a71a24bc1b3e51730d2aa4cf9ffaa6

SHA1
1763c60e4699807dfdc3704dde4049a675f47fa7

SHA256
a0c3a3a2410220e4954998a62e318d1152eedf1acbf4b7a095b01cff404c595d

SHA512
0a607a85367368a8a6e8d242619170268eae54580b8eb350d2a8b22b0dd0360695b40a36220173562f1e3d65e93dc351b674a6ae5fb7a14f8eb1e6f980f9f7e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7fe8554dcc66d08694453e082e10dfc

SHA1
ef7b6f91c356a8b868d04e53d92cfb0fee644576

SHA256
608a4f781e2c4e9a484f3619710d088aae7f81a32426949826524c51680c9840

SHA512
99792ae7a7272685b5f0cf81c743b0e4e63a7a6eb51ba66f92f05e00a9b622c7a726c083e55f749ced3f148b7d51bcca92af4bd7272aef2874d8220c45d1958e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5baf9460e08a4ad141623597a7599823

SHA1
7ba3cd32686be4a770b4bdedfdd0bfd1be0c4ae8

SHA256
cce0ab4b644538137188bcdae2c5e2aa96cef292554a7069a18410658f72a884

SHA512
876828e736ad263c91fce2b9246172331cc3395b60137d0b367cfb0eeca14250ce3bae0f0b016e85fd1a30ed9b4a6c0b548ad7b4b7e9d277c586f449d2706d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eef6ffbdf96d8bb97c53a59ef888c026

SHA1
f52a2a5b317c2e914142ad32fb53579fe1bc59e1

SHA256
e16330369daa97d5425765ec775939c9c4aecd08768753ddc24993aad730786d

SHA512
78ab199ef8d9e37ed498736c9837ee62d26a9feacb53a091aa2df9f8c2382b55e95bc19dd05d4b09c051f619a55033eed4929e9e8faec92303c7bcdcb47a2fd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dfb00aeec9e7e261fb99e29e18553e4

SHA1
0f70c96514d0db1176b45b7af9a11c3a951cef25

SHA256
69fbd6f16043894cca30bc596359edb2984bdd2e902ea6a0581ff5cd16f38221

SHA512
55d343e1f2f845b755ff069ab045a127e043efc6baa960eab50f30627f109d7f5f29c426a3cb5c5eae99eed1c6da1cc2261758b821539dbca6b92398a39cf7be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c70842497d13ea32a49809fc51cf8d1

SHA1
dba91a08912cb24650238499af98b45d65d9c10a

SHA256
4c3776e21081f8d998aa07a7b403d63675147f8a413801eb693cb05866c0659d

SHA512
04c529ecaf3cac941dc0baa19068e9f73c3eb6736753a9d7aa0a33cf11f45c7d279f18572ddfcad299ae01f0adf59ab21772b3bec878b9cde47f95e6ab500fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a86d50b12e546a80d74ec99a0fdd8cf9

SHA1
d98fb93b4c66e6b8c306bfee4a69444c2e0fe621

SHA256
e3f80e8b4fe895feb2df803bf04e56e31092f428213fc55a07f69e76859893e9

SHA512
256005a960472f4aaa3540361e2e6563bed9bc58f71719b64fe330da9090f8341fba35a2dea49e470fdaee6a8313adf7622f03f74205c377751060915cab8422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9963.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9A9F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AD3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit