463bfec724e1a6632e3940298ff5cbbbb22d90f52e7cea8290ce81ebaa9f2d85

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1eb2ae8b93dc0b5d354f75e49ba041a9_JaffaCakes118.html
Size

28KB
MD5

1eb2ae8b93dc0b5d354f75e49ba041a9
SHA1

2a2c2ac6d8e4ce443e0bc62f4385fcd3e2306041
SHA256

463bfec724e1a6632e3940298ff5cbbbb22d90f52e7cea8290ce81ebaa9f2d85
SHA512

7e1a1f34971d9ed70a7b27d59071ba28e3854704ffe8c8b633b9a13af6185069ce24facfaec5292086d793c0b8dec70f5bbb275989592513ee6d93fbb958c98f
SSDEEP

768:dw/Z3KCtaXGqX9ccT4RJYFQHatdzCX76RXdlqpGrzCvv:dwh/tGHNX4RJOQQCL6RXdE4rzY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000020c858f7a131720e81552f2a7f4ef211882243a534dc42a05dc6c2e423dc971a000000000e8000000002000020000000b72fb1859c11439631af448fa2f8d5444989e6cb8aa60a9d541e3393d3d33aa590000000e0f7c19687e9219ff6852e3119e943f5a589100d1d497d1d571ead44585a7aadb6a2df3eb63757d5589a42a5a0ca80e289a0af4f408e032d93bd5d887cca7fb954064ce762175fce857aa16fc21a2e29b9b24131763d9b87bf343fe79a2d3daae8e4a6f57ad95e6a7a2fd722cce90c88a82f09fc17f3e7a989eb1d24391e297e840c0a0e45c6e65f008bf16d30e8334540000000c84c7d7413b369948bf945a6a6bcd11ad972979b6e5f6aa09d97ee229f055c5e96f5d0b41c741de973b6318ceb33f5dbe8c4b5732c78740ee91e763f729aa4a6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33EDE241-0C00-11EF-8840-6600925E2846} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421199916"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000021569ad727870bf577bac0137bf2875201b06f7b615eb04d5e9ec0b4d31ae37b000000000e8000000002000020000000591edf620a05e6eb0ce2e32cadd7fd403529cb8198876716b7c25a50aa1fd7e620000000c2fd3319bd7fd6c31b4aae59f37e16254361f0951828f4fe367a0bf460695ea040000000301534405291948f3da923e661357b31b41652863033c840f1fe55095b1d9e361eda9fe04e9b3036a9ed4794d3a1fbf9be9de812932a33a6ff493df1e18ae610	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700f1a0a0da0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2268	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2268	iexplore.exe
2268	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2600	2268	iexplore.exe	28
PID 2268 wrote to memory of 2600	2268	iexplore.exe	28
PID 2268 wrote to memory of 2600	2268	iexplore.exe	28
PID 2268 wrote to memory of 2600	2268	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1eb2ae8b93dc0b5d354f75e49ba041a9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
41974fffc505ad1974efed3391933980

SHA1
86ece6125c0eaab55a457e94f4fcec16fcad1692

SHA256
2cad4561f46b0a546ed5b677a7432e809855c304c4be9388e4d570b9c67aad7a

SHA512
4f2d8848d0e933a32b28f87ed697c6b411ecfe40b938d7e80fdc761f5fe35195307e6fd19f84fd50f1e18b85f81c3e51075f1252c7c8c7efb01f42ca6aa7787d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
960c421384b0d4e59745a1062cea019a

SHA1
4e27056899d1fc4d13c21a3c29b6390013f4ac4b

SHA256
8cefa608716a5943e124ffa32228f89017772e7251e87295cac1ff4d45869270

SHA512
133287b90fef21a18d5e3bd93ea63423ebf62bd02f8b3a322af4157a038feb6c3cf49bd34cb5a3300e88b6c538a6181e78e4e55b5f747a66549589a5b28dd5c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c0ebea91aa990478041b17020849248

SHA1
0cc8701550fa42f6e342abcb2379ccd6b7c868c0

SHA256
1ab1d31b5a0cd2a1686c5b2c077c287c0cf2a58d16d7548280205034ebbcabee

SHA512
947482d481cabcfd37f6921d32d0e3a8cfae58ebc4ddee3b4f3cb35d9661acb9eee2464ba992649957a63416f53cd6b920b2acb57d6e609c3398190f7af7401f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ff5589e10eb238399f85a03f1b06ee8

SHA1
7692def1ef04b58c5c9430dc71ba0aca2ac84db6

SHA256
388057fe3ccfaa3cfabc5cb8de65a0af96247e849f8ed11802fc4529118762db

SHA512
574547f0e94b18e938ad7db7a883e08da032549862ba84f7170a1e943d987b56fd9fe5f9bc9ca7b1ac254871f90eaf0ff778c9357f2ba068c167149886c66b95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1cac8cb416f4ad2c2c04df3c0930afb

SHA1
5e3c96f6a7273e356fd2409d8bc1f1fc2b7efbd3

SHA256
ab69d1f47302a1b4b3ef73a30b857eaa3ef47f4b1a0580ce8b2f8ac1fdd61632

SHA512
60b7af02d55d2d5371c58f9111b3383a8db38a965f1939b0b8281bae4b4b8df783838e7c3db564fa952f72e766c9bf77dfe9eff24868d169670d62c8f996c29b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5ae49bd469cec798cada8421214d3b4

SHA1
d19d49c570a805e79787e739065215bb2e5b3c31

SHA256
338dfd54eee174d81c36887d23994bc8fe10478d8875dcaabd59274a17eb7e42

SHA512
b0961acfe510daf02fa99c2e76e5c1c3fe08f209d83318ee2beda737e3ce70413ab6e72902bd51d59b0ced96545022bfe9263b72931fa84ca7ae6a7e87b05564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9b0e08cf7cd93461a97eb4944aa095d

SHA1
878aaaa5c8d3f71c8bc55087a78045c597af4d34

SHA256
69d023b12cba29ab8c549ecc951f3847a5b689f72573bf8e4621fca0a6e2fbea

SHA512
ee2d991677f8adde6a30ca081a4b49b715491fe06d67f2b164dcab83bbc13faa679d15afd52ef4fda4531b1e58dacf907e0bdaaa93c0c2e446f81dd4ca111ac0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a595e6d549d692f969b68c7e8872698a

SHA1
a013b5d44dc1b294fff8839bcb9607442b7c703b

SHA256
65b91fd27cf4f0bb8751b33dbb7004c766a18786583f649317fe6d2fedcad429

SHA512
2d40a6cc829aebdcc4f7287e765160c048927b13aeaa29929378ea17f93f26ef2c47577e022b7bfacc5c158eb35daa48591c595f69e96c8faf88b8fb5551f560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dd156158a9cb6d3cf5e88b19f154f2a

SHA1
f5db9c11ef6ac05beb1219066ac4023a62b6f2ac

SHA256
01440d40d1468eb7b504432c996ee9680c5b88ce0d8e3c7a4ec84bf4496eba0e

SHA512
fdf66f2b4951ebdfa1fc63a10402f6c547b6007b2e4dbdc2178304e5c098eef988b6322d9cc3647331f73f4ee42d3e848cb9a3206c74ebaa90a559b439504574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
671902a2122240fd35a39594dd961083

SHA1
3a828205177d248821512b8ba1c363367a588824

SHA256
10b24f68f4a84a79c4f8b51fd7365467f5ce1145cbecc41e2edd7aca9f3ebfbe

SHA512
1f6d1c1c70ecc5fa3c1df4a8b191bc76e754488ce2a837effc2176066a8a495f9d57d0682289fb4b6cf3eb62bb07518badf78d1f0572f144f4ad3119c2008653

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4ce7dda1f51b91c6f0f5df9b91eb207

SHA1
c46e91f3e26fdcd736b8094f00342bbab9b7090b

SHA256
90c2fbe918955af85fbe30d2c6527682fa1e5e7cedc51538f70ebd3cedde4200

SHA512
4ec1aed8df77ec9412c194519354ab6bc4ce9b9872072bb6c5aeae458a2297996fb190623cedc88b4ab3fb2fdaf7d04c46fb5c0422a21eede0e37e4aad74b5ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a9d6a2e0ecbe2dd9bd1b8a71f0125ce8

SHA1
0bb9e10ff22c594afb6d9f9848d6d36b10178375

SHA256
3becaa215214593cc29d1ac88f5b4a041be81ede72781825206c392a6ed91705

SHA512
c0bced7ad79d11df1839960b6f94c659a499fbe7d48f9bc026891c58f29f1d54c619b0f41152271d72c3bf7c7c6393ae727f8541b37508e6a99136772e97b44c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a4373f1ab55a91da3d3c5018db8a3025

SHA1
8ccb3334c172e11cc9b400f019e3f7ae098480e4

SHA256
de2813b74c9bd08f08c114461c48fd8e4269ea3d803533c1e44f6e21290085a2

SHA512
2d600efd1bb40244f52e95085e2e6e80e225e16f552be000ad21edb87b973856c85786f5faf1c76bc5cf0523bfd0a4c22a53c36835b46a2063a90c7252969ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FB9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2FBC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30DA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit