2da559cbdb18ef70146acbec52b409001025dc7aae9e667eef7e5486f2ebfab4

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20a952bdfc053b9c83920ae3cf2e2fba_JaffaCakes118.html
Size

32KB
MD5

20a952bdfc053b9c83920ae3cf2e2fba
SHA1

54b859be7411f9eeff4f25097dd1413b61ea3e9e
SHA256

2da559cbdb18ef70146acbec52b409001025dc7aae9e667eef7e5486f2ebfab4
SHA512

2f2c3e91d6971dd116045744e42a1849e6e0041b1373a1032c3ad5c323126adf165508c9e830e57656b4510a6946963bcc60e4c0c99935f63ecb98cf2dea27a4
SSDEEP

768:AIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZNoY:AIRIOITIwIgIiKZgNDfIwIGI5IVJ7Sq2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000065ed8e23173b62995706e060e2c81e8e61181e7a2a4811b2c5609472fc327978000000000e800000000200002000000090865ef4bc0c262cfaf375e25bd3bc07056d1a0231302e4300ab4987bb5288bb20000000380abb9a53ef871dfb13a4e3117b21bb404eb62112dbb92b10d9402940eab103400000009a263c4e433def42849c7a33662e9ac8f22e340170120495d5b41152aa757b820d1b9f35bc4e46506e66185a5790a12d5f2620bd9926e8de96b1ad993bca2b50	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c6dfec7fa0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000008998aafd2a1fafaf58aae210a61cf4a16f5d195a16c95343083421913f073b23000000000e80000000020000200000001a9a8118eab613853096a1560749de3f1e227c38a3ecd58db06ecf18e3c83c9a900000001f2c99ab066481a08e372dbd62c85b656f5682798cec9024ade92bac415bba72ac6f3e9c53d9da323e409894d34ad7c1c6368f4e8e232dff1eae8acccef5236b631ee9fec8a5657a81517da74bef144e7cb926f796ee65fab6e5983d4bcd1e1030f9e9ae5df0a2420003168ff0bbdda8f11342d7e91401876680119a16f51045c8c527f2a4a2044b670fb9fd547b04484000000018bbba5510abcc7509ec9ac89ec2a471feb4c06e748d4f435d846fab32a3ab4124f0e1a8d0c8a132df0d8ab8f21edc229c3a3226e251fb02e779926c29a5e33a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421249261"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{17DC0411-0C73-11EF-8547-E6D98B7EB028} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2536	1992	iexplore.exe	28
PID 1992 wrote to memory of 2536	1992	iexplore.exe	28
PID 1992 wrote to memory of 2536	1992	iexplore.exe	28
PID 1992 wrote to memory of 2536	1992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20a952bdfc053b9c83920ae3cf2e2fba_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b5b2ec240fc41b02a58f2a529da7dbde

SHA1
19553a930837681e879e666e6e391bfa4c6eab40

SHA256
b4c1f21d63210cebbd63103350478f0934995eb895002d9c8511f04b5ca6cd62

SHA512
f34edbacc97225dafec1780e93ba723c5ff0b3d832a10c32edd45850e3658c58413de0350fa538eacd547e73a7f93d9ba58d8408ce449a5509af469abaccacf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abe473919e53e0e7831c5409d93dd4a1

SHA1
4377e94682dcf33085fd7aaab5e92c6c65031f45

SHA256
418e1f96ffbf82b6e333f68c16374420f667f298e22f2f989da7533dcb0cc83e

SHA512
a548f09e715d5887bbf58ce256edc3d4c9218004eff9cab0933d877a7c7d31c96b47d610f47d307cac117bae76fab73c04732f75f7427ff86ec43ece620d0216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdc18e578db053c9a7fdf265a05ec001

SHA1
31aca227f7466d98d24e0b50393140c01b852808

SHA256
f6852aa7fa9de391c680e4df570ae4124d9ad075166510bb74a414210801ea56

SHA512
2002c76c900ebe0a4b13d31c362c6c2dccc2f8c713d2bb2381bcc50ee6e039a3722cdb80bcce54256feae0ea95b545a1f5abb6da5fe2486c610131b15da7e3d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7f552f7afcf8a84a7469aac08029ed1

SHA1
4fe552584feeddd8f9b670d57ffb91c6cac1744e

SHA256
11d6724a804f4a3beb18b9565f5ab1b3ae034ac20fa3c7260fee05bcc5083842

SHA512
b28667e3f53caf824fe554bafabc769e0e94d7a48e113aa573c914b60a5d8cae669bed80bc9289ab23d5960d5cf413887a4c174efc705b92a43a96f6c3a9c428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d12eef33471bbe8aebfb6ad6cd233f7a

SHA1
dd07d38db4fd50e484a69136c378bebb52fab69f

SHA256
37a42458d9ac10f72440663420beaa1466900fd381f28a5a0e2922f0f392f4b9

SHA512
6ba859a5f6d5937b1612c49df44630870ff904d842e9c924248a157b38fcf3ad7eda8307ea0335da1a468611efe05eb9b10c56183d5798575a64c0d48a595475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83539d1ceeb20b79d2f0506df5f2d0fe

SHA1
03093faa5c911d2b6ba227614f75f1428bbc10fc

SHA256
b45b2bd508be476883fbe47a20578069f3ca30128c09cf09fc041a1e547ad2ab

SHA512
a1feebec39d0e6dad6f8bfa2af39d5f6c1750f28e572bf10eac70c409f7f87ecaa28f3e1ad8f72938f7adbcd8247cf982f33cfc5c24d8ebdeacbfce418b09288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fb4b728e5476b61093d9b5a4be7a57a

SHA1
2d644bd003c3fc01b572024ce8347a86973c195c

SHA256
7826d3406c9754a5754ded51201fd3192380c368e7466b698dc7f67b781a185f

SHA512
c826729638de6e28b5748f32df5e48fb2360e86d2824de11f9645fdcfff0872343536286ce1715361456c4e26be34a818f4f50aff7191f03912e5c9c2d701727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebafb0faad128e5d0ac56eec2f87630c

SHA1
02ab6c91d620d00c96ffc1c24f0acf8487a423da

SHA256
352a2f9574dc29ac3479e5676516e25c52bad54dbc788c651a6e31e95a2d6c38

SHA512
af5f29c2b25913165ac171c7d45349b90540d1158fb519520c6beb286296450c65624911d1ed8ab905a9e4fc7d17cd47a342999d0d193cd5a18c74c18f66fc5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19a26378aa5a91e49cf3ca8756509da2

SHA1
a6d92cfd72231826b8f12216866698dc4d247539

SHA256
526e66889d14516f65776ca471b12baf9eef2d3d78257959066a5a63172079ad

SHA512
558d4cb3e53ae59d48ab793768c92d920980cf1f9dc7ee17e1a8eac4e52e44b8898783b28ed9d0bb630d9166c4e84888fbc46279d56d3dab6f427fca343bcd63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
405ffcb63255b61dad8de7bf3acf44ff

SHA1
7640745b6a412feffe23f5e6222171846b0a1e8a

SHA256
2f13ff6a6262ec0d458f0c05c014ede0502e40b332e6f1f10db1805f6e0b3ed2

SHA512
998b0bb5170ed2cfe646bcc31f98505357efee06b5b53bf2337e901f1efae1e34c651fc0c52d10b155fc25fc754bbc489264fe5d26e62347bab013f151e79a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e53ab6e35095d3edc79830e1dd928c49

SHA1
5250427ba64c6d2e441d054b8bc4ce0acf4b16d9

SHA256
68dbf820c0f829658b7819c08748d4ee11d2fe53826912b1b96c4844c78609f6

SHA512
99dfd33dfab1701174f8890ba1299b2ac503eb6b097c46c6ff1ac490e3822f9c275a30771bb3ebd7d5c4d69050c8b325c50f8567b647f8fd867678b55ba04832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5434766a4dc47a8cad0458a77021584

SHA1
335282f3be72328b8dbe45d26299b84e68430ab1

SHA256
67b40f0c7c4a546ffb926e7db3007544546ecd9da657d8d1a98de73065f60ffd

SHA512
1ba08f1c5d879b4cec9d820337ac317b766810e8284c3d1101847b20e8907dd6fe4b26afc1bcff14fa6e67fbb7b4759502346b03f324764655c69be7dcb13f62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fa6846a1f94da69109992a82d9c1ceca

SHA1
27869bff5dae46cdc692789c619cee01b5cc2a4b

SHA256
b3aec6b7707a78f7d9d592b5e145823d283c9fcf47c783487f1fb39ff0ac952f

SHA512
0b002d9c6061ed7ef48972136550ffe85ecbde7a792e31eece5f7530acd08bb57486be0bf87adb6cb430c0ea553724fecaf8189b885d50db5543bf3086f1f63a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab341D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar341E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3520.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit