1bfe5b7c6a803352ba994974196f8a3f3cb9952ece60c177c03161658bb29f78

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d53d3e0cac3b9a8b6905fd0c8e1624_JaffaCakes118.html
Size

3KB
MD5

20d53d3e0cac3b9a8b6905fd0c8e1624
SHA1

9218a9538b529c74b0e80758899d59d37098eb6e
SHA256

1bfe5b7c6a803352ba994974196f8a3f3cb9952ece60c177c03161658bb29f78
SHA512

90668eaedbc1f19872f7dbe9d92f4834f8eb6abf8e67c1249bf658747eb7d7c5c8cfa52e30d5c45c19bad9c88e8394cd3f20fb8b2d0925ac2ffe8559f1373a2a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6BE6501-0C7F-11EF-8AAC-6EAD7206CC74} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000025120875b3dacd95f485f0b7f6c5eafe6bcb5dd91272c811bfb28cb4ca16eff3000000000e8000000002000020000000fdbfe7dcdd8947fa024748f8abded1313888e51b992b9fd2573d39714d7c449d900000005c0b235162dd63b7923276b04cf534bcdb4abbcd6f48e79c2b1dd543da0b47a2371207afa9020912f2d41f59330c269a61cf67a979fb7b8c4c4aa33e3e1b122c77c90d5cdce4ef76325a025242c111fb4b92cd4924451ba71b8c5501397845050571ad852ed490b39f802dd82e602ab865bb7bac3aa57ddb1fd88e011eb09a5d5fa3f5d54a30ee48395ec7340e844d12400000004939714c6f46ad61e94db18633b3f47b6f19a5c3e744d39d42e9745313b014e904e004031337d372ae479058eb6e1c53f34af72048a942f4d49958363255455a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90420db28ca0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000003a086c1b0a53fbef28ab797c6f909f60a63a23bb9b6de8d625a9ff9ef9e0a5e2000000000e800000000200002000000056471be17359a76c928eb02634d7e3a0161f21d7e3de21e33da8cd1dff4fd0be20000000bf2ed214d79525b3af861f5c0ecfc206b862554dc9453b161557eaccd27d271b40000000a714fc506d23d2751dded2d22f6ff3146aabf8ab70fda9153c5aeea984ca48b8ffca46f688f220ecffd87651c700c516302969b4f90929d84fd2f088011b60f4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421254762"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28
PID 2848 wrote to memory of 2736	2848	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20d53d3e0cac3b9a8b6905fd0c8e1624_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f22341e4416e6f27df618efc0bb91e58

SHA1
ebb646ff09e7f3b4be360353c49f0e3f5b3a01b8

SHA256
508f4a9f74ecad52c3f7d0066e785c0345cb8a3a8857c9bf730be22b8f1d688c

SHA512
afdfc1dc2a18327d4e6f478b3d99c92659c82f713407fdd843bceaa1aa9a29b6f68db478899da8fd5c0d4b4c6f519ae4d97746a31d6b68243a3c252297f39f2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e80c328dc168922406fb623ac8c3a3a4

SHA1
09f702e520d93a3155a0d05c74fc3c83da859115

SHA256
dd8cd652113390d6fe03d3505aa02965589bbd51000667fe48aa69cd3e1fd806

SHA512
35811a9134d0f09edccaeae48420336c04d5529719af6c14e9dadf122c07cdb204be89710f55d0af4bcb70125ce0663ffa73bed156cb7041a2256a9eb09ada9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
808d46fd2eb3f3965a8b97889448b613

SHA1
7a67bb6a3aebbcadb8d530ffe37d3179f963893f

SHA256
74b96aeee15e0ba3b8ca21ddfc8e72b53b07d8f85f07c28d94203157b6579fee

SHA512
4b021c67fdbcbe2ba4511e75ed566a25ae2e85261c9e93b75c21b397aa974082e657b88dbc7e6a6e00dda04b8693ab1b1b2ded2b01d344ae33ff0afd0afbf5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92af8cc6db8e01962702d8ff640ebbdb

SHA1
03fb3e423f4c6efd7cf60dd4f202cab13e5bb0b9

SHA256
feebcee1c9feac80ed304c98c38df1660b8744064bff7cb1499bb3273acf3f83

SHA512
2b22f5045aad03ac046a073464413056dcfbb1908443ec3d67790f0ab678431ef82cdc6e43279ed8a269b004a2d828b84cf183eeed574c949cc4e434bacdd6f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c81f5cf40f56aac3a8cb97476ff1cd03

SHA1
6b127eaba4b39b4805c5ce5c52e3e2d5d911a740

SHA256
2b5e8610c19b8ef4e1c8e954171c3fa3e985fe93022d1c69c366c9615b818534

SHA512
f14f6bb74de4975ec99d63e9305418b6334d74effbeed3c43b5cc4186d5417844149e7df31d85f939c3251f515d99fff2ced7055f9f6da6ccadfa227630a29be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0bfbf25156f604466b43fea4e760b74

SHA1
f979c3effd1422f0d5a0264f9002a12e8ab92966

SHA256
afe711b1be6e0007c26bbb0debb926e4c8873a356ad2fd57ff4582f6bf11b346

SHA512
a0d8ce671ac23efe8a18db90718753073bf34f3ed5384674c26324539a2c041196abc45ad251b11c7a360693c95ca12fa664cb85313d3eece91f4c35aa947591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4743edaaacfbe71d894f171a728257e

SHA1
0397d8d26d7ffb4a9bbbeee00f19117ffe36d824

SHA256
aeb028039ea0e4cfc6033352532cd66a09af87c0663ce35c9a36f76d51e27cba

SHA512
5829364417c0e4dd660bfd769d9567fb12d9fb5ec95522bd1100bdec13df353233f06ba585e8bb54eb460a0866fec5bdabeacb8b5e3af40256df497a5bc867f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
814d46bee79cad91bdf566cfc92f962d

SHA1
1485efe128ffe3516b60a4b41cdc353acabdc4a9

SHA256
468c663bcd5e3a7767c43eea5a91fdda7ab5aa4d9bb0be36cedc3a4526734421

SHA512
4fafade2eebc72cb78e81a756a4b367b5de581a8791ed8e7dd4e206f8306454cd275310edd31fab658ac9d7438bbdaa5fb5d436a54cebdfea1f6948a1704ff35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51daacf7fa1933ec143181758cf706cc

SHA1
3f26b5743d459fad57f6ea75abe952a331a939c1

SHA256
2a79133734a3d9daa12dd3faf053064a0f6daef492fe32ae0eccdebe4e074399

SHA512
25e0295a8c1f5548941f9a7975ca52e85367fa2811d50241162b9685ecbb0503e242fbc9e16062af54725f5ff11aa35963baa299e74d8d60aee607cb94c64fb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
227850d96c56ecf72f3258a62306e772

SHA1
f2a988b53abb2de44aa5f16572961554154631c8

SHA256
4c54bab63a0584b68f801927d13c2a7904c3f505859c22e211c108212afd1ea4

SHA512
a58480b12771a56a6dc99e86267f343734fcd0a4888fd9ca7adaba3a283708f24ac8629adfb1229233d3777cdbcc95f9c80e6e8a9bbdadc8ee6a1eab73a5d384

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd10baa919bce79cbd672788b51281c5

SHA1
c6c87170b1938fa260f580b087cf625ea57bc03b

SHA256
5ab796aea064cff48ccb159d87e6fd8fd07a3c5443c900fba4d57a63e0eb73d6

SHA512
fd0a94dfab3599e9a864bb98219c1bf701d0431b5bdc971f6279ea5610b71d02655e65de850a7c212b36a091570a75979a4dd75c54efc72abae05fbbc56752ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76421dd0bcc98c39f9ea378be20e0e85

SHA1
89a6cd6e58bfae69e1ec90ee6b85210e34e8d9ed

SHA256
3503b2c92aeccd86e007c8fc57f9f48753e05d8f0741c3fb4a952c8af266ff95

SHA512
4d1507625b3eaff49291e700e6cb5db265c295c3cb4a6db0396dd3fc5a08881f49e2edd6f9245a56d322b82d4b77e080712c318e77d15ad5099b42be39181209

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba84faba5ff02769b132edacff6a5987

SHA1
33160fce6570272a3d24ef22af286657763ed94e

SHA256
a051053eab0050452b4ba58f3356f009a69e77258236cf075983d361471c78ba

SHA512
da5a3ca91b1d20c209aa89364e86c1455348c2097d0f14e003dcbd54fb449337c3642e10ff00295d6b5db33b6e886ecbf4d2c2dfe84e3ce87c328c72ede95d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d7fe9f923552889916a150aacd80602

SHA1
aaecf2ec40f5abf932d76f919d39ca337fca6304

SHA256
62a3f579fda3c3bc7371ea9a70ef737b667503e7deff62a5385f03cb0fc2a075

SHA512
1aa2d0cec3ba8cd2dfc9fe37e274afcc9af9dfec689ec653b1b0a5ed63f38f9128bb59ee7f3ff3b28515b6db7a33684945b4de8c2a3e3bfd9fa2e4799dab31e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
299570cc0a2aef74da85eaac58a27337

SHA1
4063ce475a2c6e2f755357e996bb42ab70ec88fc

SHA256
4d6d39e0c1f589372fc11d07d52c8c7a93b9cbb1fc047514a17bf70c0fa8c1e5

SHA512
9a5999ee1e56de94f72c6f2461632f3c66ea956bc83c2bf1df8e37276566d2f701c61cd9cceec5766e28150e05f6e479b56ede93f2e74818c2e65e31778275f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab322A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar331C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit