ab7fd09bb0eaa26e1e15eb5e5f71d0f0d0595b222a6e60d374eac8004def1209

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 19:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2149f3bd21ed3fd1ae68115a8f875134_JaffaCakes118.html
Size

460KB
MD5

2149f3bd21ed3fd1ae68115a8f875134
SHA1

2eb3b5758f4f2411c6f91e205f0ce6a41db1c3bf
SHA256

ab7fd09bb0eaa26e1e15eb5e5f71d0f0d0595b222a6e60d374eac8004def1209
SHA512

3536e489d26a8669215797f1c8b1bf3f84785504f797cb796d330a2e894deb32745a6f8883c22c8bb741cfbd1c1d211670751a6d4e873199843bf6c5847c7992
SSDEEP

6144:SwsMYod+X3oI+Yd5sMYod+X3oI+YPsMYod+X3oI+YLsMYod+X3oI+YQ:r5d+X3V5d+X3l5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000056a2b1e6437b64cc271731a5a9c4ee76a2b450f6db33ed7a0f1bb2d9e1a984e000000000e800000000200002000000002084057599a10617a92d5374d46b20883fbf56bbe2a513421c082ded77293962000000031a5b681c401f74054fc102953b2bc6773199c75b9440ad411b1a2c3591073a1400000002ad113d9761bdea5900fa7a5f57807040b3dfae044cb2c5bcdb51834cc1257acd842712fcdd30efa189ff1c9c5dde773300645bb987c63f9afa93522a8b425b0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421270368"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80aea714b1a0da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000746193d3afb223a4920c6e4372dc02f106919d04ca92d0f6b0b109cd00fa6f6b000000000e80000000020000200000004f8b68c10b84884c8ce7ddeabe37960d96523908df31f1cb8d674a7678c50f2d9000000010f0cee09edc65a6c0d60a5237ae02d1d920dcbea4bf1400908d4570a4684b827085110c94c0986543fe0d4359f064c2ddf857b87391cb23b2c50e9ae72c4c04b4980f978e76fb8e19ad2b1b5ea8ee59c0faf34cb894c01ca8e30393974a5dfeb444af4f9788e551871d8465ab6e3c5aa9cf837220c41b29c3e3837361779c411f7d992940b42fd05fb160598a30843040000000b01393ef442996222f104d4ffad1611585d5cff2167bf805a26cbcffef2416ae0ebca6dcb1095ca55ad938cb21c969d586dabae206e2a314af09de23dc41d9a7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C04CC61-0CA4-11EF-A304-E60682B688C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1796	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1796	iexplore.exe
1796	iexplore.exe
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28
PID 1796 wrote to memory of 1700	1796	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2149f3bd21ed3fd1ae68115a8f875134_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
809c319a9b60a4c58f0374a76f996c93

SHA1
e479f4c5c215d7676990172f11df6a5c471b4b41

SHA256
99b02a31b1c73ecbf1a49a1db5e88e55d5b82f9106b56829b106dc9edb72cbe3

SHA512
c4958dfe05fd85d65981e7b30ba4fdc9c90eeb8f9da5d606136dcc7c601db0582a5b2a56fed761849502b53341c871832e08f0d052d2eaf3253e9cd20213dd92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5306fe0931e6a40542904c9f13098035

SHA1
a973747430153aa8a7558d3f50e58a1f94289f08

SHA256
14459bf6c551c168ca71ab15d54fe95b1113e84fd61b14919be25fc85570ceb0

SHA512
0b593fe35f7387f786e9e03b00977fd2c85b81c7c8d7906d878c8daed048c8847a27a292f632d671c633c4066ea0973689f6af381fce0fac2952cab1d3a234aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0ba17dc90ef26c0bd0c4f56c072d619

SHA1
c95124316a823d1a5fa1cbab173cd4bb8133dbbd

SHA256
769ef91555908b8dec4641d99e58823c7dc5fc9cce2918680e8e2a33b0c97351

SHA512
387ec28d3e66cf993ac8c0059a9ca9010733a567a823f1fcf2654f7da0f383464a928a2b8374bd092518dc9a08aabdda561e9b03c3c2102468a5aa1c74204e8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8421bf43178e45368952e3880ae70e8c

SHA1
b2b45a94480e7286d8dfd9c37a27acedc7532bd9

SHA256
b11cbef0efe64b0cddd82f0f995f56d208d0dbd797d5b6c18af72a4c131625a8

SHA512
dc250bdea0676560ad8a776a30e04b5e6ce4e264c34a1d5b56e52a12d1d5df2faf2b9ee19b9ed5fd1c4a05096197caafa2bb5744d0eadba84efc24c8fe0dbeaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fda73d12ffd8f1702bedf7e29b367bce

SHA1
184ebd62b6f975ecdead38d6f1f25343c46fc228

SHA256
a3c3e1da6c43bab3cfc93cbb5ae1cd25fda13d9ab116ba7096e837b6dc2a7587

SHA512
fd1524abd6c1662ec26b6907ff80a93b5fe589f0a7dfb217887774c2d5d01d91be46a0e9421ad27da0a4c10824fba9b1ff52aff5a8315a157081cfe20c7993cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c4283385eb7c363d4f0da86abe20c17

SHA1
00bece2d4a68c37e994a708d596018b31f2eff7f

SHA256
c6ff6ae09575ec6fe6048b2e99d30f6097308e44b4d9b74645f359afcc9d6bbb

SHA512
71550b643e8c4d3360f70fd4d6601f11825c3df0513e2f64416e6fc5d6df303bc11f3686d7310273f2352132aa70356ef48688cb89aeff778e773ceb05707719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e88fc669217856a46fc6dfcb6fb17a9

SHA1
2ac4c8897d658a34f9f3f530ed63d94aec62e91f

SHA256
cc621e69fe613a7d63508d69cf3bcba015bf3f2ee24582027dc69fe7c779c8cd

SHA512
cb6f2867ea72bbd9e0122bbeeb9b12674551af17c9b1a954a0a61b2affa7066f50ab66c45d6f35c1e4646da32deee81afe0c250bc9a73ca407a92471c2bdb64a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a4a245a3b5af0c5e347f1e5b6780b64

SHA1
24bb4c6981d683212a9dcc009386d5080a2766e3

SHA256
c725bf2ab0f9486926a76a7006159e9b5d666a444c98dccac4ef354339b25457

SHA512
647c369cba13af4474d12e81e5722703351a6128e762dc9c0a743a37a833120b9ef8a13d91f1408aa87fef951e6412bbe720e5b56f979f1ef8946834d0d2f779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d8e9b074999fc659a7aa1ef11cd4396

SHA1
103e282ef1cb860fe9ae9185aefed7445c459b1c

SHA256
12f713d7fbc7961c2e546bc5441651eaf777eb759be5a28e0d473f8ee9bd424a

SHA512
5202510f3cff391afcc0f3401bfbe17f58571e43627266975f3728affd75e06cd71adca695604f99101f04081d12d3bc987a9d8c50f5686ed206bfce9736967d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af2190f9321c8fda2c284c35b29cc41f

SHA1
3c7951e9872b2f1b1689dcf2c3db4107b3296d51

SHA256
30cd03d36bdba7cbbfb7618da9485f83d8faafd713b8c896feedc2d562a19629

SHA512
78a7c503993f78669e60584258110c2d828b795c2775bd92c134bfd4ff26336dfdf385761f88618fc59ceab3cfc676e35cd7adda77ed889374fee5762f0d9981

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4f029b45f878a69abf80ef5cba1f029

SHA1
8019a19d0bc738225575c973880f79ba71df414e

SHA256
981ab8cfd10bf59cad2dedd6f800619850c53f1aa7f83e6abba26f07ee4f8692

SHA512
cd8e08b3b1b04f9f77b11ad9efd686e7790ec94a92dce5486856db30ca08652c1aefd0cf4f830d0dd4022408952ea88bc7854822756c4df5d7735d251d22df9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
366fe4fd810c823aaac5291bf9ebc9be

SHA1
ce75435d06c9480ce765c310e0c06273f3386d97

SHA256
a7e76dab64304160c906449df9a4c4549a4aa9180db40b5c912aeca60f9dec95

SHA512
bf2313ec905fec4a7ce38c705ebefe729e4b8a0d21b59945251b266f9c9d632b4924fd20f51f8c76830e545ce8b2abe87315a487af08acadba5e50acc8db1147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
546555e5a647175afa31621b987e4839

SHA1
48d3350523b0b50254b5cb607a2b7a75398f5389

SHA256
cda886446ca97920b5086bc7eb2bf6844d220596d252acbbb44cea063df87665

SHA512
b86bc0c0137d3919ba311a5e5e1af78cea36528d47a56e9df42977df9047105aa46235958e117d37756b9abf5f219a0a9abaf69f52e5ce010b0b1de61186b9e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca9cfc3214899295ee0ec93034747e9d

SHA1
88b0c400e8cae01080b37a6b6afe0a77fe844dc5

SHA256
f7d67ba20611b37135365e56f29bc4d579b0e0b44271cd0dc122ff6f23f4a2b7

SHA512
f40691fc8a01c5f860924cfb2be3d51a961dcd265bb29a34c752a150783c99b17c3ec7a4cf5aa069b69cd3fedbd22e7978b5acc0e5b08a3bdc5315c76b4d1449

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4646.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4718.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit