a80ed952aa5c5203d229edee23951798a315fbd7dcb07f439f89f8bae1e6e4dc

Analysis

max time kernel
135s
max time network
129s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

218eefb0e7dca65fd66017a197f356b4_JaffaCakes118.html
Size

31KB
MD5

218eefb0e7dca65fd66017a197f356b4
SHA1

d39de4368350dbeed7003e7c94d9534335aaec37
SHA256

a80ed952aa5c5203d229edee23951798a315fbd7dcb07f439f89f8bae1e6e4dc
SHA512

0486c854104059173d749b57bfe8658ce7f88fb497f70214d7b04ef2853b39b414de4313ababd7ed0ed46a27fc314854ebca0cca6558e0f2ca97f736bb3c01e9
SSDEEP

192:VWCk3GDG7GSFGNGeWqGUpGtqhyvXb5nRynQjxn5Q/EnQie3NnSnQOkEnt4OnQTbs:ACk3GDG7GaGNG9qG8GtZQ/IWSSSQ/jle

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000ecd0bd6f9d6ca6f86eb811eb26ee0c606f879de805b6a3e7a73f2caa8993c5e9000000000e8000000002000020000000453071ca60bcb065b6bcab445ca778db0e12f4b4e56fd22ce4ac9dd14ca0bb4d200000002c4db8a85fc44f229d7e46a698e42ec984f7f04cf2eb86706b4e1644f70f478a40000000497e0e56e06bdca08e479bdb9fea5db2eed44661494d710d9b9a4deb52c6bff4b32c4b8c53de6f365a5210ea4138d84a664eb2ffae577c6576bd46476b0d569f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b07c3b7dbba0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421274845"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f172798c786e354a2a97470faea065e219309207208bee50b6f13565bffc6198000000000e8000000002000020000000a90c899a1f05c2a0bdbaaadf4855a7dc5e6a76d31f095afa5c2505376b35f32d900000000e92548eb363ae88351ab85be7ede1a21c9955a66f6637f1cc685eb8d81832a6ed50ef660db8ce35251af3d37ba83858449757e70a3a15761dc66403c24fd9abb133bff97dbf6bd4b77c6f640b5180f78af2b51f15a9a82f0b2f329ffc021f6f7e359f2fffff8f3aaa20433e73f5c7ed39d444f5ba20cbaa88568a3517ccee3cc15669c41e3eb98aac37afed8631775d4000000046339229cbb63e5f074924290a4e0c8c0f5f8108920c6945518d83c1c75f25f1223c34734409fe81c7402eaa6c5da0a7a59d87dd15a34eda6967f306c3e72b13	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A88CD761-0CAE-11EF-B781-461900256DFE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3000	iexplore.exe
3000	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2984	3000	iexplore.exe	28
PID 3000 wrote to memory of 2984	3000	iexplore.exe	28
PID 3000 wrote to memory of 2984	3000	iexplore.exe	28
PID 3000 wrote to memory of 2984	3000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\218eefb0e7dca65fd66017a197f356b4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adac3e2810ff287b8e2b73ed6e2781e2

SHA1
ea2b15a237a491b3416d078ca5f66e913913cfbc

SHA256
c4811568ac9ec0390e38de694f51065f86ab1ae42624514f0c1c98b498891647

SHA512
eee4aba4c74e962496225411c16178530a86b4a6c62d608a708b7b0778c0ca7e733fb56f46c8120b705025686ed30359b1b6dfa3a0adbc1a0e24204cb2e65fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a8b9d3d88ef1d4bda3dbdfaa7ef0711

SHA1
1e919c660fce1f7651dbffd725fad7cd17cc89f3

SHA256
c47a8791bbcba5dd087bb0723ac63dad9e666ca7336bb64f3bb010d6ae23eb3b

SHA512
f2b6bb7396c2b400461044fff1c2e76ec04a2b46526e690a5e6bf70bee780472167d0c9727a18e77185338a1bb40d329d56b9c3f18512e1fb0ad02ad17339ce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d3bebe4990a983e7e5d9ccbe3019c8b

SHA1
723dd48268d7f52765af6de1bd643eb86811871f

SHA256
a2cf51dd8d3da9338916e3737a676eb5a42caf711ff418631163a404c8f8312b

SHA512
6c190498f40bec57ed5a0023b438624e023f8cbe49a5bd189f0fadb7e6dd221b1ec66ad229a5b8a04dc35337c3854ee8bfbb15fcfaa2214f49e85207dfce63d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe9fdc303754125ab58ad332b4ecc436

SHA1
adb902bee2796f243c914adcfc92f4744c34f5b7

SHA256
95723767c48f68fd1885d3bdd917913a04c91bf8fd4dcd8c3bad148c76361c4e

SHA512
cbf1522282a3e60a518b86c68f4aa780b8cb208b31c6fcad67c419c391788aaf5db1035b6b7cc591b6fc091debb5a757ddc791af312cbc9601c53222ec0cfa8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f14cb7bd2fc62d05acf2b0ca8227822c

SHA1
fd57c60982f55cb8cbb15f593b753d6266766b91

SHA256
46f3166149ab850c5fdf545cbbfbc6d58949f31adad198d09059dc17044bfd59

SHA512
9c2315d9bf2946691fc02adf058115b51a6c2a6d92c83946decbf6fdcb25a096db352f32104e476f5c615f0a9d2227c28f3909cd825af22280bed7f5a5d67578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9180981ba0ab9e3525655a67b112133

SHA1
643ae3d00ad121e495f3003c2506c6a9b7465047

SHA256
82794ea231a1d71cb88571a756388ee59f6373c93862af2c8f6fc672adc32594

SHA512
dd0870a09bfde6b974cf817d90d55ee55f4f062fe78229f52d0ef2eda8778bbfeed3943a8d8860f3016efb1a8822349ccbacbc4b3254886659c8b8a884652fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ec916c00186c227681d285cd2daad5d

SHA1
fb70881550dce2da47e1db7f1638bbc55676aeff

SHA256
cada8466e0032c39aba7c0917535c09a9577517eb30ce8bdb11457cab2cde9af

SHA512
fabc79424d593347e0bbe253996d5480e51e4838cdc7935a2e84c297c81c10a84f825dd2447770b86c108580535b9dea86bf2f6d756de88c1025e3a3a247d08b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45089b9b4f2b7ffae2285947ce62017c

SHA1
47e1de3422884f855214475c67046594c8f33e6d

SHA256
e4a3374cda1831bce33f8aee87585bd1e47d0e69bbdf74dcb13439710ea14267

SHA512
e80e572b3bd82a276cf3ffe4f9a0ea1c8f481278e7162bb6f5155648585899e1eee8213af0ec272d2ec832a33bb2fac10a43a57e75609e383e1bcf77c4586110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c3be0a71ceb63f2d80485969a5221e0

SHA1
3e83baa936d84bc3c68ce89f92be38dcd11786f9

SHA256
dca1f181a883d34d91599fadfda1d0ab4a09a5a163f308372d8bb494ff1ed748

SHA512
3fd8cec3210e5114ef0bd7c4762d718f38169c27bd8a21733a7ddf7d898a7b3da8141080a8e672d247c0dcaaf56a818e1fa746b663fd955b8ccd6ca5b396ca64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a364c4570d6c20f3a51aa0925987a41e

SHA1
9ffc620deb12136a29237c640d59d0acd7c3749a

SHA256
e5a4718165c3d607dad19385212700d70dee8db543a7ce6cd0da784cc3c3c8a5

SHA512
d5712c3710c3324c27b3e3d0b63f9c9b6c96f933b486d032fc22c5dbf05f9f6baa38c89dbc75d6bfc942adaf94f833ebed32c0e30d6611f36c912e03bf875284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5faf08c8129dfbf6e4630f1fc07a162b

SHA1
6434b0d671341e78a3ae46387efd84de6aa79862

SHA256
a73e2e8292a8566628db4cc0428b55a5525a2dc1de2480d92b84a76370709be0

SHA512
f7203fe9fbcada098f145efca541a6dcf5049c04de43a1ee0a958427daac6c616f3cd29b22d57076cc8677778ef4edc44c18411ace1ac514669c46a4f5ad41ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c016adf59168a21d22e9fd39a7538e1d

SHA1
dddf4557bddace96ba65b2f54e1a5423ad930ded

SHA256
3bd99389b2aab5aef56a246eef88c4210bc566fb7f80b11618598124545d8f91

SHA512
6fd7d09ef4be11d2b2c12e79fb17eca0b994c8c7b0217a325ed48120ca91fb14521083210785978af41e1f8415a853eac6cb093b4e0e73353607557db21795f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaaf7957ad363b7e714955fe90312547

SHA1
9373c02d5c32b810e29dea234b8114c0822858a3

SHA256
2ac8966b4b82cfe6145906c37f42f7e8318e7853fa6741a8eba738473f448068

SHA512
38a59f191aa57c9f49c6df3298215ee25ec0a3b57096c0ec37d99a3f7ee8ec3bddcaa06680f3bfced1b5549cdc1904ff459de9d76ab414e663f39317462faff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
701bbc81af56a4180908bc84fd62258a

SHA1
24b3700a80380a181f743b523e7375f5ce8975f7

SHA256
195dafd464b4130475455e231ecd00de3364fee85f86643ce95009a680a53c8c

SHA512
9533c08291c1cf21756b7a7ebecf32ee31b6a451dbf339874eebb543b9ca55434116969a20c45b716ae7205c898e1c8aa1813a7cb5bcb48e74cd399a27e4cae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5504b2849b913d260ee4cb685c36ff7

SHA1
9166c275474c1636d0a05846400086609d150c41

SHA256
4b390be5e4b41e787f5266f4b10bd68848b4d2cf6f890ac9527677cc0f9a0c74

SHA512
3dc49bac8d7ea3ae88887b18de91bd66c653615a647a474e26ee91b21bf4e04de1979d4ad3d9b0118e1f3669c540ea84ee2eae2b495a765d4b281713b860b47f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2AFA.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B89.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit