4465786dfe1c7692e97f3e41e4cd660c1991128ef1e89b8de80466f2fd6c39a5

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23d4a15ab3d578ed7b4eae99229e641b_JaffaCakes118.html
Size

4KB
MD5

23d4a15ab3d578ed7b4eae99229e641b
SHA1

8ec29715c5c27667ec19bac6737ebd88d0360c3f
SHA256

4465786dfe1c7692e97f3e41e4cd660c1991128ef1e89b8de80466f2fd6c39a5
SHA512

ad54ebedcf76e6050393c3942a3f3b2b6cc8d2a2c9643724d080b9e43507d4c75f3f2315ba28c077a3b5d5bfad07e63e23a53217651c25fefac3ea056cfcd5fe
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oQXzZmOd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C0E3471-0D0D-11EF-99B2-4A4123AE786E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000005250261d3889c5b0c07af48c5ca574c05f4495de4c278fd6d311d0618e6bdd0e000000000e800000000200002000000052bf9f76893ec17c63c72b79a71388dca8e796b47f4a4c3a946e3cdfcb8244c1200000000d075b50cd031016d89f6a5d9be4e724dca4f70f849ccc5cd4881bfffe58543040000000a19f45c84065c47d5defca6603a0e22352fb81a73fffdfda2a79b4682c34699fa4b15374933fb819314991abbf2530b6b87f298d5e2afd0f435687c83fc22beb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421315491"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e09d201aa1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000017169e41b7aaa5c85dcb9aede531b72fe48bb7ca025b8dcf0e2ab68fed1b30e5000000000e80000000020000200000009d2c73cec497d0c00422156ef52380fd6c25882b538c9f9d530984ba0c3239b690000000d9988985282cbee7335f400e72b70e1151626dbdca090df139742e2f02abd25adbe50a81b5e20062b3fd12e14f740e57a85c41865f3c59d2cca19227fe89def95f5367e3ef278d9ff406f0363286c1bb65d16f808719eecb004b9d514deadc21ccf76b3d269c9fb0e84fb6d1d8cdee9d609f62d80b6124ac060bfe44377c3f04975b60b85ecea28628e6e5ec36f1947140000000fabb72b65a0d1c28451a10f1a78d9c9be27637f52a2eefa6577b53dfc46bc0189c8360e68adfb96342acfc89c1eb77eb00e96e5eb9063f7d74662c770de0f25a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2416	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2416	iexplore.exe
2416	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1276	2416	iexplore.exe	28
PID 2416 wrote to memory of 1276	2416	iexplore.exe	28
PID 2416 wrote to memory of 1276	2416	iexplore.exe	28
PID 2416 wrote to memory of 1276	2416	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23d4a15ab3d578ed7b4eae99229e641b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8370f64649f8105aded25196629d1885

SHA1
87e3141bbc534dfbbc97040a3e48d1eec5e1ac63

SHA256
e21cb0a95149789484698926dec410c8405976452084418a2ce0e646ca1a8d92

SHA512
157a4f3d3782a8ef07977cf1119ea4585514f9d5eb5901475cbe99342ee5ff12ecc4ee3b1afb9c7686d604173a727d08d3e771ff5bcf5750dc442d7775643411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecc9d3f83be33c4b5ab2018843d96dc7

SHA1
6cdb008f414f5c9878390a7c664b03bcbcc6f8da

SHA256
fe76d2925534861f7ce7ed6d4b2c4094019e30fcf645a76e72c8eab841d68969

SHA512
b28000fac64256789557af24790957c1e5f56508af310f4a3c11c6d90524e46dbd5096aa64486163e2f4f64591cce79657f727a2a4de5467f2c70ec294c2a6cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af6f67ab43ff500cdfec6705fd96a0d1

SHA1
a842af42e95a2a2f8355ddedde074c6c4384208d

SHA256
543615517634a888ea0992c6312d320af503125ada774f251d533650f0674dfd

SHA512
9983610786b5d3deaf21c0de0382ffb7af3e08a565490e8972e83aae58705266fba7b8866e3a9515412800735459185b6e1b82bfd07eaf8bc9f35a5f89d83adc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df2e8e7761fc54b18628c77e2fe2161d

SHA1
0c6b83fa6f393759eccd5b84906ca2f18ac302e8

SHA256
5c9f78d1a9d13179cc572098db758a19adf6033f058724d913d7378faf112af1

SHA512
3894c9f11cdeec82afd8d0e630e5559e70c15d306dddc0a62488704f08b150efaf4427470fa30d48dc169c9fe047b765fa2ce4d5b8508de13c5fc839f0a7a36e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7643bc67c1178c1298b7d95766401749

SHA1
3066e455d73816416924c39c8ed19d36d45ade73

SHA256
a4947b4a5a479bef0c2fb9c653e14f838e5ce4032df60be7569f88ad9e48c484

SHA512
d77ef3bf520a0adcdf181946e2281f74bbd37f2576cdb50aa7ac7f816a5f8b42e9cf5af16945981085926bbc5b9abf441397f685ce20b12f9ccda5f2141d8c3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd0a632d6460d7b1c8a3ee2f92020bd2

SHA1
293ff7195d6fa9ad22f40a0d86250d61fb21edbb

SHA256
c34039cd9b25ec5206f75775f7335c483da975d6fb766ace34fa5a2e3746a202

SHA512
b910596c16eea0e4179e454cb98cddb25a684aceecdc09f739892ce74ab109011cbe69af593f572fa8cfa03392452c03f2283a455493b18555aae7361911b473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
694ad0ea0994ea42a9bb8d94321a2c23

SHA1
3d458d6173ab7f523657f4c097c812970fb033d0

SHA256
5dd802bf21069e517137e5617782dc184f3756cbb8fa1dc96be94bd46baf7219

SHA512
1e1795004663f30b9c262e6531194ec4dd088857888b251d6df1fa10a7ac1e60465c3584eaf4f1836e5cfe2e5d8b33e89129248287cd24af9172d0aac7032dcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38e281072614175f452439970536ab76

SHA1
d96f249e63a164f651f24c7ceeeaebc78a5de14c

SHA256
8b42a36556d62727f69b2327f7612d0cf890176f190f428d4f31c052dbc2f321

SHA512
c24fab99bdc127b376a5ba00cce51538553bf0c5ca13e4b7467b4280aaa923064624455546af7c0b6245d2cd6c826a8fabad0d2461d1ba426dae80e410c11d8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da8d459c6a005a3eb8d7efd6f3094e59

SHA1
c00511fdcbe3ecf9c460131e7df4c72f9238285a

SHA256
8229f52bb889bf7f343f35afa28d966c76427c43a8d6d08f093329e87b178385

SHA512
307767199dece8024a9c75386e8739ccd34ec89d6fd415734e829905bbebeb2ebd26b4d2aea7d620c6dda9f043ae03e0603c34a592aa4b26003e6b057ac114b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30d5c70b18e8c258345c41a211bb41cb

SHA1
10e064e5ead8b8e90a0765abe563dddb47ad0762

SHA256
b819e45eec0a79996c0d2e4c4f9438cc80b13ebbe5ee8b0c14f00d8408de2a8b

SHA512
ddeb6be63b64f0b44549104678012f34f7ca05db0034f970a095e0ffdd7e7f479ca198010fe59e39b142918514a92196028db7282e2279ad2fd491f88bdd5748

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e8c0aed2b9346b42d7f8db3fbd963e3

SHA1
1a1816456cef3870a6ba4b26723d85acfdf547b1

SHA256
239ec05c11481b2b6ab68423b138e432770430ed6993b0d96a17e0c67f192777

SHA512
94e3ce00e046d38fa21860f0e5cde5b0e72b7e086e54ad2b1403691d5547ee2580e4d6c1b38a4fdd7db971c77957f2efee5311ad90c4538772026180a54d94a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
254771748ea492b0a9f5589776ec792e

SHA1
2ca10c8d362020bfc04ec18f9c9cc64056f42395

SHA256
1090c7ddcc35b4aa88ed4561ba7424665c1963af2b369b648cae521f0ca2734b

SHA512
dea2acdaae9a3b7ef662646c453beb2fb78df96bc95387efa86f961d9b5137062ff5e98b52a8c284ed620566825cdac3cda16530a189a4407e9c08a93d056513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b98a5403bb3a3382412e7940fdb96004

SHA1
18a6a554eefa59b44f5c189aeb5fae8f43851dfb

SHA256
42b77b0a19a3ba5b5e2c2d227d760601aa4a38c5e55241d91f28c6a3117e5e17

SHA512
7559df526ab3ea4dda3fb027c6cb39a375c71e796e97305cf934678fcafc700bbcde5bb834ecb09afeb88f35aabff21046e064a18dd3dbba2b7c6a2bd0b1a258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
157276ad574efc1e0a88f09135207baa

SHA1
da0cbdbfaf0d00afb578332f67350ae76f6c1db7

SHA256
01b5d7b70a2c64c4df0f768a75816b22a46d925de92596d147f4d8bb78b6c5d2

SHA512
31fd131d60b3a5f5040c764b6a8dd321fcbec3b4a4ff4fc551f1ca55248e91d2f6acc4221e5175c6a606ebb866e92dc3939ade410b8e9af85f4c3af3628fbccc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
163633882ad42cfcb1684be58d3291a8

SHA1
301f864f28466048b87eb47841666dc67404d742

SHA256
887b596591c9821c592bd906587d0c6b320b2b0638ec96ff6b008daf574b09a2

SHA512
df13b8bb4590ee75232710cf053615b287a16925a204b491ef955e6043475b355635d769b1e409495edd12f911d8a805e8eae805123080fdf708f1a218116579

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5db0e0faf006f57551cef7e5a37ec730

SHA1
8eff17a2d93fb6fcf21d90c6244c7a36de7993de

SHA256
11f90055cf5cf804cefd4339923fc299ff2c12987005c60271f5b13a89109c75

SHA512
2bfb4f7c2aab160245dcf75d2488e34e9bfb27d6ac74599a0791905ffcc00fc24227dc6ec207ce04c75ecd5717d82ebd1e728d4d91a14baa93105475721e89df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81666c347b6edd4cc7dea6c001a0b9c5

SHA1
65192ae2945bc002d35cb92f18be54e4ebcb467d

SHA256
45e1cc7c9a7f44c4da5ce8a8d82c5690b17ff9ee5bbd94df3f510ba930f7da3e

SHA512
9af420de91c9cb67f8b7376616221337ccde08508fea1a70bae575d50190866742dfc155db7c62302f2028bc438e5a2c82c06a2afe9b83b86a23dd6d6dcc4506

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3037.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3088.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit