4a1a5e24369a15d222fe1358f15de0fa35dee77963f048318f8081ff8ec0d65a

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

252c62270671a540483ed7bf7d1d7541_JaffaCakes118.html
Size

2KB
MD5

252c62270671a540483ed7bf7d1d7541
SHA1

2e6063f0653266d23711ad9ca7a0317b80e201cf
SHA256

4a1a5e24369a15d222fe1358f15de0fa35dee77963f048318f8081ff8ec0d65a
SHA512

e6366d9683424a23959e6c5c20d7c0557bbb41503cd78e3a83e4b190cf5ed5e94b988451078513a9471787887f2346f72a962fb77da724125dbc482d31da7627

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000012cf75edcf262f67e8f4739e86d0a6c4bb7868d8c5bf57a1f84d5cf17b90c559000000000e800000000200002000000083dd11704f6494bcf91c29fc6ed1411d71371787b7d8db3899a39eb1b0898aa62000000003fb21afbef1509f2b5b0a571c8b3b653b6f2413642b5f03eedda4b34c192a1340000000329ee37b865f9a220981dfe4b39fb1d977161e651997ee65abc4ab98c6b6ca4c951c95e38093613d6f83736f64954cc749a38ac4a93e71ea79a9e864a5e55bf6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70bf350e50a1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000009f7a700d56fd48e9f68a518a395545fd0b983f453ceaceb12ea2887441ab4715000000000e8000000002000020000000fa8ba4ba0eea377807e6c3f3a72b66115a0a60a886405f89716d1f4ab5b4f5309000000043ad204d9f31b59b340bcdc2da6b958e627ee9d742be942f0793447a25e2adb703e6ba25b98c0f3cda79889172549835c8775c0f32f2e0d88eebba33e83ca47935e51d77934ea50f3f8b3b1e4e2b378d54132b3038ca28be437ce4f5c999d3f7635a3b3117934996abc294939013174240780d1818cbcf82a9474d5a32a69dbb8ddbea3f6bec3b30b953a0dc66cfa1664000000078772b537114a9c7f8393560a2190c890a42ea056c0b0679febe56aa544f8711cdb8ebaae05d55d46d3d0ba936eac6290b983edd363a3f33342f71d488b5f6c8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421338653"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39A7E891-0D43-11EF-A499-62A279F6AF31} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\252c62270671a540483ed7bf7d1d7541_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5153a3ba093b6fc4617557a9b0ace3e3

SHA1
e4e95e1a7425dc64a3c9780f8021ba27b2753358

SHA256
6608f76cc74a1b50929fe1f946507af4ea9043f16bfcd8cb402589dc9b24583d

SHA512
4dd11e1ef32b117fc618508ae9c76b4539442474873ecd2b4c6ba70169694d0bab13cc584703538b4ee3a79e1beb18ede12a91f5593832dfd57343d0e7716724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
080f269b1fae6a3811980e01c3a001f8

SHA1
7db56b18b8eab57ba7b77ada256fcca92192988c

SHA256
012e56ae983e77de6e3666896d572930f880c1ef7c77a37254366376830e069c

SHA512
d77eb484747a0459344ddfc0c75564e0eeba34eeaab42f97090275dd86b9be01ad04322502323c0678b08d26424e84dd7ae78ab2a582e64ab9b831ffcd5dcc5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f963ff6cc37f445761637e298b263432

SHA1
a8351baa61c3898eda3d2a19d5e641c3d7e87670

SHA256
cd68768d4b0b073ab13d76a942726f93820034332754e3bff05814a187c95df7

SHA512
1546b2637b99432bea68639b0dbd46a4b8d84ab6ef35f8323fb983903981b8ef1e56d2d6e2f6ab5526261d073b1d2a9f4041989bacee85137a6c4ff0844f5c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
167d96cc04cee542c876a8b0856a3803

SHA1
1b08f5df773404a67dc3e5e70a3917886e0aa065

SHA256
862d0c54964336edd5002f557b59f09b75fe85b7f4e54d1d3d845f26dbc9fcb3

SHA512
19e1393a90186ef3fc5015ff39f9cb83e243e88ce8df37ce530fe808a80a170c9fec7a0c1d1fde4f0ec3932b774a7f266f824ca580984418dd075972721feb50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb5d7a7ce008c4cf77d5ab4034285159

SHA1
634542171ea4297d5aa99af160fa99018b225d13

SHA256
6747cd6ea2500d5ac27dd582a1e97372cba682810d506fd8b166f4512ec1f4d0

SHA512
3a240970185ceb607ae3c923b528e318c59d78119f8e7ce06af5880d41af00ab3db4b53162631c8379c9b33eeeedf427fb099c7dc1912d1ea554c91b38e8dc7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4bd3380ff0bdb40e8ed48258c5bedf4

SHA1
4667f5162932df0052b546a37788b7bad51e8201

SHA256
b595d5e9790248f06818afe336016a723aa73ed7fabed4381de4c9db94dec68e

SHA512
9416833bde10c31fd9f7084b77d37dc830c0d40b3fbba4354c4f97aa6f5aa7203964aaee1e9525b2f065f845f074a1b0dc808c6650a179c9983ab1c2945673a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7a29cd7f4cf3530ea8632f36b7ffb98

SHA1
7e0b7ed91e3e68c0149ecea424773604ffb90ddd

SHA256
78b3071e3b81799d05def1621ac595af85732d302148937eb94743aaca8d6705

SHA512
2ff8214bf87b802a4b2a8a37e3c307c2f1d9723c6e6fcc3ea30af89560f5e80aad959b765ef18fd5798ca885bfa71d43095ad12f7d799d17f82af964e333ca69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8d8df5231191f5d8a06b2cb483b0cef

SHA1
ee4dcfda18b583845383bb8f1864120de4a71a03

SHA256
680c2e46b91ce7e9981e50693b2ddf8510983ac77dc9610b125e6c12dde93005

SHA512
6b06833d3ce50732d98cfe0799fce039a276277d3cfced7632f2b6779d4c37b17318e768d1ecc5d851724711ff9452a972478acb87585ca9e2a90aa04ed1b7c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0f30f939d34a4a5b3632fc0f4e00608

SHA1
eeb4e73f768351b4bfbc36556680a008cfec0065

SHA256
deebf68180cc62bd432f69ad7b4056e72d0896f852817c8f9e90ef03ccaccd45

SHA512
7b0f32439c621028a722f9ed5e47c7ebcd14f856f7e2cac66c5e5a04983b46803e6486c61f9771182b44bff427d33975ce08b156dcc7d21115eb7df103fb8294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af01b37a25d9f3be8358ef9316fa8827

SHA1
01704a09f162cd45ace62c4e17167aca0650003f

SHA256
094dd9e228994c4bee00030eb63bbf837c07588ce1550a66fe44ad3e7e002dde

SHA512
e96a88f17a39b5a0463e03617bdd8122518c81c7a04130bce06ff9e88adad7f605b9b23798e52d1f14df30d9a1e62a29da7f6acdec94784ca79ec80085840330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d55041be1f30538844891054fca677f7

SHA1
34b7a64585ea371ebc8eda129829c1d82f83d1c2

SHA256
7bc2933881f2883b7106012a55ec9c34e2932464f2873c92dabb11c6032573fd

SHA512
52f497ac556bf76f06bced3c0eeb04832ea8ad4e4b65e3fce05a6cff04806605bb7793e269acd654db003682926a0aa88792eb6275da75cb2ce34e6421ea951c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1b5d0438c09768deff5b307d968fbf1

SHA1
e0408a213b4c724f35269a1945e4d3d07de95530

SHA256
f2db66bddf3b8bf62656f3b7974ad99916b0dd1e3004b623cac0db20a2de282e

SHA512
8db0a93c5e72da76ecbb50c33c18f0f369d294a9034a2c904e36cea8f642e1e669ffe91af2ff86d62826e7b2af1d0eae7dfd04df21efd52684db46de305f866b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a875f08b8419297cc33ff7a2df8dd128

SHA1
ac59d3444d127f6a1fd8649f051c85bb1f676c76

SHA256
a6e47f15e32b47681512b175c0ac1bfea08c6d75e4ae9c14f308df314032214c

SHA512
c4ed79ee632bd5c6264aa6d0dbe2f3d02e1e7fc322e16b483da450fb8fbbd864a29ac2dcfcb44db5a03b96479f98d84372a9d0237c9712ff652e825c19585af9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14f669c828da5c96cf6f955b8be6890b

SHA1
0161b264367e089d3ceec3f4570b2adc3de0a6fb

SHA256
c7fadcef424ffe5d6b0b16593db02e98199be4e4664a6aaeaecb33f3127c5db0

SHA512
80dee242053925f3f2a6dcfa0157086b5ee43f5c33cabf6cf945aaaf9b8769aaaea154ddf619afd501792231adf954890718af03c1db2b1587b37529cb641dc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad3337f4fdbf49ce070cf414d90f1753

SHA1
974ede51e4ff1e3cbc4bd9743c5667e5a379fe65

SHA256
0fe2a00bf7e7c800f067ae5e6c4dea64a4e3f47778db91fe6c2f7c923080fc9d

SHA512
4946b84fbcb49baf97a316e6b3e9d2bdda4a7bd12a289004ab54c9f623474dcaf0ebc66ead66a6878e5df10ed8398598ffe97f3a893502a782f6997d7ad2e08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab285B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar296B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit