e091ed4f3415d7b1d49441b131b2a00a47100e9cd7934e5b4177be348ecdddc4

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 16:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25b1ae2bf12876abbd4f274ebcfec446_JaffaCakes118.html
Size

463KB
MD5

25b1ae2bf12876abbd4f274ebcfec446
SHA1

626d637c21f152fb8c73f5dd57c157ddfa459b2a
SHA256

e091ed4f3415d7b1d49441b131b2a00a47100e9cd7934e5b4177be348ecdddc4
SHA512

a5c77cae0201726e827ebfa641e38aba486aadc7683820b153d9e97c398f3d90767ddd13d638892a8f7f67875c53182c19aebd0eee1fc7d06ea2eb84873c70b7
SSDEEP

6144:SJsMYod+X3oI+YqsMYod+X3oI+YPsMYod+X3oI+YLsMYod+X3oI+YQ:u5d+X3i5d+X3R5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421347235"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000004dc51bb10715f18ef2d4efec76aeb0dc7778313e627e922e8242f5448f1e1d50000000000e80000000020000200000009f36d1230adecec3abb5a25292f8ea7d383b8bdb60f543d69809599fe7318a2220000000b0a2ad3dc3df0f26e377aa29368b0e31380f032c56704cbf8493de900cf182b140000000011250481a34e470191a2036ab60f43e814e584560759d5a87edadbef97a2da36bd259810bf47564676a38cf2d5083d8ff537ed839a0ef0c0860192c2bc6fb06	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401e070e64a1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35831E61-0D57-11EF-9680-DA96D1126947} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000d0016d0f64520ea38c33f49cf37c141e47d20a763d67bc9dfa932bd5d44f6548000000000e80000000020000200000006fab6d173e7d57ce1700e679f35073468b647b189a80e05b035c58f3e4f8bd7a900000003cd6aede1f5becedca34af0c3018be0ef240a0d0a958402a186e0fe5072f08b6ce29b662f8df620993ecc0876db60d412db85f08546b3780062bd3e336019b46fe5dd69adef1f20393193f161e701e3b1dff99f4f1ccfda2efe57079c16ed92284c00bd6e18192f8baaf5458b93211fe7606a86fe82b15e3d6d6f481c43e410b9f1062d6fbca331f7498c737b1849bc440000000755ce604ba1c26c5d1a713e0cba96b59bc07bb32700d71c9a1afa18fd824a1aea07812fcac8a5f459b52913f6760bb67d1c4d3da1bc63d7be2c883bfdfd9d480	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\25b1ae2bf12876abbd4f274ebcfec446_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8e192c9bf0ccf6cbe5a719be4edb40c

SHA1
ef82cb9dc937a0785925f05932fb25c61d4434da

SHA256
b6ec40ad1abf908f0d99d52d72872fa69120d2281bfa3d58ed8fba8fea7c955f

SHA512
c8d3cefa58500d267b9f503b1bcaf1b7115015b668f05dbefa69cffa5fc3b378c2738088cd79b67d18ce7bf4f8da6c908f2500cc495c79b29eb5b4e03cc44cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d928da37c8ca69fdb72ba021a624259

SHA1
b4dccaf19cb2d033bf98d13806a00c22d270ed69

SHA256
0a7b891b7700823406f993a48d06fb456f1652767f4c77aab450b493837a6308

SHA512
c2447625a5de1e9b5e8c60df8950ab19ac0391003f670122f89515c005502add99675a9cce75eb74883c0a89b313feb7bf93e0ebb30c9adcdfffb49b61a33370

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd2a2432ab2e10a712f282bde80ac895

SHA1
f8ab3a3ed4b7e574449fbdc1d9008d905701d87b

SHA256
2e590e77d90adbbd297d9922b77be8e8351f2991a7b110206d0e92c92c90dda8

SHA512
ef173e3245922aee9c8c53f3138140e2ef4f9d8063083485fae2224c39f332b59839c3fed85e05d9498c47fc65be116664f61d92a6c7464a555b0c985ffa5ecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e11f97013ad8899b5edfea12efea00f7

SHA1
22eeeaf75328464dd2074e324eb9f9015ca19310

SHA256
e7a33da1d527deff1ba94412e0fc4e90b2f04e87e46b2eff6c281646d7cd24d7

SHA512
f038497e2866a06c471d59cbed840e3e0f9d6b25705aaf3c6b4bec0798adc252469d51e0f8e77cf050fcb0ab7f138e4a3c10b31325486edd75e1ed79cb15c765

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0175b53df410192b8062cdce528cbfc

SHA1
72e826e3a298a74cc810a5ddb5768c30cb94a4b7

SHA256
9874e7c663c1210843469b9d163dbf7489b726528e0ab75179345e83d2819d54

SHA512
b0e378c84060ae159da95254127ddc47d3ff1fa3fca58d9844e83c2f3ac053efdcc3fd2b950d7121ae452ae14337b106ca8cd5d8a9fcb1199ead4301b2a9f0bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0001056ac5b0b86bb2f221a0035d393

SHA1
9ef911c496dbb4b15bd691af086fbd3c22021d6c

SHA256
882f9e878efba45dc1f68868986ef9bec5d9ae4c6ac34083d62e1cbb9fadffb7

SHA512
39cf01214341b743891f1e26e1503d7d87ca1a6bcdbde6ff82b513cc65f26210fe7bd74dc6febf4249a391c8e576b52a14f91da8ac4e84557fa95033d18808fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64c62bce318b60a422945772e81840fa

SHA1
3d9ef2f75dcadfd805bb10f8b10b169b0d26e880

SHA256
38cf829bddeaa80cee3447bb6b45e2d5669ccb5303074a706ca6d696cde32e4e

SHA512
2ce81c364ca09b05e5aa389886e9c964adf2e8afad27dfd3202e1ef3ad83426f87cc471987a5b6f8bc799d38c95fc08dbe1d054bef01a3378636cbb715e12217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7351ed41430689dbffa4cc004251713

SHA1
2d2dfaca3483b913b78d00c8e020159785c81e12

SHA256
bbdceacc610c5543583043004b9ef308c0923bfd52bfbf7932fc6bf6b165c1fd

SHA512
2d55aa387758defe7f972aa92b17751527a74aeab6452f6a6c4fbbd9aba8446d8056b34cf3f98723e7f1d158c945b7ff4277f54f6c253045017a43246c0ea9f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e86f6203d6bf68de1d17cba6cde138bd

SHA1
f394916a4346595a8752e70b5917f92ac1b3d274

SHA256
7bf43ffbd620c575d6f25bd71b005654c40400bdc34f0b3ab3ae8553b2266e77

SHA512
025ea86928893bc6380616e85c1c6dc9f44f50492bc019fdd3aebb44a2d190b695dc935f45312d025cfe08dd39a88873e60a9ad23d7d6e7c7cae947c6149fd5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
637b93abaa87bb5fbfc1b26f1d65bfb8

SHA1
6dcdbc5b7cbe24d2ba3b98d9b17fef2af0a8a244

SHA256
6da0f774ed0c8d79130e956e851be1bf49cd81768b3072925923f3534f07e8f7

SHA512
2c489b52c1c34278455a74483b2b69e3efcb8e1e83e2283a6d82a1fc33a0b5d438674aa4e9edd8469d0621cd998e74718b0bc578f355f3c4b17230ebf503953e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bab15f538de1471cadebb80ca40a4b5b

SHA1
4f376c4383d4ba9892cab8d9b8971c918931dcf2

SHA256
6bd9e5d4bcbb77ce2b0718f2114d9ee3131cdbe4596e284062bd14e9c24f2b7e

SHA512
6a07f29db562ea0e165156703bd150f546db2257e5e8092720c499604d2fe7dce170803736ae1d822498866a72eca05bc049b7243afc6886f666cae2e5cde75a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcd76fc812d7d7824a20147e47725af6

SHA1
964f16ececffbb5f70d8096577242612e3578604

SHA256
3fc7452a11384d52b88672820335b7b832aa5e633149bee68997c4bfd0c562f4

SHA512
b49a18b27f8dd317232cbf5c1c41b85bc3e5d656d8cd2df9d42479d8159f34a112a0a0f7c48cdeb155c0e86d27277d165a062d733955aa00057ab1f20950d75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbc3cb77e3e32810285bcd654156e96a

SHA1
dd8670dd00177022817e47029229962851e93abf

SHA256
2fb4fcd0421e52791b68356dc1e857b1ac115fcb31c20a22f2334cf1f44a75c9

SHA512
47aa7bc89d524fd52ef64295eff3b534300c70dff19e45467fb709a579118114f7bc72f05fbb351488ca7b951933b8ae23c90509ddbeb751c4b61ead56f0dc53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96070efc0644d8a58cd12afc1f62dd22

SHA1
28ed3439185741fd9b988388c66fbe8b599bd69d

SHA256
6fafa4720b18403d41022e15bdce6f641ee00dea2eebd1b8e5f16487336d4fea

SHA512
cfccb8450fb89eafaab66da1622b31ac32f8d79afb5a63842f4158aedd98dafc5b46e7dbe78f2e7b1795743398e4cb8ab1f55fe091dc9b0825391a767d7aac99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9d49101705a822d108f78f09d9d2c95

SHA1
690783b5b4e41d213ca53019f90231faf47707b5

SHA256
7fccd7f02df8cc8b96712beb19cdb5bad21d11d04ff8f40f97137b7e680daff9

SHA512
a27279770e1d57fe8e34332bfc52b115adcad72e33129e5c7a96ff2646c20ab18a3487c4c66308b314a9047f43e0235f6c3bc9ce785fd10cf3192fb0c922b1cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96d8051d1eba64117a47b5e46306e709

SHA1
7167b8623ce17dde8dcd9eb65e108c0f843f77fa

SHA256
98335c1e3ad6620cd54fc1717d01c27a4c16d2db6a0367471461546ba3bf2436

SHA512
85c4efc32cbe85173488b2ea8512c3dcd3b8cf627dd178c04202bcff7880f901f60d7bdeee3e2f5a2810521ddb6eb27d7a9c98b98ead95f0ad4dde8f3c87932c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab62EB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar638E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit