4eaad3093dd605c76e98fab8e4c0778f5b6c4098485fdfd8e98c1ad18d89773e

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2679abe049128d3afc37fa570d983088_JaffaCakes118.html
Size

1KB
MD5

2679abe049128d3afc37fa570d983088
SHA1

8a7836de1c5371d2da5ee4236a8b403f372febd7
SHA256

4eaad3093dd605c76e98fab8e4c0778f5b6c4098485fdfd8e98c1ad18d89773e
SHA512

0620928b6129f13cc7bb05b9d55a3d59b23f2978d1005b655fcafc9dcafc7db00fba53d170e307927125e3f69a0785be7d1dbb8795fe6765aa9180743ac9049c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421360196"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000006a8e00d3d27e6ce7142caa789552c02b97dad0022982d2b38d5f340e809686be000000000e80000000020000200000006a36da7310dd0c6b91ead890e2a4c9541161cf932e1f27f29cfb054506a18cfd90000000c7cd5b47a506e040c9f0af6b54a2ffc2172178c047bdf8a72c3174d859ba2de0b17733bdef2afada03c42f70c0f5d58b7e98a5df6175f2aeae7cda3a82ce1e16275f084d5fd3bb60dc1e339b5f3321bee1c940dbfbb05af9e1f561e20f06a32e8c03d0f382dd1ee44417f39db6d6899a34d2365b3158cdb7a87c557f3d73fd4653ab1f51ad15c46d59fe112d998d8ed740000000b5f9f1bc772dbf7ea0ce345f1e91580b6cbb87511e422c6632e6cb9baf1c99ca21f00d1850f98dd49559f10e16140a27052842414aac47b2d2677c92a144323f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5065623d82a1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001ad7f202df19461e429b1b0fed0e5a63a93d260328c0494e5861bf063bc3fb04000000000e8000000002000020000000cadf73822a178e02182f5296000be4e4d561ad1e8febbfab83b77def12fbf367200000009fcaf0189c0199f22b211747da5b8e33081ebc24a67af11be042ceb4168ec34f400000002a5edd56e300fff3cb315fc940a4157c77894f0be74a797cb6d7fec4f19e2a56a42c2474d571ea776854ebf9c45da588746e8c0a9d2701b9734c0c90e6fc7315	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61172C11-0D75-11EF-A1DE-66A5A0AB388F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1436	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1436	iexplore.exe
1436	iexplore.exe
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 2676	1436	iexplore.exe	28
PID 1436 wrote to memory of 2676	1436	iexplore.exe	28
PID 1436 wrote to memory of 2676	1436	iexplore.exe	28
PID 1436 wrote to memory of 2676	1436	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2679abe049128d3afc37fa570d983088_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1436 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd900ebe7e98321306125057afddce65

SHA1
a497f7d535bc6a89905775db4bb35db7dd616177

SHA256
30c8e7e8929fbee30a07b95cde7fff48b55c3f04ec27c9dbf3305cc4089e12d4

SHA512
7cd5e39643940e2df2fe979a811c0b4ce10e1dbcba8995b6668ab3c9da4e2d02917f0305a4a3944172b9e6b92f09daa14417f7a9039eff208baaafbdce365b96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dac75b8e7466cae2cda9802076fe711

SHA1
dc3a306c6dd6359f9d926ea726667efd5447634d

SHA256
9058d1076771f8dd322ead16b0f7f1aea496958f69039f2d73ac285dd451ab9c

SHA512
5d2183b4d780452c8261d77a07328aa637829a8b7873aaa310a819852bb8ea518144aac8a2d8156f8614a1bdcd27aa4f1596338929245f854fdf2908ec028a2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3180fafbf926423746104d15cff782e8

SHA1
fd0355a155daa624334f1c77840fe43f9c44c5a6

SHA256
b63d0f597c57915195eaec577bef9f6212526285115c61ce7f4397c0ab3c0ce2

SHA512
258123d8b9a79ef347fa805de5706e3ee46f2554a25bbe82d76f62d7ac054591b4e524862c71e41ea72c5c1e4349440332a67ec9401647e8e7e0d478a4ce9242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bc8e43dbf22a7a03a200fbbac8e6f5b

SHA1
e98e6af507ba9fa8db8e5ac756a11fe227e7f3da

SHA256
f252cd009ecd7c09ee764b381609fee8c96c82e4751f0d40bf3838956e0d8d16

SHA512
bd62391d691c847bf0d365a970490e1bb49188723c25b6cb75555acfef52e65133c38c876b3966743ae8c9b7916841fe3d9832e56c2bac7f7cac193ac3dd5454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013a04acabb66b908728af323d408b5b

SHA1
da685e8f44a5642b158abb339f5e83dd3a217b8b

SHA256
f578b8ed10e4f99fd5302dde3ae1e94eb4ec65959f6e244c0b51075925e8a441

SHA512
7fe2b4caa1c9b1e36dfa2c37d207a661c5a78aa23123b2ce77660c9284c73d0f9eb78df421609c617defa1c90e322148eaee0ec795108409d02342cdffc6ae4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f3cff11002184db503f4ecbe822df07

SHA1
dc22e134f078c93e18c3518287541ade440ced9e

SHA256
19f514c7f46ef469d2e08a7b19501455506ea413fa26a52eeb391c134f5ab6da

SHA512
5715170204dc36063a836535720b7575dee9cf0fde57171d9683c4e088d1cee50e864f7ce44d2d3e4cf6177d8bf8ecb9a25ad1a48c9ea29bb4adcc627822b7e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7841b32b4beddebca94571df3b0b8adc

SHA1
2295ccad6b21ba253d9fdd405ea8693bd7f7c37a

SHA256
e1d19d985b1193b01078691fb441015fb6d1164ba1d0e79dea5d14b63da4c5ce

SHA512
c1b7ef6748455bd0312c9f58fc0fe6883a4aba0575a56db85d04fa4d2cf06c9681392b5b40d7783b1257dc9e14d7299d26bd951e2687673dff22f47964a73c9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d53e141775db671430d34a48f740ffc

SHA1
dc8492a9b83860a25f0ff14cfafa9285e90323c0

SHA256
1b44dc87e09867b0a3030913db42cbe4ee599eacd8018bf25170fb5ea94f0466

SHA512
8d1a246fb6092da29d560a9cc00586b3f84b4685ee1deb2bf68f887ccedbdd5e080d4c3a48ac9e8e567e012a40be3cc767cf7159d4a3ce93124297b95170feca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6460b4055a64ca60bd8f36e6374f78e3

SHA1
a100fa88c4cfc7ae473a70a2f02632ddad3da1a7

SHA256
58d6953c831332681e83dccf955eb9b7ffa740da59bedb82bacc7d1a4b37d259

SHA512
8a187202b76051f067ffe0830ce71ec6a7ac136e56a7af93bd688bfb931ada19b393059b91876270d0f8a882bd38e842f6d2e08f2c64ef37442cc75129612f50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81763c8e6e98e25d01321ccfa1540271

SHA1
3aff40f3a862f014a26c1d61a65ad456ef0f865a

SHA256
2099247ecd679348fefe77e11ce9aae7f4d9f8c451e6ca768e733c5868df51eb

SHA512
c7415b93aaf997f2dd290202b12457e76573664eac23d9c0260b3a9d179f369d74343a10c651539c012816b893bb67a3dca07ee45191c6b34b42bd1d1e465aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d6c8d8ad51ed1833fdbbb981a31f8f4

SHA1
dc58b95643c6747e3bb17f3c75ecd47117d5de43

SHA256
7e11463f4cea6d9903b280c8b7aba03a57221308deffc71074e52390f904d08c

SHA512
4f115228711fc68f871fbcf5df46faa703f7afe3abb06f261d14d73c0a003fe996c73577a41e1d0b43f77161ec319aa97444e25e7c1648c29efff24328e11803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bb4500bc05c52aa973ad4137dea1bd7

SHA1
24e8e2c37f7e045110d96b9c30ddfcae488a512d

SHA256
513d6dbd214afb2d64d888623246b3899a58a9013e2bff898212b94c45cb8400

SHA512
88838db9a549ad1173b88edaf70239a944739051ec1a540f4ea7e235eb2123af8cc0d15c8600e9eef3f0f71cf35983bcdf46338e4e9dba911512d3aae533fb15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e61fd349b0418f699676681c644c9f90

SHA1
739b374fc2b0d1af5bf646feaa72c1049c6749c1

SHA256
fedf36a0fedbd0779a593bceda0ff1bfa89e7b477ea776aaa0a1fc7637544957

SHA512
30d036c3c910c4ba8b1f8e939b1f0327b5a5bc783265dfb9d8c8915a0ea0ed15bdc6280f8676e1d0138be20e980994f79a55270bf24ee78a7fa7364c51de0bcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8da3d1c3077e0dae4387191b560d3bf5

SHA1
f725841026a44a9bbf4d36ecf931f55c1bbbf223

SHA256
f138434729db37faf3b568e4d9c5719ec996dfa4a9440fecaecb9bf24ceb4966

SHA512
5dcbef4575510efef12bf13cfd8307c66ffa4294ff139446dcb696cf1c52cc53ccc7d86a120ccc9b1bb34d2aeffa739070570421414d8a4198b07ded1d8db3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2d1459d797b946e2726e4fd138b6e2f

SHA1
86ff8ec85d99d392e0e170ab02b57bbba5fccd9c

SHA256
b31f47ee2eb6fbb544fb11db2a005d66474ecac4297288a3b3ec20a50eb232a7

SHA512
91c2ee09a84e888533471ab9be724924b5a6108459905812c5d07a9cdc20399786da9ca1ae707f486a46e0d7cc1edf8edff66031da5003b846f7ebcc7d637429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99d0ea105274c84179f01a13c2916130

SHA1
686fdaa497b74687e59b6a11bf3e78095dfc2cc8

SHA256
d77da571007073053c71488f044ddfc3df7d8e1687f6175d9b747efcbd6f6a16

SHA512
9b35c9d29ff2e622c9e42303758690bc83d910a567a87805b70eba0b76c478d9d3e7d6a31953bdb618247d24894820d5224faf7a67cf8a1d7bd43ce86551dc80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9deac87234ebce2556679d673dddb49a

SHA1
ac7ba26fbbecc829e99b163666644d9bdb789ac4

SHA256
05c158d79cbfb23d1b3c79f5d6fa2f315b7f1ab206d87ee4a066e97f7e3c1e51

SHA512
0faa74740803a9495da1111ab8bdf5810481b69001ff70efb37648d97ec98e03e1e57cda2d12d56100ccfe2674d9c704b1fa5eeb272bbcc195fa1cf66b145c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6192.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar61A5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit