089d8802638786163c7112e32bd7560c3d2b78926bda45c859321cc309f99041

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 20:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

26a33c4d31df752f7c2c9b266f1b6c81_JaffaCakes118.html
Size

900B
MD5

26a33c4d31df752f7c2c9b266f1b6c81
SHA1

adbed8b08db70fd40509320debb550281c6fb04b
SHA256

089d8802638786163c7112e32bd7560c3d2b78926bda45c859321cc309f99041
SHA512

1ff15c79c25333be27a0cd76e90c3c12ac1daf32529cf02fd2296a5edb672a5df860e9c98da13d8ed9c5736c2e94ab57d05e3ea507872956dc31cdf5fec9538a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421362704"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3891DAA1-0D7B-11EF-A1FB-E299A69EE862} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 605872fc87a1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000084b4563274a3889a849c320dddf2b38a4698dbcc6f722d854bcb8163c84a54ee000000000e8000000002000020000000ee7dda360751392549e828fb21330c1dd11b7744b70ba5c7f1494de8ea12ca91900000006e5650229fe03afc93561dce05b7b42b759cc25332c2bcfd797ed657d27dcbb6e257d24fd2a45ba0b4273f789ffe5ce4c1a23e8de260f3f370ba3be0d97aaf976b99bc6d6527045b513568f8653d591303276d04904e536a0d5c39c66fec1f8475f908f123033132d629dbd91af2bc5573fa92f0335afd7bfc756dafa6c8ee390bbb96736ac23481658f34c06cc4067140000000367a8f72c9fbbd52898f9f74cb4ca241ec18fca5d378806a024f5d38f6ebcaa54d74c30125d7d39d33039d726b98354e16afa5b974b556494faf06bedd45dafb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000ff248a2f6806b95496b368c9f5c82bb80d870e5c1597daac061d0360ab6ed16f000000000e8000000002000020000000b29ef74a18e98e4661974f0d931a4d0c7ae59f5ee3e2e00f9373b7375ed7097a20000000bb4fbe323e2df01e25c0e0819b61c87d80379aa2a2e3fa2bdbcd61bc5ef75b0f400000004c2c943944cac6c2fa5201802e7c367d5ff73785a7930a459c18b822ce9e5bcdc30ceaef52bd48425eee9a82447d1f31f1df5ca505d39ffa2d9eb5e77b7ebe96	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2868	iexplore.exe
2868	iexplore.exe
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 3036	2868	iexplore.exe	28
PID 2868 wrote to memory of 3036	2868	iexplore.exe	28
PID 2868 wrote to memory of 3036	2868	iexplore.exe	28
PID 2868 wrote to memory of 3036	2868	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26a33c4d31df752f7c2c9b266f1b6c81_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b950e6c0e78eec057ebfcd9a0994315

SHA1
40f72afb27bd3cd81c915970c21dfa3f18f4f299

SHA256
29facfff16dc22cdad6d3e446470eec6b8500a2b6b1fa287de42700acf837308

SHA512
c5a8ff043ba5de43dec86af71e48c07f7f10122bca5c821469e90c4d7f8b13be769f32db4d1c4ff7bf1360e96f5f66714b4197eb3053cea4996c2d5f6c93ae8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55ef73b470128ff316392b0f776c49e4

SHA1
614145a0c557069f36a104a3b4a1645eded5b909

SHA256
fb2f1f9f9dfa009b6787e5fc5bd8709002fbe4b8d77dca08a9793796f8572f8b

SHA512
4b899dc28cb5905c4c85e91f2ee57fe6f41304ee9ab674bcb6a63b38bb8e933de8805975d88023d9556147a39ef95bb2882db0bc978e5e8d8c5a91bde4209ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
317f81008d63d83347a8730286b9080b

SHA1
733eae5da2336dc009f574f52dd3f09ed56d7c3d

SHA256
648636d68f9fbb4a9af400eb2f6b8632a94da904c6c581d92eabe04f2c5784a0

SHA512
7fecd9c0a3f9d6c71c776bc89c941295e83c01394d507fa1462520af8f657594963d76515dbee09408678f9d15251a6e4e6b38961d653813b631200f6e8cb5cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
070d1c7e59efc93782c67e17ea58049b

SHA1
3038ac57f77ae74e172d9c38ecb591903b12c407

SHA256
e3ccb147adf0d0567ce34d5f602983805ecdf05e04a792381ea398539ac886df

SHA512
5bb9244788c54cf75610af5130e188de657a54d10302db8c477785fbc9032ba89c8048128e4de7890e4a25e0c3af88e51aae7fa92b290ab63db7a0c2606492ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c872ea384a4907b0a937d885b1dfeda5

SHA1
10d6721805eb54ad961a723b3cc3b0eb9fdec848

SHA256
fb6efbf5dbaea94a8f6109d4a74a0898ce150b26c28d5ca548cabbdf11674a53

SHA512
86d988de8df671b10283634ada58f5c6f7f31b4a4f052a4afb2b579585aa6dd4fa3dad9215312ee6f1d4ca55a6f81fb52936a3f4f794293d8da1bda9b73f8ae5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51254030378636e776803266eb7d1e8f

SHA1
afcdba5d0d7e80a01522564571df64c15ade601d

SHA256
3cdb85c45ae7c58f7d1ce6d9217d2663ea4418c9175ec86e2ffcc90de3e23732

SHA512
3fd25ff42d3caf2aceb3912754e1f5c326e91b071c7611d2ee7d1343e0a4e3aa61f13cf0bd71899e72adcab56b8e0c2e7c3bffec6cc4c9ebd4144a9c7351491d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0b1c4531979af932d63930c5c55f7a3

SHA1
f20d13259343ff2c6aca9e2e9062e558aa87591e

SHA256
fa9fbe15b2ec1a323b759d13fdcd55b1d8dc800c79ae52c905dee7359a63653c

SHA512
da71ce2aaab78ffedb63611930346af6ae920257f06ee7fa11d2b134ee4c1cc5248eb60e944f9a349199443f4c1ed985eb43ef24b3a740920f54d4476c16e6a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ebfe7423dc15a9561fda192a195ca7f

SHA1
3d0bb87d98c038a4fd4374496abc882720039f29

SHA256
77347f9d255457c6f062363d36aa0e912726e072bd2f289244ce1248e422d6dc

SHA512
fdbe588e8b5b37be29011340ef4b2d02cbe335adc90226e45258396f277a53c3d4cdfcbe7c357db228bf83182cc6919c191f10545e9974fb31b085a514d4c106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d090f4848f2eed787fefd0548546e709

SHA1
2b40665db51effc96fca3bbf8636330108b95269

SHA256
5fd434305641446592803a3f13a94e34f600dc1d2f90897e6107c1bac2228769

SHA512
a8265b3667a2823b5f10e4f6c838f2907508f2f52cd31ea270e0862e707344c4558e2c76c1123de68a33d12c1065536e29611a1ad24c85cc1a96dcb02825e81c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca570c5c92f3ffa7371d3996b5329634

SHA1
c7b89215d4d87f0918d469bbfd16a538f2eabbbc

SHA256
3c84ac9474353c3f7ed1c01470e1c4b489be1a3ca03f464115af06335c535e15

SHA512
9a7859b5a401b265c159d30b39a8c3fbc824cebb606029198b19b6e69d7a6d6b03bd7786f11edd17176665a62dc4d8307ec9ae52f157f8385fb0a6ae316e064a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfe95f8cd24f696c9eb7e8d0828f0579

SHA1
06852f840d1a524703855ae13647461905411950

SHA256
06dc2f2318fe5d275c17899dd692303962e357dbc4dcb88ec52bdca55c5ffc4b

SHA512
54235e964f4791093b0ded9b468e48ffba0c4545950df7b9136ba2c183ed0aec974f7bea31a7b06407d9f2f7ed4d5a6cd46a563013e0c2a5407bc289cbc405f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f6410ef3b63189d2d0102849e4148b8

SHA1
7c20ff8456d1d62e715046189de3595cf0324652

SHA256
25f8858e5a7f545aef692a43ed700a076bef49ff3b5499fd187a0b85c0841714

SHA512
390216dcac6908907c6ef004dd422ce2702137a657d564b370ca5fb0898c9b703213dc04118c94eca5c66ef013e4c877369e424f64e371420b1169e0bba64def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43596ea0ecbda27d84a46232000a396a

SHA1
b8f126cb78d49b8671b899d4bc995470124ba795

SHA256
0a44c1942d39a5a9d0553a5faf032f542c59e17ed9cf770c59a209d263e63d6e

SHA512
927e062da3da2a268842ae53c05ed49dbb250668444c06c06f39cf1b77166723e77c921cb83872b02d9a9e577873d14f65e3ea2c308ee3b1349c8ae4c528b4e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73139478441e0d835b5a5b90bb63ea28

SHA1
96d477407233d9dbc5a8943c831fc6ec5a4f7432

SHA256
6019fda256f9991c59c42a83dd04dc0386f7dcdbc633ac1f258b570a463225b5

SHA512
0e66fb64a75123f324dd902aab8adc086258ca495c83fe24e04fdb64c710c305bdd9df1483bebf2aa89aec181d0cde39038ae99025281c5d904dfb7c3959fbb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aa96fcc1bac35cece3d59d32374b5a3

SHA1
0c66049acf0fcdee6b5e199103cf59017b165d19

SHA256
e16a7f90bcfd301b1105cb03a54a72ebedee54759040df88d413b988a618cf18

SHA512
8c2468ce036e9ce9222fbe5f327547e48572e827a05b27dd252b96746e1b047494b67ddae756ff84dca9f32c79a3e25d12008d0512a06aab0787bf61bcb35d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dea6fa0c7fc077e8df0d28bce068d272

SHA1
c8a40240fa0f127b2079ce3ad46149424e89d999

SHA256
3954c9fe53ce12b51a0f464f07c027cfbe3c455ab10bc4ffc0d8cb7e9555d1bc

SHA512
6ad016e0c39ffb0b741eb6c7ec57d34b73d4a80340386ba8b5780c5db4e3de30c25de05018b765754ed4369474009e8c1920b7281cb94b4ac77ad31c3da135c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9A8E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9B7F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit