d3a572239733e604405aa550bf9ab129c58131fcb4879d213159196beba7e8ef

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26b4c5983f91b69a359c0d8448253648_JaffaCakes118.html
Size

964B
MD5

26b4c5983f91b69a359c0d8448253648
SHA1

728a7f20761a7c93cd98e4c10a7cd5fc3670d2b1
SHA256

d3a572239733e604405aa550bf9ab129c58131fcb4879d213159196beba7e8ef
SHA512

fb382378ba601d8a20cbf5c978024b4839710c20b415fd559a81fcb2f1adfb7f4822012acb02ee88dcc7e6a44318ed216359a4bf57cfca0367e61b5e40417ca3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000b313036a0151f4ada30bf8a7b805bfba887d44141c2314231dea3f6cd4c10a8f000000000e8000000002000020000000a54e4f404e140f69ee8eab4254d7c331cb36cdd6737b0de430203b0f045e6c0190000000f2974b28efa2705a0b8982b63bf0ec3f0952b942f86f0b8d7e4b3fbea370a305f5d5c3f33dddf8bffc95eef6db612ad5129d85c8cc0c58b7d9561393cb54372042b0c24cd69aee240bf470d64544bc15d3d3c5cffe75bb4b58c98daf95c5d2091c9b257c7f526834324e5c5b5e3de6822452eeae7169e7a85190bbf8f581fdcfb012769686d5c89ff42f48b31f896637400000006d7122ea5134127a64c0aa9caa7d120accf9ebc048485428aefd54a737069e27fa5749e3d1492387f283dd6d3faf08ba3cf330db3f7bdeea9d3593bf94feea67	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421363714"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91E15701-0D7D-11EF-9201-6EAD7206CC74} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000003dcd3494646a25b9b81949c04b81411dbfda7fc9f9fb8cccb05b21e55b0cb31d000000000e8000000002000020000000a64908074b43c630f8acfbacc87f56641083d33c7f628f6278ecbca0565c534b2000000024267dd5f5da640a9d9f34ce325b3198793ad537cc73a0e4cdf7275bd42e1b9040000000890c3784db9af38ba89cf8be7d2fb6a8ccd6c6c1fc96e933314ac93c4462f85eb3d3eee61974a26a01fbe739cd282527ba2b89b4e1f2d9951ed20861ac9d0b1d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d084d7668aa1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3012	iexplore.exe
3012	iexplore.exe
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2940	3012	iexplore.exe	28
PID 3012 wrote to memory of 2940	3012	iexplore.exe	28
PID 3012 wrote to memory of 2940	3012	iexplore.exe	28
PID 3012 wrote to memory of 2940	3012	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\26b4c5983f91b69a359c0d8448253648_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8be45c1846285df096a1ca8009b354f9

SHA1
6e780abcc1916b1590b73d054c4e926d6ef5a4e1

SHA256
ffdc82f93197d092e2557fa283a9c62fefd9be853d0a092012fbe4be43d111da

SHA512
a9a36c230b70539774948f0614e37dfe64c3a69778d1d40747a6c15288cf48bd0675e4b89a576177ddb0be2041adc20b8db038173d1aa296dbe486cb53de291e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dee7555bfb1bee08e9c61c3333b38fd1

SHA1
20e3670fc5da493c0fa249392b13583e304e2f58

SHA256
1ba80b3ce377f12108a8e244fa1d08ca317576958068d1932f5a9b2121158766

SHA512
d1f32f8d6f08b8be2edc2b82255d5da6d6fd0ac631e86d414ca27bb8f55c1d202ee51ceba93a13f3558a4c6bda06645592a88e40d219652f3f7fa2de44890789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95b434cd89f0619a33c18865c073f728

SHA1
7350298ffe91c1568e962cef72876834d59063b6

SHA256
2b851a33fdcdfbe7878d7fd18efd1e9191b8b9e4faa0a7ca1045fe6cd47f9ac1

SHA512
19b6680683dc052486cabff0e9a2a0be13db7c3538fc76658e2193e1d18cf2c2e5fc95e25ed81ccdd01b772adf94e60c4d78e0fb7ddd37f37ed643b91d344d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45939634f71de1449da829f0fea6f825

SHA1
bf07818d9dcb47a6b98db94f53cff695ea8191b1

SHA256
e23f2a13005d7abd374efd3737671c6991c89b5b2a6b30c4d7ba6367cf0f0ec4

SHA512
ef9e762e9ad5abfceb9b1c7acbd3a7f0169b2b23d201977b1d233b5e81d69e3f7d017482e8078bc1906b5bbfc2bd50839b09959b64a5df348b7124e9d2db045d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a858272222338273882f837c5f0ca5b

SHA1
763ad8226673a0c19bd6ed9d4ed62abed6c07fef

SHA256
a9bc3e54762678842f45146b232ae26d9594695a976a8c4a5766b6449cd33dac

SHA512
2732c999e093b2652e50ba773aae75101c671fd6de2e5047be3843506b9abb8bc47f08b627aca935daf477368d8230fb52035c48ca5de843d26e95e236787a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8530760ecf259abb1cd0b5eab2bf9fff

SHA1
bac398b6289ca1e39ed12cca3d6f7902cd9fd1ef

SHA256
e0404cbf2ec5f80f7e9389463deef23708c55dc5b8f10008f40a4d017198301d

SHA512
54feb47ad995c047ba602dfb50d5c7fab1de731a3cfe0f11667d98435c1b3c3c255889b6d8ee584b0a5e16cc73faa5c9c308259ce806c1eaf6fab953ef04dbd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1271eec313eb6a6cd56552ab89040a6b

SHA1
a9e1de41c945419705fa9e1e189dc48e61ef1937

SHA256
a97f4e81552a558fb47c316993caa2a93d12ef5af61c498a64cfc843fed4a9dd

SHA512
8cbd2255933261baa903f4b837d7c45575032fd42f94324c02739868d6832f42f95885382e932d00d0004176f5535a876e9b8fcdc509e051604b7b0752518ce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2aa5d1c9189f990d84be4b12f6d7474b

SHA1
fa28772f5d98f909f86aa2c521c77f60745b7a1e

SHA256
a9a63de0773c1ae6dbd1b9459106408e427724bb560482f21ee216219d26ee7d

SHA512
e65eb16fddfa4d5833f7050bb59912a1963861476be5c5483ff68e424e810da9b278c11b8f1040e22da4f5aad0fd640623f03b0891d520b141e5ff5f194aad38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
504eeb9b49fb9b013a084d88b8c62b2a

SHA1
b3f36408a1d6aff7cd2b3b87cd2a3c951ed8fc06

SHA256
46a7b4b635b03e259ad1a24cd5af0c6773b163f957a9f930d7f063a6fbaf53f8

SHA512
7b93060472294956221b96606668fd539d552b13f991ce0e6c34955e8969652569541899bb31a22b56b8d1704de323ce9628d3d7ed1cc8f4986e2ce1c61ce70f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ffbb5238ceb15a2af87fbc55edb7f7b

SHA1
f6ed086eada2bea054d19783385fc044721e1c4f

SHA256
dd2c32bab59567db829bffc4978809af73cb6bb89cd226f11c1ba2aa996451f9

SHA512
373d4ebd73f2d06150a2f4c0227c441b52718f902c3cc370b28f7e442981ed792b6e06c05cb1a1831394e7a560bb52da7a3b6a76aec892e9d38190e0997e9275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f59ce6ec25c5e3db0ab3fd35492cf4e

SHA1
26686a50aa11ea78d2247f36080560d3b09acbd7

SHA256
ef6018871f8adb69dde55e6f14329015a44fc96aff0985c734d0c6d37650751e

SHA512
e947848bb3500ee2f99c72db73937bbe845f80670d43996bfb59d79a204651e0f507f30e615ad481714a9c2af571c35a175b661e2c10c8066fc3580eb6b8da2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec79ee8f5f26ca203741afee8c1fd7b8

SHA1
4d32fd903852d9a1eb5805d135aec0618413a799

SHA256
f35a535a14ae78345be4db31cc715e1dc99f67676c75b21495a200a9b78a200d

SHA512
6b74584238752f3911b94c387beb45964b4d9888df834c0e394f7623c73fe49e2d4bb3d2fc3029c8dc8aea287ab621cca2253bf731239f27c71e3fc69ee6b312

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2ee431638437882ca252c2c98ce81f8

SHA1
4d5aff75777dac5026be42f9da824901aa35e4a4

SHA256
4dea4faa92294d14f86dae1ed6bc4e71535e35ef58b1a53a9c0f91950482965c

SHA512
ad98318d380974a6e446f81d4ca5dd6d2caf3cfdba395a666792941056259e87b91a15732e849673ce2afbdf5ae2db49d7a2b398754de249fa07770880068cb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b56c369bcd92a5f9279e0adbfc95c1a8

SHA1
0b5d7e2d091154d0a6204d170e943ffe380a16f7

SHA256
574b117b5299c4b96f75a43d0b5f9cc31df448fc6cff51a6fc3769162783dd80

SHA512
59b540b48704017f1c1f527cb682f8be070edfa9b6526687e136f07b03025ed8cafe84235bb4ca85b05ff5b2b5cdac9f2dedcdc13b53ff8a81dd3173e2d6c9a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e2ec426df8a794a583b1aa560e20129

SHA1
773f94edbca32a14d733fb26e91711751c343a54

SHA256
0628202af49748f659e03d7fccf9b8e3657496a6eef557d849f5ad0dcfee634b

SHA512
2f310e7017ecd887b3826858a4635b0653f7d859c6c1c189c0abb1c297046965eaab44d7ad13b88147c2c1170a25a04c99b0435cb2dd25e3a59d0a9d632a30ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aff436643e13a8ca119c1bc2ccfbb647

SHA1
db6555b0b4a386a57a1259ec3fe7341c823b23f7

SHA256
214118da8b09a2366c2f3e7b6ed9ec65eabf4d7f48e518366d65bba9243bd344

SHA512
91f875c79056e2be409d9e0ceea1dce0ca67075577107b5513f44004f58ba441ff27e61947ab10c9d84b2acb1938a4498c1dcf13d29fc32502dbb04c633c29c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
549bff47caf2151a5f2dfba0641557ce

SHA1
172eefa014ab36f65904c7a021ecb479ca28fa42

SHA256
3d2f48476d51bd0b751c58806348063a2cade9631c3132008ec17fbe7e8330bd

SHA512
5837541e3f1723ee2318e9f7992ccb652ed5c7138b0cf38922f8fa5d3878d689300eee53a3b0845bc4bb712c41b1081993e76da3b71d940a7faa745fc2ca1412

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8299.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8377.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar839B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit