bddd9a740082655d9bbe569dffd2e6e6e26e6a9c3a2409f2c57e48d98305b7e3

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27e599c1cf2645d01a9b974ec3817f28_JaffaCakes118.html
Size

449KB
MD5

27e599c1cf2645d01a9b974ec3817f28
SHA1

920601dabcd8e3bfa4cbc30a8bcf240afab87127
SHA256

bddd9a740082655d9bbe569dffd2e6e6e26e6a9c3a2409f2c57e48d98305b7e3
SHA512

b2b83dab073898a01e5709fd4a924f117bed7780624c61fb2b4d2b4d39930c17b246096ec2e3eff87f6e875c70faf4418c0160f84bc82d2d3d031f3b707c6fb9
SSDEEP

6144:RsMYod+X3oI+YDsMYod+X3oI+YtsMYod+X3oI+YcsMYod+X3oI+YQ:d5d+X3R5d+X3f5d+X345d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000b2e73af2efed7e658ee45ea11a941de7ec3ac2c987204c653a9754f5c82af1d7000000000e80000000020000200000008f7f15c5d07989c0dc191eb03751fb8785fc99a3e7837aed485a272c1944773190000000c5ee2d9574b3ac9ed740a4d7255d61cf8a46f7d581b5d4bdfe383a59b65be4c837e66ac63abab4a195bea6aa3fd0bc8fd57e9ddfa64ad1fbfdddb795f22984aee9843f4efc3e788db2935ab3943c06ee4bbbd15d00a56dbf1c3f0c61773b2641c9d2ac6dced80f4eb5acf305b8a79889f1aaf814c1454fdfae460653cf30b307729d893c82d892ad3e7787e013b8ed3b40000000c2a4bf461d2d45d2c14dadd1ab6a0f8348a2a20339c419d63ed17ccb766dbf981f635e8c5df6aff35479abbd1bf4be587d4ab9f9c8f367e57f428cc49e26874c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421384260"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000a0ed069577b4673ea0beef9063e912ecd581269a4a9eb27d6abe8bf5144da35b000000000e8000000002000020000000c5957e76002eb829fac694a38ef071d8515ca16cac9629562ebd192251cd7e68200000008f4845c71d4a9f9a0877a752199d22093891f548cc7c9937f76a73d3d318024b400000003a515faccd47887b6581de408243d5fbb740cf8206c2db4de36dded74ccd193b794e27e46eaa41a2a2272cab748b3605b221574f1bd8afb8fb2d9111683b6d11	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3080d32fbaa1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B3FB5E1-0DAD-11EF-A7F1-FA5112F1BCBF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2364	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe
1256	IEXPLORE.EXE
1256	IEXPLORE.EXE
1256	IEXPLORE.EXE
1256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1256	2364	iexplore.exe	28
PID 2364 wrote to memory of 1256	2364	iexplore.exe	28
PID 2364 wrote to memory of 1256	2364	iexplore.exe	28
PID 2364 wrote to memory of 1256	2364	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\27e599c1cf2645d01a9b974ec3817f28_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c0608c52533d159b33922048a6e953b

SHA1
c3460a2a0732ab256d38252c76bff128615ee411

SHA256
7bba0103fce78d67f6bba8db760b07b8f0bb561518ffa12d05ad32ca883701ee

SHA512
ebe208a930eb18e6ca228c36986da6f407c8cd27942c0cf4734ac2b5eb0a20e1a1600c395bfde14c9c79417652acea6b0bdd85474138778d1504887fd507b0c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf7410e03a9a8f21cb58f844be51c9d2

SHA1
857e735ad8460aea3a832c03db7f2215ac425b8e

SHA256
8f87875bbb535c03879dcc616b80e51ef0036c94b4bdfbb5ce2e95743d8dc77d

SHA512
ef346b58f9884405ffa1af5de9dd13ff55177be6171e10b8107de632d10f535349b59e399d624f514bd6f37eebba0b18cdc71fe38ae8e7ee01a8968190e178f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
614cbacc14b1e08b3b9a08bf09a913c1

SHA1
41c04e1247d57d7ece9f524f9fe1f1b2821a3db8

SHA256
01d450eb9cc57d21577dc249dc4efd7aefb1c77607326bb0392c5eb432e6400b

SHA512
6f8721149e35371745f3c2f32062a1ed857eba975d738d0e093bba3f4d43fb6dc1f71312c437fcf653fd707704d76e87e9f13d4a0f88ccc79440e1f31da9c271

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fdf38ce0d4014432481325f35f193cc

SHA1
1c89fa246d4b824715d96f2b65a91083e7aff068

SHA256
d052ff2b6218d31e26d92bdce4a7ed3a1f73395343b51afaa0316b92667c0b4d

SHA512
c9d9b0378619e87d2ef736e7f60f069106ed7261cbc0b607ba70afaa2c16d7fc1840530c9a3eb4c2784240c0f98a6ad2f0a5c2e45b622d8c3035a0b19a79dd6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d69fc5f9a4cd69d96ed25e950245106a

SHA1
b9016a81485baa33a724c43631af43a690e77389

SHA256
b8a3b5d90b2e67dc93ac4416d673ef5a5e4755841820720811f179faf0a4250e

SHA512
ea644daba563dc04f30239b794be33cc523bdaa0174ef084b4db58d2e8c8fa6b68dbd4251ca893032db2d1ecb0df984ee456b062ce6ec5b1342ea0b216fffc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
158c9ca2f667d1a59015a42b85422c1e

SHA1
d945c967750e8620d5b8b2fc65290357bd77c4f4

SHA256
77cf7e01f816e8a70c06f96f1642f3d452a96a8195d41d457be000fe27d3d464

SHA512
3de5f3c0a0cd697920653f829c12ea663cf6e44e9d510c552afe4c756da0e4863bef458a7aeb4c5baaff33c05dac2435be1bf4c2cbcf78b54420bab86a405a9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43fba3b7ead7909cf82ce9cf7d3306d0

SHA1
2df849386736660035f00c5f36ae04315af08d70

SHA256
8a8cf25b81c1db1be8aefd5fd700c5e51f7a52403cf74d001003538149d0f337

SHA512
af1bda06d05a8d6bb46e0d491cd68d9a7e189209f83dc13329cb11048b012cb6c2e97e083bb5d5fdf87c3392034c5e3bde138251ffc6da63b47a941563edd735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43365f58968f96cd93dd2acaf8e0d3f6

SHA1
832c96635d8fde23d21a42605e643bdde1cb1595

SHA256
0e5d4f581b7ca0b3df71f2e1f02a430792b5810db32b58317d2823ecfdf88552

SHA512
63801c22349bb7619507aeddee1c8f5b4bc74fb729e10d02412434cbe263f3511442cec1058f291dd458cec2862062b1f9da9871ee64aa259a4e613f59721db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf383d83c3872b6aa1b08d0f90bba7be

SHA1
da8a20e0da845f8546300d7c0db457b357df97de

SHA256
11d02f16f5f4cd396d17828a3c10abe461822f475cac8b07bcc4c06e48be6500

SHA512
a4b6543c6e122c3f51581e8b5e94ff134f065452f7c63389284026c438a0a78f88ea9c8222b65c6d6f65a0c756880d22d89ea6c899315e71cc0d0747039a766f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0313a1ceb0a98628b6dacb4959bed5d

SHA1
2c0ab9d31c011e770314485a022c3e543e8cd2df

SHA256
c6dd57ff25332474dcbca0e1c9bc25ddd5c3749134a59abccea50b6bde6f5753

SHA512
95270b0ca9d3669ba28c1d94c425812b8836278236a50aaa8f6728ce6b6567fae8b9491b6a0a222ca2aff1f895a1224eb31f2a3c33d4a76a2ec7110608a0550f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d155656231d020825c22f6b3d53e7d5c

SHA1
710d0492ec55235250d3f43cf6528b15b322ed00

SHA256
4e03194376d3a2b0f5a66b1f528da376fe792e5164866cca99be754008c95a54

SHA512
0fcfa03036e6a72065217297cf3cab273a2d8ae0e5c0b296f00b62cb30ce42025ca4b0cb3e77269fe81040dc17153b492fc6392f090ba428d0ca5378f17a0130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
348e6a04d65621eff09184c5b9dc2051

SHA1
1151e26a4f5abbd77080d5ce42394d662c5b47a2

SHA256
2531495dedaef8a2bb728bc9b13290730a34d11d06e7632f094fc3a58d1b5eaa

SHA512
74daf9a527ba75046572f4475cffe2bd8cec30af5b41835a59ce2f17e550a6897c64d717c4db668b3c776880fdab4315c52ecca5f30cc9c366f01996f61e8c69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37d9f6ad56938851cee7f675ee9967b2

SHA1
bf4914bb2b8ec8ccfecb7238bd290780d7062b44

SHA256
761a0b037061582569a633e2a9c671307e1b156c62b62a6d402cc59cb80fa402

SHA512
f74fda9709fcf4ae9d9da4a250740ab3efcf3a6cbf5505399ef619a67941701c1c1aa349f7f7d09f03a3fed1b577c6d1a3d83f6012bf9d1baf411189a0cb9e01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce0fd0f5d2c6211b83219fb687b5dbc2

SHA1
8cde4ea7b06f82d05b5834bb2c725da8f22f5bc2

SHA256
33a23c36994a80b4a2726436c9e5146a2ae9e76d70036ff473ce81088f0e9170

SHA512
aaba2801f43bae4ac67aaf4785f70b16933a144d3228be3f44cfde87af9dd0339c3fe1990d91e1fce09be411f39292e0acbccae15f2282f199065e906ca9a21f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9295e721f36eff15a4335bad1dcfcba

SHA1
15ea22ff2405f7d3c6d460e9f716e4be9f239f0a

SHA256
15311f65b4a936351b6606e738dd3043be4dcbf31ec1708f80869ecd271b93ca

SHA512
9b60022a076382e990162f969bd1584cd0126ff293206646248df64fb19cd2bb1fa395e5fabf807b87954265e90078ebc47a1d1cc44c2d139c2b519cad0559cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2530.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2611.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit