659b0fe9a6ff2b2ed16992b47ac17154ac29aabc0cf461bc75e6400d295b03d0

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29163aca39413b1fcdd2ecef740739c4_JaffaCakes118.html
Size

224KB
MD5

29163aca39413b1fcdd2ecef740739c4
SHA1

8376539f5470f0c824cdb7fee069874d1c93ba6c
SHA256

659b0fe9a6ff2b2ed16992b47ac17154ac29aabc0cf461bc75e6400d295b03d0
SHA512

8b8a5f56c83dd9bedea3e0fcd99ce482569a4d7e1a82c268a69cfd945b997dd448ffdde0b96c4fbbc7e8b9459d2e061c67b7e630973e81ae5c588e746440031d
SSDEEP

3072:NrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJQ:xz9VxLY7iAVLTBQJlQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a08c5a9de9a1da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421404605"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8B9F111-0DDC-11EF-928E-6A2211F10352} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000005ff970aa8e8c794dfb332aaef4db909c7180d9905438d43fb6314e0cf5cc0c79000000000e80000000020000200000007cd7fb7f403cd00bd522eae42d7622b9c0a80ae57b86039595f38b82976f9d5190000000077a53aee45889a14fd27b9048e0b47de71470742699289416a725bd05042afb433f076141bb2051b1e307efc8c25ca384a1dcdb803320c9dffd63f07b338d81c50b0b78b3bac78249f5c17524c5a14e37e1e8fd41f1ae2690f829bb270b5cac68da6877d08c3c173e8c89db5f60a48ab2fd0743b198cdea37359dd15c40d54c23120690afd5c1285bbded8fa8898eff40000000e5d384fb26bf98ce6737673c8f745170e49846da3266f1383c4dad7236cf0af0dc5de8b6b06efe3ffe8446bc4e3f647424e6d6ad86e966c803916df6098e3bd7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000008e5e5d452ddf82bc80ec0f7ed5ed3b75d70cb911ca6188221d63fd0d69d0fb61000000000e8000000002000020000000a4d1605ab9213af613b63b2f640c3293179a9eb78c1db1db1c882cca9d95c33f20000000e2df07f32e5c976603dece62aa48bdb4fadf07a892a20c3c121e46ec77b16cfe40000000af86557665baaaac3f4aee2f78970c7f5ad4b5df4891c97bb2dbfa76d1eb4b948902084f8d155b06165d5d8f9725249f58d13142f9e09f729bf12f475fc53910	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2068	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2068	iexplore.exe
2068	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2552	2068	iexplore.exe	28
PID 2068 wrote to memory of 2552	2068	iexplore.exe	28
PID 2068 wrote to memory of 2552	2068	iexplore.exe	28
PID 2068 wrote to memory of 2552	2068	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\29163aca39413b1fcdd2ecef740739c4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff7aa58cf7af782741371ced7a4e1fc0

SHA1
a7a2a5551248cfa3dcf1acf92d8d6853592ae52c

SHA256
37949a937c350e027796aeee7af03d617a1399c0c1993691623370c6ae59b406

SHA512
730b33950d10a5dd7b36c0e6113beb3a222bed9989eb0d8b9f30eb300dbe2046254fca2829bb0a566ccd69a7531eb865b06f89a0b6f55490c7e65319b27b1e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d847a9d6d9df7708174edeb9da672ae

SHA1
4e725dfff468ff7209e3607515ef0acf2f497b66

SHA256
b14fa112fdef4aae62cd47c9f52944cb7ef8470516549c4f9d210e95dc35a9b8

SHA512
1ee555fea9d55742aa32d1166fe3b36f42a6a42ede1a437127c73b8bd4897e05f8fbad723be819ea8a13673e2c9cef9e28121af45070af92b0bad4b8ffb60564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bc28c2271d567f4b33dab577105bed8

SHA1
28cc9b46c179bc6c308d36cf32aabacd7335192a

SHA256
b3079dcbc225987fcefaa96f9de5bdaf0c0758fd324398c3b1df1f36a08ce897

SHA512
d7349de3f82efb7e6c3d65a5207486df91d519d8a4ba46266d29ee5ed2f5e69868836f4263fcd98ed1d41de3ff3acd62d8b313815b368729aada242ddbdb5f97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6eb6c52d39aeb42b4788edb3873e4e44

SHA1
b1a84d7a0d52fd22550da820ebbfbfe352e03872

SHA256
e1b98c7dcd11074cd9f4ff560a0f9f79583c10425451ab622b03e635193757c7

SHA512
8952786619c1c9ba2eff1ce07e63f61bde228df5fb879cde3f59c1c5400da1bbcafeab988c0523f79c73b99f55a0f44fe2ca4148bdc60df5f770810c056e640e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8d9d928a096d6b6d2f385628d73ea4f

SHA1
4442f5a374daa479d0eb767ae4d2fdd6da806242

SHA256
a6b9877e1352274a3bba1d0ace106142b10799a0fe90a3628367d2e49932962b

SHA512
038f2e0b665cd201148e8bd168a7c607b7fbb5badf9f403ca53b1636e61141f6b17a51c530a01d45811c53ab6cd521d57a7836ec3465ddeab853c05675acb57f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d90e5fd488320540e04417c8ae05bcb9

SHA1
0ebe0c67cd8ff7f1d591539a3951392bbefe8c91

SHA256
e982baae8ea75c408887d1cad8a7d86d94b4331a18f731215bcee60f2df187cb

SHA512
b16f1e8075c7fdc6961d417154a6645d768620875e87385a50f2e011c4068492b6815650f6bb105f36601939b88e3aa2e62189923b8e396b38bce81290532a64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
929e23d9d2b42ed879fe5f21d0d89f5b

SHA1
13832272aa1057a8428eee52146c4443fbe20a6e

SHA256
7ca2f38010ef1a09c22c28ab9bc98157eb255c5ed82a817a6ea69951f42c5663

SHA512
f1db788450841561e343b0f8306dbaf36024f9acb85d9f911d15ffb9563797227f14418f1a92b60fc07b1144dde786c9b6c673e909fd16a658372b4ac1d12c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c9bc38974914797f448364f79890f95

SHA1
9295a7a37f0f1fa22c2c3223209e4a5817995080

SHA256
5ef440a95e998a37d57b5aa159e91154e56b7b7737838b8f0552bd5fc6b44e6d

SHA512
49cc1ce1fc3e858807570474c333e5e7089c903f20c918c6cbf71b4a009687730ad4ed34ff59bbd68163bf1d32fe7c74735a54d478d749bc6702e1abc0a58432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52755ebe5f24428943b9b01001caeef6

SHA1
d07191f1c24a04bfe205fc4dd6091a69fbb2ad78

SHA256
14937331d91245f71460a7a16e18379a86983c35b560df7bd2c57050026432b8

SHA512
627bffcb2a0735505018eb188ef6a417579da0ad3ca25a97b6a869e22d3a89afc82c24a2932894b29fb1e78129300ccb54b4bd62f2ce4604a6d87001ed5f5594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e6c0eedbb27490e6eea941147978907

SHA1
843961277cbe3a71e1b809d6c168de6c3eb5fe41

SHA256
f6ceeaf8345f9f68464cde07b514684520fe1328d957ed730e591e6350e5cfcc

SHA512
d1b0906d1e5d74a918dcbf17cee065b9704443f321642387730a9865b36a678d36de331fc3d8f380b51e6aaec1441cfa9cd9d8f87244044154bf953e7b4923f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcbfed8ec1f736b3e51137ff30cb2c0c

SHA1
a921dd7fedbb4f1fe16b3c53dd768761ed1ba22a

SHA256
52362b63ce7589ee78eecf52a4a7d6dc0b5e1f08008f2c75435ab7d6dd797563

SHA512
18785dfd3dc7ce5d10396e45f9cc46430e27acdf05bf1a7c3f65c2ddce878b264a98573cffb4f5f9afef31b3e028ed80aaac8817300673a8b9f02111cf49c1e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5682ef678017aa103676e8564a3b076

SHA1
0586ce9b9e15b7a20b13de99ac4b7ddbd604e79d

SHA256
9ebb45fbddcb53b9091b3aef9b7271a8cb1b393a121df14d2a77066ccc84249b

SHA512
2abc4f3d10e6e00cb9e99e765e10c43376570504d206844c33f79fed58ae1c38c1e43dbec2837e4597d561c84d8443a8882de43237caa928fe423f1aa551b6bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69cc1879d45fb88304c978ae5375e566

SHA1
bfeceeb40a7151f3544dd2bc6bc91a31a95b7c61

SHA256
efc1ef0a8e9da4ac1c76768f7f2e16ca24b6fdce1d67033b48b1ec790795ceba

SHA512
fde0786664e65bd60b5aeceb24f978f913675479031cd40be2c3ab9e2fc604f15f72b6730fc79cf880c3262cd81605ae7abfb852d11f40e67b47f2fc2e4f2f57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a8f5907767e8ad3f5d041dca6466f0d

SHA1
c5b4911ce5b0931440eb4764d284473a38912f3a

SHA256
43fe6e2dc69f29dc4b1b25118a9572a5b3bbcdc2e0302e53eb1d55973799b741

SHA512
b8582ad7d450060465960ed8ea5c71f8afcdd38d6a6f363c67a5cfdc169fdddd9a19109d98f333faad1d848a167450aad20483dc8f22bff2fd10ebf1cff3464f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b93a9d60fdd1181d48637661e4e30629

SHA1
d140fcfdba74b8f7b598b94966308adcad714c26

SHA256
92e5217776a1fa413b7e6a33108055704352e656010bc4afa576d4aaf195c778

SHA512
9528ee2713cad5c7e4f43ae627032ea53417e75f19296a6ce88ab0a3625f584d9fea67cc47ecc605bb78ef102e2ad72287c6ba9ad3d598a432603195814679c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b45231389058f416ddb7b0939607956

SHA1
bc6d24397eb087caf07238a49fb3ea57bd270103

SHA256
f418d8281614a63b93fda4938927f72324a794b2593ada92f51aad496a651a94

SHA512
97c9c2a654f8e69600d3607001d998017fc7d4298f5f671353ac2da41006c6c313fbcff7db4bfb902d77861ef5b307fb4da4dfe5eaffac3b1e0f7d1f5ebe19b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9321d338a4c594723c974f3ca9e31061

SHA1
103c58c7c3985227684fa9535a37bfc89b9e963f

SHA256
f690f5b8a5c2d2c94d166dc86659ff6701dbbbdd96558c41fe4d0ed10531b125

SHA512
dedf67e2ed0701174bf03a134323a4d8374dedcdf22020872c96fc72004396b274c1e694c178d5104e2ef9949791c8e9a26875923a5a505514222cf0d04fa6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34F8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar353A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit