366ed8616ca1fc734dbf81a5289fedfe648885dc6df872b7d1ce387816ad48be

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aea007289d97b7f001fd6abfdc66c1e_JaffaCakes118.html
Size

31KB
MD5

2aea007289d97b7f001fd6abfdc66c1e
SHA1

f6807c53016e2ec6601984381aaa05e9639bdb8b
SHA256

366ed8616ca1fc734dbf81a5289fedfe648885dc6df872b7d1ce387816ad48be
SHA512

b8fc22d8d3bebb3f537d4df2c64fb066580e79d0a298223f1481adda558fa0d9e5fa7c5b84295cdb240a7aab69532b0fd7c8662bdb98095314f9f20f6250fbd3
SSDEEP

192:uWT/b5nCFnQjxn5Q/nNnQieoNncnQOkEntvLnQTbnxnQWMCuADRyFLqDxcYLujZ4:vQ/xkWyFuVpLkZQiKJqCIOn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007b68763eb948daf188160d67ba5805a9683b21f555da567a1c86b35a943ee2ce000000000e8000000002000020000000aab3e7752b4ec7f166b17c36e1da30305e403f3a2081d92d50f3358f78aabd6790000000c2b95d28449412dc7a8189f882002340a67d9b3bf5c80aef9b89141a704cbbe52792c71061eb4f477f8cd9243f72a34e7c9e5593e02592b012f5e692f407b795ad86da636c3e9c64edec7dbb68e39e327aa2df975da98b0722f9de4157df5adb5c63b592a095b4a2c47e28f9b36277d6d9c861c55166d8d231e866ef6e916cb202c28347211a2b23f103eb53274c0a0540000000911db61705e61c01fa729cc6c6ec5367fe9ad371cfe49575e4664f9978bc9de4819dfa6210b1c0c1716c6fda34c86ded7404c93dedeae63dcdd2f66dc64256ff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0085ea3630a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000053be81f0c54239eb4e13fa162635b43feda6d60701b1445f283609a8c89b36dd000000000e800000000200002000000074502b74d63b253dfac1d8c693d45702de4a5d95689394627f8c6110bcd7236620000000c5d836fe56d643ef0f9928570e18f03530c0abdfae407927be2997b7094094b24000000027f1ee3cec8275a93d1b17c9a885afe69ccfe11c6e3edc8a9c10cdbe22646326485658ebb296aa2b82b1e08b61ac81d57fa81adcc5caa8e2e1e2cdad732474d3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6041A5F1-0E23-11EF-9A67-52FD63057C4C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421434924"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1680	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1680	iexplore.exe
1680	iexplore.exe
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2912	1680	iexplore.exe	28
PID 1680 wrote to memory of 2912	1680	iexplore.exe	28
PID 1680 wrote to memory of 2912	1680	iexplore.exe	28
PID 1680 wrote to memory of 2912	1680	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2aea007289d97b7f001fd6abfdc66c1e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9f1d62d00e2b110f0f619430ad9b198

SHA1
e348b01c356e14388f9392389c4a34e51ea19e2a

SHA256
60fab45e455315a42434d599e965e24dd48ed3654a779b9d345bd379fbe83cdb

SHA512
ea1507a8b546928d1654ff54847a1b5563b6e423b46f6bb455b056686d80a19d25fb88dda94df452f042c92eeaf4015c80758396023a6457157ac996dcbaf0bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f780d4976efdb2f554d1344efe71fac1

SHA1
4a106c70f36b76a91ca859200aea221462219a99

SHA256
4d011b4215d0da31d9118751ef2b7ec7103763c5a5bc1e6b107d84a2fc78cb55

SHA512
3faa555221ccf7777d91b76d5dd11ec3c3c26e2935c61d135ae0157de1c6bd564fedc57e29e221f9aba0dbb41ed212c2d03f6454a6f8156e4060d717907dc6ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
762516993ba52a8d85058419779f7c1e

SHA1
b601ff9870d917166da2842700b8adfbfb8965e3

SHA256
ad17f07ec39db9be7bcc2939c3ed82af2e699c5475367df940a8a5bad373cde5

SHA512
534fd1f509be38a24c8ba33a7f3adfe4367475a63bb854ca2b314bbdd50824c9560f1a29ab596b8009292208aeddc8f9f6bf22e3999392e78d28cffa26cd08c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e35faefa352b442fe6a6d9baf955b311

SHA1
5f2ef9d622fc37427950f69ab4bc2e85979297c0

SHA256
4554bef5c38578e30495a28d388099ecacb57c9081b7e7748c17fa0c0fad2d09

SHA512
874b0afcb94ba020bdaae1648c78c4c26f54c60015f03a68c5c154dd1ee2e07bea84bcbb25431496e58337d33b7f209972d0a44ee3d4c7fc9699bdfc469ccb44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05cd2820813f80c00d2be9bbc0dd6022

SHA1
cefb5ee2eac042230610929a808a7a09473843b7

SHA256
5419e256ddabe7e6e44639bc2553e3045be0f6a3708b3d10c53f815b835fd6de

SHA512
aa54977adfad2194669c99e153900d1ebfd69e81371927a442b7f91c8a73397e2d48a7fb6950e4ec38d868a89f4ff69110371af73b115713e8058b3608fdc44f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e73585f806edeb4831ee2a637db6e766

SHA1
766fcad205109a6c98aeb4268ea589eb3aa1c11b

SHA256
08d99f2414ef0f0b73da939ed90d13f32a89fdb4dd3c8e1cfb94b11a095f6a4a

SHA512
45d344b2f371e174e2a0deda0ef137d1931400e45bbfc8760a9752551b0021018b3707bc6eb7132f4f0711a5d5129a738f8cad69deb6a7ae1359579c2f89351d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
011249e5f52b54b38276e0d102b87d61

SHA1
3998b4e685a37fd3c017b2ca9255e14ec0040c94

SHA256
192d891f4dcb76e0373aefe74af5cc04c974ecfeaf99c80cdfe1a7ae30b0fbb2

SHA512
df603f6226904d2ef1acbf685d6a8a50934a5530652957de2ca6b3d1f7ea5c09331e084469daface7628ed2a68b698752539923bac38dccbe42f5754bd2f8603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a52dedf530d1ca9f1b6368e9603e53b

SHA1
2620dfb8096e57fc8cbedb56fd7ed5466dbd9ef8

SHA256
4c40ee75f9ad610f69208370990a5578702779899371a3a7d7725fdae63d2e1d

SHA512
fdbe49949b4ac843e0ce23f9f45f071acc0e267fe7cebe50fec825775dad9dc86400982162f125a0c34974f66ac90ca17231344a004f1d1610cb29c1e2a1c8d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4af2a754395c83d8c5fff8dfab3066d6

SHA1
7f97b257e1005bfdd08ea7746f8fb2c958c23184

SHA256
4f228d6ab07359b52b2080779405bbdbacfb0f31bf8c1b8226c441d9eee09d8e

SHA512
288e56f908b52aea9b7fee3a5ffa56a67c4f90aa11e558adff72ad887a685d5697cbac9bbd0995c7a2f969a698601b9d860d7e6f44f72cd24133a4b1426a03df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05dd70db572af469138e1c84e0243e6d

SHA1
0e07131b1a8d05f11e3a9d7257bdbcb0ee21fa3e

SHA256
b35d3af7a5d22d4d9c0cd3a3f96223beb91717ab3388be6e0f3bf4a168fb3379

SHA512
cdcccf852ccb8ec43f4de83bb1fe3687c71c9f69a552e3689eb1e3a42e0a76c29848b3472d12df6cc35750b704696e411210785b7832d74ec17f02f4c16f4b2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba76fd2a0e6cab002e81af725f9d9fb0

SHA1
63fd58b4520fddc6efa0b55fa181d08f2e0c1a8d

SHA256
a2c9624bbfd306d1c82b9005460a4e3cbb7830721bc483306db9697b6c98e745

SHA512
7c3f1cf1aeb6fa3bc074da6c93ad14fc0f0dbfdcd26f144a14cecbdf12ed4adbe7661902154bcf597a4164f0fe7849a9277549b5baf7a2ba7e538b87ac2600c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2972.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar29E4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit