7094dfed65c5bf80da208339f55cdb14bffc2772b522b76ae0610c3ad4c45294

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ab6c22fa14d7a6ef1246870d7bd86d9_JaffaCakes118.html
Size

18KB
MD5

2ab6c22fa14d7a6ef1246870d7bd86d9
SHA1

fa11ec74b51659bfb7bbcb1b863e07dea2c7fbf9
SHA256

7094dfed65c5bf80da208339f55cdb14bffc2772b522b76ae0610c3ad4c45294
SHA512

0e8d4f77e36680cfd5eb311228283689045d9425ee6816ee2b4e485b84c15419763b14e75913c74c0abc0c054df58b71e57147e3de51a2c0d8e4b31889c80517
SSDEEP

384:kpU/8hQkFh2NF9CKK3FFSv2yqKJpw07BO:kpU0hQI2z9CKsKFq4Rc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421431788"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ea45eb5df143d8d5931e6b8ddc9715a7a580666aa0e194d838e163dfb8f63517000000000e80000000020000200000004a4bb97fc5ce5514cc88d976392ed024e26df6c83fb597dbbffe19c791f73f712000000026716c0042e75395de2c0b8a563051e5f4d98e7950f2ddb4258880ac0b64bc10400000004e8e0a1e1988eeb5886d0c69a08809b4ca11030e0ffddf9198c74bc5aeb62f5b61b56d0fd6b067a000d42c8a3bdd67b997e3d6de9d4d69d123504a9335b89030	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a2fee628a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12772CC1-0E1C-11EF-AF3D-DA219DA76A91} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ad5d5cf545bd98b4a799ab792b36f4bc660104420f976b2267b1eab36bb97de5000000000e8000000002000020000000dee8eea31fa2766b427d87a7193c84207bc42cc6a65008858459bae86c0105d3900000006a93f051b6e30033fc02d20be4f9ca16a62ea54f6a2121c06294fa75eea5d64a82fa1c0c9582b8575ec646e1e7b239a1c273be40b2c22b7d2e0378e8127b5fa793e9b6ea3b7a0ea4b73cd62c201cc78c74c51d290221e1f1143a74ba909c4e0705d62a0163661dcfe052dd87760166f0d288a63d1a2ffcf419792047ba6143e0463ff309dd168c947a79a125334f33f2400000007d1b765c71ca168ffb29ee8e1687dc943122df8fb90b876a60c91107e0db114e45a1f51474ab98d1065adce07b9512b75692974e35bb45da3d97a68f81bf651e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 3064	2064	iexplore.exe	28
PID 2064 wrote to memory of 3064	2064	iexplore.exe	28
PID 2064 wrote to memory of 3064	2064	iexplore.exe	28
PID 2064 wrote to memory of 3064	2064	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ab6c22fa14d7a6ef1246870d7bd86d9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c82204477d25f3564d46087da1bef7b

SHA1
033c822f26f0097f60dd8476dbeb9bdb67d80b4a

SHA256
741c75e855dc65c5c8dffa03efda4416d8dc2315f0ea77f5fddd14d6ffe122c1

SHA512
f1b3c1c806791f0eca3f1f1e3b9d94736dcda963a0aedd720cdb5ce9adf09c54c8a5b551a4c95d333c1e98cdf0e24489f8bb7e0a79bbd85099a3345e094fe161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3b5c3451cc88fe42ef044cd1ad8e665

SHA1
59f8a466a15d79301ef1d6df14bfbceb37664cd6

SHA256
83b39fa0d25c77ff9d955a38d42f2d6600ce062807eb7158d9903d238d58a198

SHA512
ac07cc8268de09e51fe658867771935ae69736ab6bb44359fea4f02a2300386d1240ac8845dc3a11b0908b1f4667d81e54be994a3696eacbc42904970985a7c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
626c52fa575d7d1ed7729953f5fc97bf

SHA1
7a21c5625582cc73be68cf9e8874d695b8a9e237

SHA256
46c10c0253d72de52c565a05b1b6bfab12f201acf6f13591e4601f8ecf14dcd9

SHA512
d6cbbe7170a270f401da4d0d2d44adefd183b1154528ae5fc9bc787c95535960fc5c83be5e793040e665ad2b83c75bb3433f794cdeb8bea02d600b3e4e5b8358

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4e15aacdb33144068d1b791087d76ad

SHA1
30862d2b01a0415b760898682cdfa079736ff291

SHA256
2f9d5e8e37626f086e69cfada3de15b8b49425b2c09b8df382f6157f446ba3e2

SHA512
ee61e1f71ffebb3103d75b2445d6340b4efaa2b6a8b942d70485e79b1c24cebc36131aa37f1d45aba15cbd254f950dc512647dc800d48d9d6bea5a2ef1111c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2365d16cd19ccf441481b8011e9db3bb

SHA1
677ac2728a6f4b9ecc4541dbc30a81ce209453b4

SHA256
e3138365cd6133ee79aa2ac20a647de1c9af943728169951f09ee5a7b64b5c2f

SHA512
f23ba05b418c3b5f04934a6f4b6352e1328b6dd83696ccd642307955feabdb595c596e987949b564804cea833f78e7c4a923a3f7bee961d4bc8219b59cb9da67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b10c361d6a41d7ac03755968a412a824

SHA1
bc9d480e9a1b2896c40a191610ef0c9464d1727a

SHA256
9a4ed9760032e3e4268ef53dcbd88d474c371c6cb0db00cfcc7394cacde53763

SHA512
be2e9068ae48b298f915cfee9c4136e422fd7995d46ed2a8c82f9d46888dd53fe563d5a48f2cbecf27ee6984753f351437e8a8b599ea00914548479713d01aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fc6f4b7c879fbe6689281768874beb9

SHA1
fd818e4d9bd70b97bee312470b655308b0f25c54

SHA256
3ade82544657d6d08ad005cd89a7982804d84afd4f328f77b0d6cf0a0c83d81e

SHA512
1abeca77f1c7db41034fe26ed671d6ba0726e8d241e84572dfea3b1d252f28fa258ef889399396d61714900bc4531524dd31b43a5a4ffff18db6c9cf5173334f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db713860083e2afe3e52dc9ab6988512

SHA1
c7e402c86f9d15e8a4c3f7faa417fb687bb81e08

SHA256
d60e0bb823de5fb2c7e3db818b145ddc3e5954c614b0ed1795bee69ef9317b26

SHA512
156da98138c3f2fd4cc323b7268c6e4a8102081af0119ef3c9e82a8d658865293cda4971395c6f2260ff911149fa0b6119ca2798a8ccff2a70b5193dd78bfebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce01fa24d5fb614e83ed09cc3bf4ad8a

SHA1
cec72d76aba9d54967bff22511da26ae365b2071

SHA256
c9550e56fa5af8fc252f72eb088d17d3f63593343b5f109a37005be555edadd6

SHA512
e8fcd8db9e35d4763bd132cd92ea08aa6de6f5328db57ca82644d330cc10416e82b9059850ab567c2378802f3d00e90ad3ad05afc9e5a5d149d5b7662aeee4e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a61b00da27d056be9b4c8b60a8c65736

SHA1
1ea3e3eb3f396ebb8d2ea4e0fa7fb24513fbf8fe

SHA256
ccee3db8add5844ed2e0eba316f0693e79ac7ad84ea2d3f41d2f1def9bc8d6e7

SHA512
91ab0da8210c016cbc0a0bb20c7d58159b49a73561ef41852a3f67e3d8708498828aea4cbd640333a242c60cd339e5b66c8d661fefea6a9729adb69aeb43b6ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61747e3eea251a332d221a3c0ea2daad

SHA1
08e9089ba18738dfb3f2ed64c80c82c23c75d61d

SHA256
1db8d70bd1295debdf7fac65504d5d23a8309e1df73c742c586a15f320ca4931

SHA512
5ba9956e6fdd3e4f2194189f823ac98c49810c403621555385be3bad818efe1a2b83ba1c884f63d6e80234379f0ab2d4eaa705308fdb7597c3f35f7c41a729c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4343ceab36eadc73c8a83bde18922914

SHA1
f2c85bf22661bfc2b9ea839d6b2ac6b9ff661bd6

SHA256
4b4f83e6ffddbb41844d0e52e8e9a09d99a2a3e09c6e17f84b526304c1279e00

SHA512
7b8452891241e5d91a00972caa50e25ab2434b3f02b53982394489f496abdfb2d69fe316a4867f3cfc13c8e2286fcc12646194611334f63478bb09e49c41c647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a4d9a77240968e6c3b30bdf1f346a3f

SHA1
2167600f6726a67c23828e550b1d1c49574708ea

SHA256
9f32028bb4f091f954f678fb475a386a7533c74ec4a9ca1c3c14c23491a53044

SHA512
4d345de1601d5016b734e0f6304a85222c63cec5846bfa2b7bb8dd38ecca80cc0b6a2c4ede527731c82f79080453f37f9723110460bdbefea8c8844a0b0c2734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b59b47cc97fefbdf8f7f00da441645af

SHA1
b202faaf566db01ef36bb19c080f7e942c22f88f

SHA256
b9d40f60fb01a37bcf9a96989f06ac8584566a3a3eb8e8859ecf18e5ae7e07e7

SHA512
9be27561c46f4d0e66b06420f76d7f20fab113b5b9652691ab0ee74ef5b0757da3e6e1ac0a7f4bfa7e88eebc5ac3a8958c99d3d04ace84dd9e3948d0b4e2326f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc5f5da9d2b608dd5dc263c261718245

SHA1
f08f48a96cf6ae97a98e43dd4d04786e5673ce7e

SHA256
e5ec3b3e17b1b1e8df597f6c116a67a13533af6a8965a4671159f5a36557c560

SHA512
7923159300358848fed031479af979099f060862ce5a5aae3f356b78cf19fbf2d1149e0fc895e70f4eff7466ff089d95eba260acb0f4911cd9e8acac56a6221d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013c27efa44aa803267490e6e0f522ea

SHA1
778e6224bd0486507a5949a9830714d5ed3443f7

SHA256
f80c0b865961b9d659cbda1d08f5b5894534c98637a5d12b03e06f984e7ae361

SHA512
d84cd95a441af62aa24fb9be2270b39a03bb17901761631b09f1c19f1aa0fa656de407bf4561890e8c9eb68501d73e57d769d9ae3dcbc18a58ccabd145489192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4a1ca107e136d71b27f15c87af37cb1

SHA1
fa08638d97b0ef42863bab982a95546bf01a38f4

SHA256
76f0be71c8682046fba4d0c7abfc0f7a69bd72acbe55fa564fddf10d6efd215b

SHA512
3d7d870e956e6916a27310a6bc53a92e993a72d7531c9e7674991c6458317bc7cab95a3077a685c760fed7124557ea61860b4455780ba8ccb93748ac2389b462

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab408C.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar40ED.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit