b908f1629354af6568002bdc6b2aea589cd9444c6fb833395be1f6dc0f6a77cb

Analysis

max time kernel
133s
max time network
133s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3139a6846e35979941cf260c4a238fc7_JaffaCakes118.html
Size

463KB
MD5

3139a6846e35979941cf260c4a238fc7
SHA1

fa0d546f65d475f2366c94ffbf4c2a327ba9fbb6
SHA256

b908f1629354af6568002bdc6b2aea589cd9444c6fb833395be1f6dc0f6a77cb
SHA512

2fe16946c0105150aeaa1ae4be991bbaaee562dac5ab9d2b738fe1613abdcf6bd74bf87b9f3d99a75ee94540b5304baacbc2791aa3bf147c5d049de27f92d9c2
SSDEEP

6144:SRsMYod+X3oI+YnsMYod+X3oI+YaDsMYod+X3oI+YLsMYod+X3oI+YQ:O5d+X355d+X3e5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000000e7c068dcb4d61edf33a023ad833b4a81a1337e9cafda4ab6dc9683d18519f8c000000000e8000000002000020000000b304f7f8ac3aaf0381f9840abdec8325694648e3f64bfcfa3d8a62dcc954083990000000f49384e8edf0537c2003c89e47d8de8d19fd3c62016e602c1c12fd2b567c098a3a85d5f883082f895efbf203da99a79f64b954df3d61810c62937f74e4dc143bb95836235950fb34722d0edb3264efcf277993936c79bb8039b4d2797874d9b13906bec8e955eb7d8a6323536f53b79156ae1bf01433190ae2a83a011375a1b6020ef7e3289a092a4485de4910d453c340000000c2f89227f8fbbcb20180acfacd0fd52b133b77155083a27baef0675f9acb16588b136ac3faf21871c21a99dfbddac580bab6c61df3fc0030ed241384a2e61dcb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42B3EBB1-0F18-11EF-B944-E2C1BAF7F8C9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bc511b25a3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000000739151c41860539dedca39cfb7c17df168c48cbb7d2646768b8668096e05afa000000000e80000000020000200000008bed237db8744c5508174978b02aac5ed228799a0eb3d5735316f05579a9cb3820000000eb01a63e319063a6a0395407dcc933a3ae79e557088b471f2b99c389190f8afc40000000731c35e1ce62d8f28f594bead15fcec6c12a756da5008073c90855a345bf81207b866220f25027c23475eebd010aa464fcf048c0a9a68de1548105fcddc00d99	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421540102"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1960	iexplore.exe
1960	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2396	1960	iexplore.exe	28
PID 1960 wrote to memory of 2396	1960	iexplore.exe	28
PID 1960 wrote to memory of 2396	1960	iexplore.exe	28
PID 1960 wrote to memory of 2396	1960	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3139a6846e35979941cf260c4a238fc7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46245e3b249e17ea1c68c2f699d347f7

SHA1
d2c6d7672a0efb7516a9e4ccfae036ee7d57bc5e

SHA256
3be96a6a5d7eb8940ad6a134c7d11f4a1840bf790e2154e73074f142c7bce94f

SHA512
651b773792f9770ae0631162382c877f2f3438082081335a361ef64a13e843013254043c694c7289b7b72b4e7d44d59f102490514dc2a624622115cc0f0ea2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5419b188d66e93a9bdc46adcf01eb48

SHA1
fab078f79ac402c1e4b5cac8bd58342b3430f197

SHA256
bef2a166be2385de1052cfdb2437e51a8ae9f46977c4ca1a9e2552414f5c8144

SHA512
1bd35e04ae8076374912f294f8f59f2f8dea0d267564af6c7acb437d1ec58925a632a570c8facc69790dcabd06daf1c865ee87bee7ca552f0a7f5e1b4748d693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd0135f658e5445a61b2c7d724549c2d

SHA1
f6ad10aaca092904cfc63d957001082b79ab9364

SHA256
718844f873ffa19a6b2da5cfa26d9de40730043bf5a9d3b2ee0c8344021e37b3

SHA512
6de9e3425a41d8fb8ffc0e6b49241ed4013ef8045b132113316386c79d74650fd3e115732e27591362877463837da85c80faa3f4d80ef0cfff8c809fead77ecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a62fb15b0efc8be7935bdf49c495808d

SHA1
ebdad1d1c531f2486d9a53c5bd8ada546ca72313

SHA256
50642a428f4be483df798b24ab0bcbce684c16564678c977e7ba2ecdf5643c27

SHA512
18346a80eef249a74668c5b063c3b541c9b21cd667cb8f46aac04d7e6478f060b8d15001cd47b6943274c679630e0d5cf8a80dfc64bd1a73c1d78e351bda9480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
031392173a8ec48e29064e9aef3a3bf9

SHA1
5d1f7ebb522400e952d14a93708ac524efe16ba8

SHA256
3f75b4d9703e8df1151f79735f4734bc49a5a1ee7f5f66fe57d2bf5438100a6d

SHA512
cf2615534dcdc92c8c6f57ead581e79a63677458fd6877ac9b1bdf07375dab054f5438eab2fa0c132f1880ba906f1be53d32cff64f6281a489e6b90b6db222d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51aa4a26139fabc3282c92d5d353d7a8

SHA1
da0962be32d985b47746f15dd31132927d1f1c9a

SHA256
1a513dc5ad190cd104b32f849bdcd313799b2a2b49db0f05a636050d44cc753d

SHA512
bc41399ecfe8a48cda102cd7bdcd4519bcb8d10ea13c28cdc283d3fceb6344687881bbac670d732f7af5c4edd539cfd7c10663baf9b08567952e6fd3914997ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac03cd6efd5a7666449ba4eca2989d26

SHA1
242b1afe8a950ca0712acdff08d573a7fb7b5d5c

SHA256
ee433cb7d0a16698d8aa9ad104ef3257cd79cc3e9a3c37e0a7920bbcd5488b25

SHA512
1d4c4db74ae6ef9326f5ed1c1da54892893e3e86a2fecf24310e62c08d6162d0eba8d82e686b3d0ffda650e772e709e73c33ff60f300227dc2f0444b2948d7af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dccef8a646b6b7d100024f2aec9d036

SHA1
d282666c84561f5977242be166498e9dee69655e

SHA256
3bd6922551cf8649d28f60f62258da097364830b74368f816b542d98374632d1

SHA512
ffce947cf6f97cdf38e9fc535f70d29fddd8397e147472a28f4ac97e856e1ed52b2abe6d276f7354402abf2aad720fe4f7ccb8f3e5c678a80142f7033d78b2b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e68e6f2c7a84164313ce6b1cc934612b

SHA1
396e8eb33931de84b9a64b8a975165e983d6d49e

SHA256
c18eff94381e2820bcc40ed1a13f21f0c5542e720e5edff6a39c2bbb9e31a2fa

SHA512
c94e6ec90fca9e1130a80d3e62433947fb0f2edec03e272f58825c1cfe6f8c221a55e1dc8fd4a26d3ec406a2ce767780ac3dc911e1816cd646d87fe8e22b1547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74265ef1556a727cb9a95f6d69162587

SHA1
c45ecf2a846bf8ef2492aa96ef7b44bc36f19a36

SHA256
2ab8199784d7b240ca0a8a9cf861e8978fbf46acc93faba4a7ad9ac63ab5a8da

SHA512
14aa06a0145f8855019eb5928ff2458ca4d4e287c407731f15e90d7b248c9364123ff08755771ac1cd4d3ab396620bf02f0a6d3203331c4c252a0e8d9cae2ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c4771cf27321821a4c76a0bf72c2212

SHA1
ec2e354d80359f9381e8dcf7f754186e1b1c8301

SHA256
fd75163c51cd92daa68e1050ed5459a30c73fc29e02de4fb4c4afca17bf3907f

SHA512
7a25462f0edf383ac3e41e4ec1ed97492b9328f055138ec237e096c55d76e22db0dc804d87f914bac43ca83fa420654df8b67f8f62c44acc9a1541733f45faae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c376f91aa1f9a90e1d289bf2f6ea8384

SHA1
feacbe87f0042910146b9930814d434b06bd3fcd

SHA256
002f54fb26c9440786ba9dbfcd54e6456fa7c068c2ea2efe5b892b5e2e21ed2f

SHA512
b22750ca4b14596c9d9c3a1cedb721f4c7b0bc94a982196376e0cb43f8d7164bb251f1f5c10d63e10c653a5e4b67e1c2d04a7e185afab7ecccc9a92bdd94de64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46bc8b04816e3f37e39a8ce3842dd832

SHA1
004abd31154c20ea1edba0c95e091c70c626e011

SHA256
860a5044af3c15acc6466db9da1a8f04d5a0d532e370a1d542d12765fcd6194d

SHA512
f1528c6af2a2c650048e45e9471e5401b661bf698d5367518a6efe1b6b051a7fb306747f066fa56e783cadec0d514826f3c5666eaa0c91101b9deb1d19ac0486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85007484367dd0d1cb905a24ce936e89

SHA1
2fb733ebc25475f9e6ab5f5375c7da9d3ae88eac

SHA256
3fed3599f394f82533042561a9a7e3ac43e6d54e49dd0ea32fdd92095aa805aa

SHA512
2ff88b34818ba97c8403e2c477e1d6cd955192db77039f8473ceb5261e01aa41ed713c2472f830c8c43155fe181b85876d5886eaad9eb47036ca4932bd87325e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
454d6892c0e99d57f83e6ab35175c7e7

SHA1
ad406c943dfd969036bbddd4ab3bd0c0763d3f91

SHA256
c228fba6aa8ba6cbfe673045136b20780adb03eb30957e4d5c5adfb9e364eeee

SHA512
eb484337ef7cbbd22139f13efaacad8e292fd877137f59c1b0c9da2f6d836190736d14bae1973cdb8b53cf7156debee5f838f18be44e25b624f669911a477745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2abbfe5bc3bd0e54acc0a99e0f51eb2

SHA1
2b2b87aa95e454f29ced8ece22b249e85dd18550

SHA256
fa58ca030134dd52d8089b16df9cec0fefbb3f1b5cdba889c6504d63d0b24801

SHA512
2c5a44fabf38e3b1190f33ed6bd8967ef31199ede473c8afe22b29cfa4b4d90c160bccc29a018e17540d3ee9948a14473b849e24a945ff2ee46d837e088eb3c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
495a56044b1edd7878631c142bb1d207

SHA1
51bc43b1580fda7d228ca68910f5348164f10b71

SHA256
a3f840ac8dccd9a00162baafe72258da9c53a63e0b72cf59b22d946a7ccffad2

SHA512
b42e5d4d43bece156a8a114a7c6c081e20832b96a362a7b10eee41734f3a4e77d0397d91ce25b24cfa0272f0dadc5824596f75095fa4cd6b1834de5ab9772760

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D58.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DD8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit