2c83f6d47d78b9a5f1c2f67546c8d84fb4fe8d0ddb901d1fcc07782a01c1af99

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c5b9f89e229925c3483c5df92c22dc6_JaffaCakes118.html
Size

896B
MD5

2c5b9f89e229925c3483c5df92c22dc6
SHA1

d71b6403af17ecce62f57cd1959825b1680b365d
SHA256

2c83f6d47d78b9a5f1c2f67546c8d84fb4fe8d0ddb901d1fcc07782a01c1af99
SHA512

e43f223d2cf3537f324005327b267dc94ccf754f319b213100422fcc1f8cb4e641d21d50c0bd810fe6dbb8ff1aeaab37c795a403eba6eced3e059afd184e6f12

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001cc02de9ca452d3236c421842a1f2fcca4adcee9aec68a63f22f55ba091b3457000000000e8000000002000020000000afaafb27aec566e12966c0d8a549084eb23246fc1d43b069b21efb94725c116c90000000e7cd11ad23c8d4a45f3f8297a16c0a9e420d99fbb89db540907ba889344181c56939624cb2c5a6336b36e1efc32031799fc78d9b8fd394206dda2b947031f7f87ff443756afac32b0bf0f2c685ffc1cd4bd2109883315544084eda151a131eb288efc586990301294a4fce90a5f9bcd9567bc83dd362d345cdaa3d4f46d9e1f201389c009ff8fb4fb26ddd769441fc42400000002eb5bd632d0d2547bd338bf8ba26ae7047ef345eea9f8647eecd74cec8dfd5c6e1973785537cf01c5ad9a0c1107dd5b15b45b0bfc651ec6be4a6f685bc728ff7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000003c6dfb3e322ae5c681ee4e3c877dee978403e8907b0499863b08eeaff625da1e000000000e800000000200002000000094d587064d7dd3a32ae348e33145e85bb6b9b88d7c3d525f17d99a8130864fa620000000ff653f38b6a41bea343ceaac4c04e4dbd75e60a092d54f18bcb1757c5799aba4400000002a4049b1f3c443fd351c713cfd1c7b00770f7a384f01a1c425c0e79d5f9ebb7e37853bc4e6b9f88fe441c34dc9354c225e72fc506a71d3aaf668b53c7285c8d2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ac94066ea2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421461476"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31EBF2D1-0E61-11EF-965F-FA9381F5F0AB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1264	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1264	iexplore.exe
1264	iexplore.exe
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 2216	1264	iexplore.exe	28
PID 1264 wrote to memory of 2216	1264	iexplore.exe	28
PID 1264 wrote to memory of 2216	1264	iexplore.exe	28
PID 1264 wrote to memory of 2216	1264	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2c5b9f89e229925c3483c5df92c22dc6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6588dba83464a148d02613d113743c1

SHA1
49b03212de822d3fbc528944cfd3dd9861a13fa2

SHA256
7226f31fb0aa7a1640593ce7e1ba522835ccb5644fd2b4b534cf2f4680cfe0df

SHA512
5d6bddc01be8811f7aec086955f6280c8b3302286c2815b879c0a619fae863749ac4ac37b462357b2953d3d08a8c4adb6b9c945b4957a4397549e8d6d6e047fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2fd0da8c9f84fa4d64efe8c85333b1d

SHA1
a2322ea2dea254814ff24c3ee6dd90ce0521d4a0

SHA256
27e139859c90279e848f9670a6194737918e9e0a8b4bbd6224792569ff5eff06

SHA512
4ed2ba6ae8820111e24a5591a986c95875897da4b2db2bd0d87eadfc8a0e2f48046ee1a5fde5949c309fabc53ca245673f0af18f1ffcd63f737639f51c4bf576

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e16de046834ba266da903a4b3c4a1602

SHA1
2806c081363efb16232e53b77286fa12f28c4ae4

SHA256
c73b0c0553975f70d87eb9a3eb948d7126d721dfe5fe1ac948f0e998fd412d14

SHA512
037e0eaf05ca87c04e2c3fc3302b6c4c7c9b985b53446957cbc7a1b6844ed973ca9125008b392f65d60476a365452489d6e17c5475c318a72e6799a31590ab0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b35ef51b3dc0ea85a27dd5904befd14

SHA1
401d2e0be26dac91a2a1347996458a03fb66b149

SHA256
fb0c9cf510568344b736dcb060a38c045cb3af5ae00bc7307f24af7fcbbfee90

SHA512
7db8633ec58349675e32fd900cbe1034eb860d389dc4778378728b7473430e0927c093209b5413161e7c0cd1f68ee1e2835d229c1628217268447b4b31b7091e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
212d1c815340bd7d9365f1f516e3f276

SHA1
e9026c7fad07ee0d0c24cce3e9387e579c60e543

SHA256
0a166e876ce9caf9d21d8df0c2ffa843884d5cc34a6ce6192dce0e0d893dbc37

SHA512
c21bb2ef715ea7af5775ecd785d381f3881f03332e47059ad5cc8fb190af10c645337edbf26456b4332881859185abda644410552a82c22df383d13917a0f8c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2462f1135d40681e65c1218812f6f8bc

SHA1
fa772c94f6dca3887daf096d9238f1d1a23a5928

SHA256
90858248aaf00a8bb84d968f999e613e6bfb3bc95497389cb214970f2bd09ea5

SHA512
d2dd2b1c1b4925a0c0040380df95a523e9d31f55b5ca652d4583d4a7927d3c32a2f5ae4b26f74682a911ecfbdf409a124351407d85c3a80b922d22af221bf8b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35574b84e819475fbb30d2baefd8bb26

SHA1
4329eba72b36967100d231e64bd18de79e322c80

SHA256
73a8e3270d9d43e57e9836c947cf52d9f932e0ab4e5dd26e85c7fb31424978ff

SHA512
a3ee38a0ae959fc30966746b239ed2ac30101ac94f911665d2f13beb9d7800e583789dace79063c73bbedb452cd7fe8edd7c43f2250f4e8a0cff0c3c1e0ee91e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
139cc74d85d74371c5ae2454e275a394

SHA1
8996248e3936121b7382579bc6420128e7ddc26c

SHA256
5de14bfe9746280547fce7e28f4fe4c74c7f3862542749f93cfb098bf2aad201

SHA512
0a23b9ae73f6c48219a45225f5c15e68862a7ef922a9eeacd3d41fdb0a798c7511322be781d202697e999cfd2e894acb4048202ed1c53b746c9a1977c409dac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abe84a12eda671afe15838e7d0d5135c

SHA1
36a8569887153c9e5099d3012c4c38c50a3d6abe

SHA256
1d461e7af495a57022c77c90e4085deb93365515e2d02002e8ca31c652c6e6ce

SHA512
190fcd4c95e025d865c30351f79fd3911bd2c1fbc91d09478c44fbe2f20577fb90eea5c524f3ff75984a89e80bff38c7320a5f0d1cd1337a6623467978a0bb4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fac3ee94bca9e54b32f6524877f3197a

SHA1
98188396045a77ba6b14738be9b727c80f251126

SHA256
2ef35de82e245f6e09ed64102bc30d12246b6a43aae5b039817b2f84ab888e79

SHA512
4d7707a9e8607a37af58a2f378b8480c6688c0f386833f20ddebfde013e74ba4742883829389a70ea200a3ef2c9d87502f23685c6500599671dfb6701da7d7d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4874be6bdc73494f41aa07b8a8d8858

SHA1
100c336290d65fb7306e4e939fe9060ab8e399a7

SHA256
8a005d67c37798af8057dc3f7f28b930620b09cd13998272424327399340f816

SHA512
10685b9ff2a25e9f9921743eee90b16d8c4271abb7fbe3c0d70400469fc4c383ba89e9e36c4c0fcefe21d1eaa1b89e4be804970f906b86b6e01b32ea1261c5c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7eff3c9042f4c5fe96b1ad01ddb649ac

SHA1
54ba80b33c1f3e788a7a0482d6f38a2b0b854db0

SHA256
b5b27b33cc5f3e04c4c6e4c0e81553d07d20271f1fd506ecafd7b96d3862fb50

SHA512
30da05f5c3bb5fb5dd64ed0af8751c3bc3e054e16088a14edee259b2fe0d3c441a66ece2438959d3606b73a412f8a3f1ee172605eed022334bc1084f0b45981a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c6d6fbcdc7f9f9c7fe6b02838d505c3

SHA1
89b2af5ac6db0e26127e9fc8850d8714adf867df

SHA256
d0636093308c33094ee3f18a042f822394bb4a04c143861335520c6946014128

SHA512
c980d3cdc701cd3e99472f4c8324858660287885f55ff7a8db116daa15a41d7c7b6758930a9630edd5b43b5f25ad323dd59f93e20f12d3b8ee5014aed03d0732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d51b7d0708b74be97a612c29907386df

SHA1
56b11bceeed7e76b266b6c7061f8b6a8cb6b7ae2

SHA256
d751ed8021b3aff22db81057c42cdbd701a4d77063f7fc83f56dd1aa16144e83

SHA512
2a91c9e3f7a25f20facafc9cc038e645e350a124aaa235e4977ec44ef44e540e5e561a6f6f9700ff7303229ba56dedd50ec3af9388acc9ce1300db6223d73e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50f9905b4b7572bb9d1b4e4ad17604db

SHA1
cd5329444ff65b71951e23dcbcb71ea2054ca9f3

SHA256
f64c692b2c257cfab8b4a6086e13cfebd1b91ea1189c160022a6c988710bf87f

SHA512
aeaaf30b1741e388921680d0d351876b4562aae13f9453105b1cc8cdc662659a296e0ee3fbaa2c08364b5d20d5c6ccabc0936a7fe45504af81eec2e4336d952e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
258c6710ef60dc67aa9e7589d4c634ba

SHA1
5797b8194a208875fe406f9accdf088e3a4b7a0a

SHA256
64957c202fe1d9715fc173bb1748e4b58ef6fe169e8f441bc6c7008f6bc52316

SHA512
5e161cb0d1c4dedffb0c25f3c20eac0e045dc8959d6d5be9eba7273d1d627aeb95dcd805e7714e6790968e7c4e3bf2b5faef671bb259eaccfff4ea59e28de6ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f1899fcb8756e198c63a7d5755c61b6

SHA1
eabb83706d0d76ceac4f6980ed45842aa9506447

SHA256
f23e56ef42af97545d9bb777c6d778d3a1cc18707864bc6d8f071b48c5f18d65

SHA512
8ec0a9949b1c586c33ae6c6fef454f424dc39821c2ba7658229bf29487abe8606ca12d937b7cd0806eefc191f163e56f7462cb6b682fe18d1e0c4411c9fddac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab434A.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar43AB.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit