813f77f09e1167084b7f12faf356146b8ce1c3b5b22102543b2542fa2dfc1200

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 08:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e2daf61fb79211cb4a9263ef6a4c699_JaffaCakes118.html
Size

4KB
MD5

2e2daf61fb79211cb4a9263ef6a4c699
SHA1

1ede49a3e4769a59afcb7239126085ab566f0e84
SHA256

813f77f09e1167084b7f12faf356146b8ce1c3b5b22102543b2542fa2dfc1200
SHA512

9036e25334f31043bfc532cd16ddb9ff5ee2cdf418fec1ac3c061749f3f719e5ae41e22b2417b95b8e0858a081b9187524189e8ef152e717752fd3edf98d1926
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8o1KtXsd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b9420fb6edc5fdf81a50bb6cf7f008d80d14ba2aecd5e385360512d22759d168000000000e80000000020000200000005e7b196150445d6b99f943169727465050ebcdd69b1f5df725cd08da6379565c90000000e7d52f31ed437774c4294c5bc9a172e641eab58acfd629c7efbb545eec1289b8306c0e098c8fd2a2f19cb662b1f8ad7e0197d273069ec87b4d5c6421a6694cea4e433b0ad1b3f17de4298caefcfc0a2a83368fd072d50b646a4db6c1865908b174c67de5397e18ac34f867ca02a71e5e4f24d4eb4e2c8fcc0f97060d93eb51c99ed5048b8847a6cd267a7b9a6580c30540000000406231b322be2fc2a49416ede62a20293400444dbbfeda44106484956db0d0872d402c944f4d9d6ed1c7445b638222c0d7a62a1f72d9181c76655a06a99977bc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421490781"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D0BA0B1-0EA5-11EF-A57D-4637C9E50E53} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01ba741b2a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e3cd0e0efec4eddf774bdb9113235450c4c22c834e1dd41a753fe28ea76ee502000000000e80000000020000200000006af185a7d385197a6bc2dabf71faf9dcc42f7234e58cca0cadf3781294fbb6762000000084c40a043380fe39da7e23f2a78e2dd2b846232081b5f29de31a0106a3a3b18f400000006947addd37f79fa593e3b406bf108524337f8f2eac4305f6deb7a09a993355aec026fea80e1beb29e3b41268be896238ba8180f5a13fb5f8148168cfdf01cde7	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1620	iexplore.exe
1620	iexplore.exe
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2164	1620	iexplore.exe	28
PID 1620 wrote to memory of 2164	1620	iexplore.exe	28
PID 1620 wrote to memory of 2164	1620	iexplore.exe	28
PID 1620 wrote to memory of 2164	1620	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e2daf61fb79211cb4a9263ef6a4c699_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29212ada9a059331e6be968fb871152a

SHA1
9fb071d0ed949cb1f99b4dbd0205a92d3e847050

SHA256
444aea5afe090291d2bed1ad19b1b2e6a68609fc6dba1ed923c7f434e4bddba8

SHA512
4b242cdcb42ba79856a3aa859139e180f69396c20be206bea3c4b3adf289812d2a4fa08c0846fdfe23175c82e4f02b50fc01f276a32f233ba9812e998440a119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
791b3fbedaf6801d7a98fdcda8f4b540

SHA1
8f889671a5aba4f4d9f119065c1a876346f7fff0

SHA256
894460d14eca1a907625cb0604767ed371f6d59828a83be7e44bc9ae95de01f2

SHA512
4dd60e9c1a0e078d98321928458ee76d63484a9bc06b3626e29ca882b3b42a27dbd47f29bfc1d23e3f4993c73c81e645e19fa91178db019f880724e36283c959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a4d6de3f9381de959c4a393c552b8cc

SHA1
8e65049c04cd96a7cd771e58e9040a98ca4df246

SHA256
69da98cb6a6eeff40aa5a8968a4b9090f2391b295b41a17bc619e5d77828ecbd

SHA512
b52af90db12171228fe2a344a349de5f520d91314b0505d0d88f7064adb4886634cac9785fd981e07a4896a6eefcc05cc5c4dd1eb0cdfdb718c7062224438315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acdda58a9249102d805e3228bae88b8d

SHA1
84f4b7ea988a978a300459d5398dc4e9894a68cd

SHA256
cd1814d431eae0337ecacb5306cd854bebd08d94b3e1e451acb946595691d622

SHA512
32917a1c046902000e004ab8d7f1b6a95e57bab68e0a2ae8eabf8f83a47bae1c61ef832605bda486b5c2b5c5d871a001b7d36750ce3ed99c652990d5613c8cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c041877352321562d17c5d70e54c7b7

SHA1
4fe511ad5bbda63108eb4392a80f51e4862479c3

SHA256
b34b203caa6248354f4aa5ea32245db79ef9ec0389f988ee52603eac8eee693a

SHA512
581fea1750065b21f2798b72e5f32b9ed850f0d8ba3c5fbff0098ca98bb97c11be759c0ad8b2bd5d2fc1834273d76979feaecd66f0470c415060f9f9a2bc8bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
358ff6b9a34a52db4c9145c6df87bf73

SHA1
1528b2edd6032fb4fd84387865425eed33366054

SHA256
ec1424716fdd0e7054d6cbaa340a28ee4be44cbf3b1f45961249babd08cd8057

SHA512
7338b9ab9e81d44c654ce3e7df06c8fe2e84fa7c1d27ee6dcdec6e93e973ec95fd02caddac75291194c1ad9c562d17829787fa4b4ab505a7301fcb0e0e9e6f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37193aba41d77a8de401fa0a797b79ac

SHA1
890124a9f1aa131d5207ba6b823095fd23d8f178

SHA256
650242072cdaa4d19ddb38f736d1eb3bb73bbd530a3d0f43f60a2bdcd75925b5

SHA512
31aee97ba2ed24667fdf726792e0adc09e2a8690b782ecc6b257596b113571696322e38b557e7a69515c4278b7cf2a761c1d8668dc94f0e0584d620c5a3852cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18acc4b1ae14633da0acdf4eafe08ff6

SHA1
d488b6641ec42bbd858a09e71ddf700d349cbf85

SHA256
7614e4559fd6ff285c07f1fc0d3859b6506e3f6cdce6c9bf9b980070d62bbb88

SHA512
f2af97160fb743cf9c3411d8c73eacafd12aa9a0672eafa2e025aed15ffbd5dcd4eeba7b653307602d03436647923fd950aa64528cd93a97d51e3497f4487126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
214d104031690f5ccaedb0614af97972

SHA1
c8b40ca6647c011e625ace530d9a069ddd631514

SHA256
f5fb29e59908f92f76f723f802114bf1acf94750063aa61e88f58f0b05e98269

SHA512
48705a1799a17abd29f60da433c701c03943934ffcfd642997bebd03e490c5c45ae15ffe5dbbb2678e04a8bd00582c4c2c202f5d153c06f81636027b4c987634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58f9e0c6c7bd89a660b39bcf874a5d46

SHA1
ad91ee3c1463b38ca73da263391a1f6ce76219c0

SHA256
c208fda0b883e29785d36e4b74994ebdcd004b553c8011afad9a273abdce349d

SHA512
0b2a06d9a129336fa4408cb14e64a077558b652792eb83543db63bd6696c26c7bf9022aacf3eae3b1248e7d0479119d6040296c8008b5dee1c029cec514c9057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89a52bef611cfc77ee0187caeecdc30d

SHA1
238d383460f9ade52317343743db81715ee121f7

SHA256
fb82138c8974c5fb69f9a89754efe3431968fb4932f6013dad37d59f008d2765

SHA512
9e9fdf3088d2c6b25ec170ef2138e10362ecb992fa5f55b2a47b065679a40bc7871349738037ebeed17d68fc4e0892febc57d75fb2de379ac3c31ad56c9e9b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5bb3c71302166bea831caf00479e059

SHA1
e4b0bb6ca6bc5502c249bd0e1e949eb8b491365d

SHA256
6adbfed66025e78d2828fcbd3237dd34914b0d39bf12c410bd447db5da50f0a0

SHA512
dd6065ba8351ab2a9f8482e4e45a6e8984ef38cf16260e86b98da09c50ed56a360b1e486fee8c3e985482673a714f241ece2ac9663314648f78f501a2d46700f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
434ac2c15cf5056b5758d6d35ee3b152

SHA1
ce5a9fcf361384e5deec34c01705a52e1100574f

SHA256
7927a51dbfe1713e6cd2d40d74cdeee63ad05a6db66be0f9d84f15a9c8102742

SHA512
ca701696d16c25aab3c36ac2dd6ca51c38a569f1e738347e85ae833a4b35a5ef85f60421a7376a4563d5d8e97486c61ad56bd7b48e3b2ac7a085dcf968779eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca922b4feffdc8ae7ddb25da98882350

SHA1
c9679dfac33421af8ec9bb4f4ab3dfc63f778c43

SHA256
15bf15e074230e0fc68ff5301168f964b02bb20bc056d2997760b468b0c68a6d

SHA512
d3f5648825b23f3a7e99da7ec41a68f2d9309095a678e29a46d3e6e36501c4f63bbd860825fefb18dc1b84ae72733d33ea89e2a2197d1e064a5bcd296f3e1471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f46af35717736f997ad35050d05bd64

SHA1
b5a8d0d9624bcd5d84a559be65045720c44a456a

SHA256
c6757b44c8105c3c3888df60b6037095cb62a85a0b909cb782743e5240bf4ebe

SHA512
8965d114c13c669f6375aebcabd587813c054c3e9abd19e01e4f1285521986c3ae449051e73dad4c4e153f5157a4ceaef4b2119a32529dc47ecd65c04ae1422b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d95c44b51755b8cd0d286193c63cf59

SHA1
5466e7267e0c0bad2e398d282cc2d282835c0a6f

SHA256
f5384dc91b59578da46f1c21aa41dfbec25aac2e3c6eab5b0f70cd8b3b2da77d

SHA512
86e20188834aa27969c03b977e6cb1c1b20581e20a7d0fadb0a7152a3861405fcb7e7e47dd8e2ce543bfef14471655fabdb192c4ff02f39fbdf8151615e0b25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3064.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30C7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit