61183ab331a47212a1a8d4e91cc586b7ea6a769c2092dbe7c6010775d3000f42

Analysis

max time kernel
141s
max time network
131s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e3b2c41f44e9dbb265b9374bb3c0fa7_JaffaCakes118.html
Size

90KB
MD5

2e3b2c41f44e9dbb265b9374bb3c0fa7
SHA1

66dadd813af4dc4ca94b3c1684762730400d4080
SHA256

61183ab331a47212a1a8d4e91cc586b7ea6a769c2092dbe7c6010775d3000f42
SHA512

7f6e1b6fe501f2c43b834937ee0a1099ddf66c2f49d2e4fff650f57d7f15bc602c14c90ce5b33bcadf82c0ac786bc057594d8b48382fe2f486e308065888a037
SSDEEP

1536:qYdbopQn5ccgIlIQBJKoEC52xgPQ5eUAKqD6CinowH+rIVphsEwdx:2AKqGowH+rIVphsJdx

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000218c76c026ffa23052a6c7bb9698aace4ce1fb7254310762281cb561336a6760000000000e8000000002000020000000694ecfecf4f0cc4086baa5b2d9e87236a75f17d75ebad6ea5a1a833dbf679198200000001f91bdbb890ebfae94c3f4a384d8a43418402b9e4ffc6b5eb0c096abbe298c07400000006df2458519506a10882ef244f9f0be3ebbc233db7513e3c36c658332aa1550d6d13c85227293391d82191f7e27301824b61d401ba21efc37e735e7bd4b4c25cd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e051e893b4a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D1BE491-0EA7-11EF-8C71-D684AC6A5058} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421491666"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000000f7b69ee76388f9656bd93db52d47bf504f7ab8583cad607c7d0157a31df83a6000000000e80000000020000200000007440b4d90c97b792592f500c664171eb47ad3902466f1b5ba590c1002ca353f690000000fc62f3268a13fd8cdf38066487121cd719f42ccbbc3ef4c7e56dbef969bc88e321b6ac3a933a39aed2b8662e1b2f9235d547b4164a54cd742fc7c7bbd599c56be685c207266750dcbb7277e67d625332b36a9a4155f43c63da5e8bebb1081e145e061fcec42854acdf40bbf60181862c5861fa474309562b8daaf2e0f01ca92c4c7e44f5759ca0acbaa034f810a81f6740000000821b4ee7543c461acfdddd55147a365d1bae7f65048cb7d65f77da077c4d0f5528fddd997445b0ae1c9f8546a9a4d92976913e4f54fedebb5e65f03c9947dd56	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
108	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
108	iexplore.exe
108	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 2132	108	iexplore.exe	28
PID 108 wrote to memory of 2132	108	iexplore.exe	28
PID 108 wrote to memory of 2132	108	iexplore.exe	28
PID 108 wrote to memory of 2132	108	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e3b2c41f44e9dbb265b9374bb3c0fa7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:108
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:108 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2007661b5f84418c844604a8985b5e4b

SHA1
dde7b236c41818f8d0098c93eb6b1e1dedab9f1e

SHA256
ca5a08bdfd6d7e6ec5ba29879e2c8cbecb4905562a6895209e91b2ab7ff6d120

SHA512
01a2106c7433f2a7b04e45f88965a433a0772d89b4e74ca317380da72480825eedbf99749541012e97a18b6dd64c793ef8afe7ec1cac5fa5c3ba9e0690923e80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f351e9ad0dc6a499eeef0cb659dab97e

SHA1
9afbdc69a9add7b90fc9045899146cf79988fffd

SHA256
7d5029350f9477591bd5113d3d3fa788226c6114feb7d829dddd86a6779a2cef

SHA512
3ee983566cf5dd8f30f062ff98bf6759b95a20ddae1ed86fa3022311573168cf09f466ed386b40d9a9214aaaf59914f7e009e14704f3211f99c415530aea7c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da3ff251fd04481f2aea733149f2a784

SHA1
9de796e406b1839544384fbc33d87959f800cd16

SHA256
34d9d2a6f92465285bc6e1d9fe22bb4b1fbde668d146f89185eb2dd75706b637

SHA512
d289dcfc02e6e41cdbb53754eeee4ad4263de81c9d80de8a6f6bec1af351e0ac029c6553aa07397f81d513a9f84f8b0248a558b96307b28658055f2d0d21e2b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77d7796837407bd8f7cc372652f8946e

SHA1
2ff6ce4059981696ab11425fdb63df08dacef20c

SHA256
5e9dac0e305d7a29ccdc61b001e9a252bad2a41a295ff49810b404e9c6df540b

SHA512
26b1fd9464b43c32a9d0ac093b5fea462d54dc7c4bcdd8e40a886eee4e98600faafe2ae621972e01fbdc42906e3bd179fd4ae73b36207d6ab5d3dfcf46ec213a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce2efe09cc33ee598faad3852de69e68

SHA1
3f9bbb9817acff0868547fdcbaa88c50eb74c246

SHA256
b38a6af4be3cf624d540542044cc8429919308319c683182d7fb1cda38798c52

SHA512
69511554896ea99b0175488e8c700dbaf4c306c8b5bdca714d747e0b744be6f926557a0e1473a1eae187bb6a7522c0d42445b19bcbda6e48c3d5d7c694768188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a80328c9dca947ebf3d9e8a950ab37c

SHA1
1caf76989fd82a25b985553f03a40f95f04afd4a

SHA256
eea91f669cc693094e3d9f3c977565f74ce023a2fa25200a09b6a3b54919541b

SHA512
09facf30ca06fe737431a909b2ca8585608eef688b038219a5e3c7ade721c21cc5655ef49966d05b7d040dc42ccb35adfb790c04beb8902d087e06e77666b54b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74e8d95cea1fb19fd9eb6331c0c2225d

SHA1
4bfefc7d77e5924d5c3c3067ebca68009710a938

SHA256
eb2fc37c9d9c2f3200f36248baad6c065abb1200bfc9c0850ae3556273d97614

SHA512
e62b2d13f3fb0cb9a511501e08472a802cebc9f027af7791d00576874389e5ada365772071696a29208e1729f3cd2ba7a12c390edbd5e7a7917e411e8be8b5bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3c03b3b5bfd96e8fbe3bfeb67599f8

SHA1
c84d13c126a713ee78af4a736adcb372288435f0

SHA256
56a1637c88602d69e44602cbdb3ca494b47ba9a1ac016e5a84c9f98118cd8929

SHA512
eb4e3625991826b4ca3873f74c3bc745f89d981904276d1f63c9baab2d9b477a6b72152bafe0f3758023cd484a1bf80e0b2924e128f560b3c9734172f1c45633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f38164435f9c2ea77515cb6c16e3c272

SHA1
5963820781689c7f4486c2baea5be24320145e76

SHA256
3a7324166efdc40eb2d4555f0c90ee6b5c355aa3e1c10be99b4f4be80dc838c5

SHA512
f81cbe26f2ba54cb262560c58d8b187fe2670cd4cab1c7f2207c1f205ac87e3401585298b78c171a1d3b4fa76c1d80334c4b3f3ecbda379ee08e5529b221e388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2b60eae64f2d46ae37186b090e7dba4

SHA1
e8097903bf49d97d1b05a6e799dd22d17136fe0b

SHA256
4c8ec567bef7b0747d8963aa1144350f2087fe81b7e84145d5081f6a9325e937

SHA512
2023047279f5a3a2f53b806840d586024c9a5fdfe7915d9fe65c47de395629ea6466b4e636ff6cf824387562ffdb3c1b9f77c08b81f3a65555e9d90e7c3f8e2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4192dd0101061836680907035197900c

SHA1
81a21757917de7129613c5b8983156c17221afb3

SHA256
a44aae2824b49568b46f64b496771111cb4956f499f84f4a52e1390b157bfbc9

SHA512
8aa970bad5509f6e37c2939ac05cee3bcf4522b9054cd4840ec5830a1baddaaf9a65be66a9ef459894c2d149606495850ebad6deaf1d19a82d751d512f12924c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7037ada70ba4a80ab6018939ea15f02

SHA1
d12b215b0c74c3fa7cc5b29580e366a87e0720ba

SHA256
23001d4927a3ca288529851438efdf148fc57c068b1368b9c8ae2c7d3faf1e80

SHA512
101b7a8b6a5772a3b8c990199a9dc24c0640407dc65fb1b94aef5e2851c3cd012595c3bfb88c44460f61a785f310288a96a94d2c10a89e377bc13c0aaca17a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6451684f1b675b0473bbd23791f26aa4

SHA1
c195eeca65c05b4eb67893eecf0411731a894c48

SHA256
a5a2b9aff3ae95497ab5d7c4183386d5d305a89d18e5c2075fb1cd9a93374b1e

SHA512
9a7aeb611de4b1be834b0807193bf48f958c866fa2dd26f29e97b745f437f5d3bf9c01e1638d672871dc74fe8ff6f23c0e3f3588226732cf58b136519d494f00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dac8153cc658b131f2f566c980f9cfb

SHA1
2ee81c3c78e31b3dee7725a444d926548fcd1723

SHA256
6178ad2faa1ec8befd74687c4014d8cf60b45f028e93098c7ba4cdca286eae5d

SHA512
f461dc87c94a98941fcb1630b6939256a87882ce6f29e73494e34636e2f8d0f4c8568c8dc2f814b9cff7b8947af616318f06fb11431ee940ee333d715f69518b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
449441ad2563556d8550178cc4be396d

SHA1
71e9df8e20a7fdfcd60b7c25787b5c9857944ea2

SHA256
ee6d425b38dd850a384bd368213e02ece93a695cfdb287ee466f986036b9821a

SHA512
e3b68566eae662e959940578e5676443a8946f5f9006489b4e1ce51e0db15fcdce74895be02097f0c36996724fcee605ec0c68f1662066dfa753638d677b94cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09614cf0416765ca62814eaa05e83340

SHA1
ec6f28d7b4c62d3e37d38b2f9f4162e419eeda12

SHA256
fd66f494860707ae2ac3b379b202388efdda974a27cce2b7728f88cfdd0ed292

SHA512
c14aa2e4c881956f6bad348f4ce9bb74dd9564a4d8983badf6f89b870032ac8194cee3a8bcf052b780a2d5a69389656f7a915f974926b1e4892f0f03c5094f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d25b1a5a7d663b737d37a05297d6357f

SHA1
1d5aaed4e50cc9193a9e11bc4b542d0eb45f8498

SHA256
6e5455792d5a14c6744963da45871991761cd24a2fef3e973221b605fd86ba55

SHA512
8e3f8e354aeaf67c40738d9f5b807550c2ce5e45597d6c68ebd5d6258eeb1b8f70fab47431ed8a086dd85356bdfb93511198f02fce9c923f4ac56ea390fd8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D9E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DA1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit