8efbe8180652697a46e43bd4f46833ad34aa59521e05be49f76ed70d4b209dd6

Analysis

max time kernel
149s
max time network
137s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e4dc51d67c3109a6aef4a554fd245b1_JaffaCakes118.html
Size

20KB
MD5

2e4dc51d67c3109a6aef4a554fd245b1
SHA1

7e000aebc86f938f0c8acefc707c73e5a44801cd
SHA256

8efbe8180652697a46e43bd4f46833ad34aa59521e05be49f76ed70d4b209dd6
SHA512

f425bc7b0d48ec9239c2686a8bb8e110bd64b12039c60e4c9e325da6df518d8b72c2171e225295528e6e231343e3243736d415312d903e0743ee544d27ce688e
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI/49zUnjBhfR82qDB8:SIMd0I5nvHlsvfaxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000d4e2f257b8ce4a1537c509ab2290b99d88c904da62784e6aeb6c6098ec0658d1000000000e80000000020000200000000f2efbcc5f6d41d45150dc39236769e849da6cb7068bb01c82b995e36d3a27b990000000d77fadda56a52d3abc82cbeb7eb2f4f2aae92161427c7408803382b14afa7ca71dcc6b6092191b1592c3e972194679648011c0a7758993019422e4867852782cb8bbe3154f415ed8a34cc58114c030029d70845fc7c349e0b17f6bd55b95fcf13a90baf4d0e5c83ca14d92c0dcd0e74aa0b5faeae346f8c8886cea823512839e7c5865dd9add4f41fa3c1171c7f0c71d40000000bf8dbc5aa25fbc932e9b9b678ea56d8172005b6ab6f5757dc1fe1e160caf4cd945071f445c014016055690b3e79ba866efb557a4801443a0e731d20a91e599c5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d25320b7a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2A91E3C1-0EAA-11EF-B27B-DA219DA76A91} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009827e8c2eb899f37cbe7f7b8c8fd889876533b1f0559e6959623b9b0e1eb07e4000000000e80000000020000200000009ba697d06ab3b3ea45064fafa7abe1d8e68d152d31f9ac6ce3f0e6a89998eda8200000003dd93967360a23e366fec032c671f34f7475765ed1b32c73adb0521efe166709400000007f52b80149115179a3bd6777f785b81b8e0ea747b13c9f9e3375a93f9deac3f941b92e89cb10247cbd7a387392e7ddc634324fb37ae2863c252117ea8dbf7fe8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421492817"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1900	iexplore.exe
1900	iexplore.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2744	1900	iexplore.exe	28
PID 1900 wrote to memory of 2744	1900	iexplore.exe	28
PID 1900 wrote to memory of 2744	1900	iexplore.exe	28
PID 1900 wrote to memory of 2744	1900	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e4dc51d67c3109a6aef4a554fd245b1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54b3afc3dff4af22deafaa40e1294791

SHA1
64295787338080e03abf5f3406f4b62c3f9dfc11

SHA256
84f22341846e19a0653780948803c97d44b73a45bcf2819aa03ddac06255b6c0

SHA512
4736c7c85f61d17962293ec2b3cd170a1ae5ef67b73f31a808361f17103c5dd7f7adbcc4182716ea1e6065eb8b3a33dd79fb7b8ba6128fb2b3d21eecd4332aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84fcca1d76fdba93a540dc5f75cb7b3d

SHA1
f731994e44912f21ad4ab7e324cea72f42ac9b75

SHA256
4ac4dc38b363c815ddfd716d2ca1d755b3988e8125ced7e2885440c6bd9a653d

SHA512
f76a4d8a2ef6d8fb172a223b4d9eee5c15d1971fb2d5a6e4ae2e951ce548b535ff9fc878195afb7db8be24d9e610e71e3d3006620e0878e5af9f36fcec968ca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
192c70121f3e6164933b02c7064e3dbd

SHA1
91facea51afaf5d97e3b6eeaf97b5f8bde8346f3

SHA256
74473aa80fb8bdd7337372febc9f30fc20643da5b0341eba5b1e499b68131427

SHA512
6ba6846c0f14851f671dc9a45b50b5f1d012c5d80f3ea61e27a0582ecf360bde3878fe212ccbb8cfc684437a46b6f597059637a40d6d7ff32e21dc43c4b31f1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14d478b11a16e7b6b388fab1e296fc33

SHA1
9ac49950952a3f3002ef74d7f01c7a29075ac4ac

SHA256
14a2860387d156e5ec7c04370a2fd821ef7049f2c6b3efd0a4a9e6bdfbfdd2c5

SHA512
333cfbca4dcc8e28e1d4631da0e42cf151728ce0f51be38bee2af6b7f34e2090207d1c67c2a206ab7d16ca051727301ed23f60f2ee31b730401369b591f15f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0bb3a88fbd1035d55c41c880e92795a

SHA1
de1992d353041d99071e76378a56342e1a1bf675

SHA256
86f65e8947aca1743d041a0cd434757b26e3e3f543ba09eef8525d9e53189431

SHA512
9608a219779aeac654620e12d33a0162ee010b0d3cf08ac61a328db0ea953822e1d1d48fab625e1e7277b874aa11d1126a032f0411c301996a498953b8444569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4af206ba88d91d1d25cebe27d9d54168

SHA1
1ae36daa34c707794b00ef2d55d427d61050c3cd

SHA256
f0fbe581b27c47b2f4152350231da074ac00ada29d41b0b68bbb163ff6dd355e

SHA512
d96bd434dbdf6714e6cf8b89548c5a3ab1d572a713f78d53637b3cc05670f5940f71e2edf8cca9998a7f1f94699bd1a951a5a36e26ef36cca21f97eca3498f11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ef458332ba31e6676686da7491257d0

SHA1
17a92458f50177d3e250eb682486803e850fc68a

SHA256
6f2ac0d771b000fcfd49871ef037357ac26c64d9869ba002c827fc7744ee0c54

SHA512
81fb89894d0da338d002be874d54771b912e629fcb04221adf7c4f46dcd5a63aec29c15801aa2b710540835608914cf86fc76fb58a979b2a2ca31067bb708b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
610c120018ce23234a9098377f671fa2

SHA1
bd050120acada1e83be127394ff1f926d3f0d32b

SHA256
effabb51a0809362b9bd9c6af28bb888914e60a70f1c2175e014029ad5e595bd

SHA512
eee8b69801559db5b3f5186d026e7c44ac6c5ef6f9e196c5692b6a8c9bdee305a055210124a46616d429bb127f778bc65adcb97b131efa420f5f9c27649b6ed6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b56ff8a6e86dd415b3e0e14f81723339

SHA1
d3592a3b71574ea4c6c711a2c9ae703d548e815d

SHA256
5db511aa9f41534922aa5f5b33e0adc3e0678078382913a912c5b499e2f48a50

SHA512
a02e054dd390d9c7acb16a768dd098e51e812c0707d46dd427f08364fb540325116793818f853adb1881c31976b54d05467d4db3219ae92b0a7e57afc9c47c6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d59e3fa6ccc1b0c218bb6c6cc51aa846

SHA1
ab6b6949baeb196e4d00f5d4cd6c32a40793fa8d

SHA256
3d5e67d367231eec10a1fce0c954b170859053a4a1a0cbac572f920813e9a16d

SHA512
eaac3e10833db5d8ae9627370491a6dc38a653586e4ca853231c304d54b27725d01684bbc7535e3277a08935a42add759fec53ea3e809116b52b9a6250ec60a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9100d4a76d9dc971ea07cfa3b3d15abe

SHA1
c0ee3eebf6946181e1ada437e725562b64d65b30

SHA256
3ec8c2bcce638048e0024cbf30c190d58d76d3c2af5fd7d3d53b9eca0a76cc60

SHA512
7cfa4c1e4896c367c19525d2cc56af1e1cefa9092d9c6c7a14f853903f8ceb71146dc6b383ee9156f08155443c7798ff7b9eb3c4630cf73c068b3841ba996e59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afcc11f0952950e676a35408e46cbda7

SHA1
4b8fe3371422fde2ef65a3a52dc328956c267355

SHA256
501a57fcaaec3d05fcd6cfd32f818b599afdc905a55df42b416bd3b13eb84430

SHA512
b7be12bff9814dfb4255796edd56c88cbc28ab4a92e51bebc255f8499344018fe3d10ddfa982c63fd810f6ea11aca7a09e6a2b92026902ef5c25e17b62114fc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92a2a4324458657f3ad42f7451c9a996

SHA1
119b2367f41273ed98080196bf607a70c09ecd1e

SHA256
84730bf9f5995228e6db2b18d8c1d0d375860a208354e767d60ef70f13e8b161

SHA512
cd339004dc02a402f4ae56fb0781f1f352a52253dd66b8373054a931b393abd404ce91e48eae4238ee10662ead11a782a257ee3f7fffd0014b022e47837ccc4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f444c57431c024a796db260fc35054fe

SHA1
281255b60525aa04dc1745437b84b9a67128162a

SHA256
db9b42e8965e3186de9e9480e0c6bfbc3594afece4bc4d05dfb5db3ec3b7b8a6

SHA512
41dba3c8ee25f3827c7afe29274dd233daf91558d0e1ddaea716dec8ab629fa768e614296fb97f41875a58cab8e718f95673f0c8758707f3cf7915f2a1fc6963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
462982482d1ddd61badf004d15a52804

SHA1
effdc7ef02f76abd60969a2b0d9d7fb7baddc3e4

SHA256
c79c5f2e7f606ebec23f6673be66e8e4cd9e934610fdedeb3cd30a790bf96e98

SHA512
b113cdbe8cd9b2e63166dbdcb24713677a2f9b37ee62aa9b26d7525c686b2c70d86a2d8fbc7dc30437d8c0889793ee7f841db2fc35d17ee364f815600414d739

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5296c9e4648e25534c7fc44180e1bf2a

SHA1
5f9006416643cb46285e661bcdb8b46101c63a10

SHA256
0031c6f2f6c5b037b4ce33d6dec73dd8ce1d700a1d6638075347c047a957a1bd

SHA512
41f4aae0be746fa2ef1e77e7b9923e294a4b8ffcff4795a025c64f042b1294b5c68e7add88998339e709ae57a6474c4cee4f0dc30889201c375259040a4306c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d32f1fefa3eeb84846fa382e746392

SHA1
924bcacf00647165ade7df03513f146bff650603

SHA256
e8403f04ec524cc3b5024531a323f6aebc8a6d3751af4cb680b722b46b8a3942

SHA512
cfbecd998358a7de104d3fd2b7f52f97a5127b237695777fd971a6ba5efa52cca1b86175e2fba5a743cb6cbb6f939019274d825d0cb010b236f6517865cf9caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17C8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1828.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit