2894fd627b5062faf1b4f23a807d14bcbbe4b87ddb097857c04520d1d2d75c15

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e9d7b5b3ccc35dae7584fba3e1aa404_JaffaCakes118.html
Size

23KB
MD5

2e9d7b5b3ccc35dae7584fba3e1aa404
SHA1

c1c9915282a7c6ace2d7c3743594fc7823c07d17
SHA256

2894fd627b5062faf1b4f23a807d14bcbbe4b87ddb097857c04520d1d2d75c15
SHA512

134d8142be508feb3f8142e69cd5432f88a73fd98f1e3abf577a36ae6e15c1ff958f8d2acab1f33e0c6bc2cb19accd85afbcfdaefd24db9021a674f6c5a4a69d
SSDEEP

192:NusoA/9b5nanQjLntQ/lnQiepnjnQOkrnt/UnQTbnCnQKanQtmMLnFnQ7Xn3nQTQ:ksooZQ/Bj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a5d044f318d557814b7d3cbb097f45365528bd20c1d79876884a1133e775046a000000000e800000000200002000000043d5177ad11eafee9759758254e71eeac619095a98e00397f03a6560c349b5f290000000e61b32a1ff5e870c470958608988f5af76c14ce5741d7904bcf6212f47f4cb80293640395ea857c78b46c9a867890ced6355cf783812645a108b3f10ba82b7a21850fa4f7469351df16620475e2548db9604f280b41fe9fd17f357eccb262cc7f8ce1aafbe8dda180431c5819f1f4655398de8d52a6ced979de0d3a54783c6e7b404a7ea309071792a2ea33361f79818400000006629fa0617d84ed5433a0e549d8b7a6c0e006ea79d4459203725c6da8c9b1538298dc045108cdac60c9a47f0d92d8bd7896854dc03d0e5970d9aeac418dad06b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6064167fc2a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000008247c9813b3acfd65a34e034a60ef5b141b2de2d4bf6ee628c91dac7943f48da000000000e800000000200002000000067cdccad1829c51985fa0fcb04fe602c252e365ed21cc837ca7f1e09fec96d3820000000b97a6d5724ec547e6f7293ac0e8c3f5d2267b94c673602c733c3ecec9c9d295e400000001e4e87cbefc59b5066cc46bf094c945bf0bdd149fdb6c3199eaede00d17f8483a7d799f042c3b646c8c4d932018d5de5c73e4356170ba54c1dcf1383839743a8	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA76DA41-0EB5-11EF-B27D-6A387CD8C53E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421497755"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2716	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2716	iexplore.exe
2716	iexplore.exe
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2152	2716	iexplore.exe	28
PID 2716 wrote to memory of 2152	2716	iexplore.exe	28
PID 2716 wrote to memory of 2152	2716	iexplore.exe	28
PID 2716 wrote to memory of 2152	2716	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e9d7b5b3ccc35dae7584fba3e1aa404_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9ea37129535ff004e91506567a17e8f

SHA1
8af4de4f00a6a36504c082c88a9d0d99d6ec3d14

SHA256
3b90cde20ce25d5eeec5d888338506775c718750a514761284260750341d1872

SHA512
1476710e8774f265206214b621a43a6bd994ff4fb3e6c97c8ea6a147897a5a09fed99aa41d4cb5550d47e15a077647a07d87841f59cf070bc23186df6e226759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eaeedc287c2bd961cde95cbc749a461

SHA1
efc33e44fd7160ca6d2a3d6dfc354ffbe28c8506

SHA256
2f2e838987d2efe644a2dbb3afbeebe5f91b4b3c712fa9f9f93b00ff2ead54c8

SHA512
20b36ecd13ac75b496997c5f8f45d9f71047c3bbd86ebd7b807dc433b6f36e0b964c4905ee2ba3a73148625087ca0419853fcd61d9a380824f6b3c2faf7fb996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9a5fe9dc2f410cd5d8c9ff38d4b3028

SHA1
b0f702a64f4d9be040891fa2dc5901d06f2c659c

SHA256
3fe6b1a123d39a3ad606544c67213f949d66c8013896d2c58327a28a3828deac

SHA512
90865e0ca605dcfa15a7185fff6416763c665b45444cc0aa02872c319e8bd67d674d04c6466f2570c677ee42bc0cc37ecc927f7617e142d9ad9c7aed09539057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d39eaa3959739d458b7fce214b1e38e

SHA1
ca3ce1869a48505e96609e95c65c9767c277d6d1

SHA256
9db831eb9a7e36b92e091d424c97e3d583d29b661cec2ebf290ff9f02be56309

SHA512
6996a3ff83bd79855e08301d544a2b7bec5dc058c7da9b05dd19225a3e74ed9d2a65646e0c43b25735ed89f054f1445e1c61621d81ea072cedf2cec42bebe655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f97e9b889706f3a443cbc12d4dfdf394

SHA1
0b6964c03c65de59596992452186d081ceab4016

SHA256
14e18de0968655ae39dcd2f7657fc40cbd235ca6c5ccef420948e319b12fd0af

SHA512
52e79d6291542aa19081e353b54f2ac23399240aac992577e85124a394745b318469e3fd7e6c1806a85c366ca3f56984f1cc7905402d02f23ea71c9ecdd75090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
525e3dd7407cfb3ee74a346d76b1ab71

SHA1
9d4838279eab44a6ddae909368634cbf0b99f9e3

SHA256
d697ca3bd5f0d09ccb354e2f513f5825e9a7de96a813f302572c7a5c4afa87d0

SHA512
c45b1e4f6b2254e6a095aba5cdf61f19566b5d2a8a41c7ae9288f1ff3a8528e83992dd15321cf462320ae8d90fa310a1024643bebcae45e216a46a9d93493e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c37713895c8d4b8726efebaa0fb17657

SHA1
702ad23dfbeda50c983b62ddc0b13cf7c64ed622

SHA256
19e404689618f9733672ed561f3f801eff53d875a2eed63d13ad9a4ca5552e3e

SHA512
66a925e00ce8710310fb26589e98a321aac76a697f316085282a5be645adc3931bfa724297618016e74735d11bca9635f8348455573ad676b34c5cd7e505336e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14f658c0c6bffc0d5c14ad019a764ce3

SHA1
628369360341d6fbba0312945eaf8d30e1f2d6b4

SHA256
1e9e88a8167d1c16f4f2e5b73d8700e95ca212180bd93d308d5b52ee70c61dc8

SHA512
fa6a1a4b8998db8b56b105f73f83692ee9b2d0f7fad0cbc11bdd5e019801b35302be117ae7e984f40647fa3c91e53ff87b9e73471f6bab88d04432c9ce0b97bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
615723d7f620814b9432fc3bd6068a0d

SHA1
96d443571a4338d8cbca4833c71d1a9c040a2813

SHA256
22710d850598a96b1a9aac4a0ce8c579f413303241adca31f966887cdbec967f

SHA512
6bd763b4168a7c19e5699c4ba327d55cf88cfe87c1c03cd45328c4c6f66423ba00d8e046fb44cd31bf7e85ae588db909f31f6c037512b06ebab8c0ed8f8e79cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
662ce5c1b494dc917a598d70aa434bf2

SHA1
821842832c95b55e6a8b72367a15398aa242ed92

SHA256
16e60e0d9d385aae834d653a885852c7c2326642314fe4b10b454abdcc34a42d

SHA512
71e77be475047a53f7d085577593e8bf131194c76451867761cc0555e3f441609fc5392e0ff09355964ad9ff2bfd5bc7ada8e688cd824d9bcb9a9ecaf6d86976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3891311947d3e3f4d0e26343182df35

SHA1
e636191cb11755e64b4544425e2eb22382bf9d8b

SHA256
d141b3e5b7ddcb0f19ad19b87b0923e5d6e2c60fe849853a3500fa68947f8559

SHA512
25a6cd97f2c18889efeaf31d0b5ca1f3c26ef49c0523295f2df06a1dc5c09db47e9bbf3953ac23dadbdfb80c3f2f36ccba3221ac81e6d0703b9b93833878220d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79e08e6331244d82f6ac65c516e86773

SHA1
22167c857b8927d59cb22f3c4319f461d7ca549e

SHA256
3009adfb0e107847d05398261506ae643c32507ecd65a8960bbfbcab6972df53

SHA512
09d36329046a0a8e34faedce44d1120b80d80c05f1a44f1331ffc7a45d545a10f77b11a7abd396d013a337ad12b247b1d5d95b3c92a190ecf0e2ee8cb5bc0d8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23b2758192fd82e9cd74fe88c6b27246

SHA1
6b0039b634c990a29443613f5b530f9b5e61d73f

SHA256
92dd7aba7c904d15dc5b138408543b8f44e890e0607240ce7542e654ed00bf3f

SHA512
4db265354fe7df4104a1bec905e2e79ce7214b736f88c00c4e6f28df76eda2bf0bb658369bf8444d6068b7f3d9c440644ce6df71d4e71e99a91819bb2e03df9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e372c3272de5c69df46d720c2b436b2

SHA1
a0e9438918cc09c0a4060db39af3d4c42bd492f6

SHA256
f35e0bec452f9f7f747de7e7a0615f7583666e0857d141f3ad5c6c3177f11aef

SHA512
4e07db68c76840cd7814f4e283fd309951f75246cc4d10edb60d26e10db9721398a3e4f6c74e00796d3f52439a4723d950970578d22feaa7a5c61854e39182f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd17fbf4d3c7c8fa84b3b9602e0e7ab3

SHA1
722eccd9800e19e61e6e8010ef4eac1dfe731ca6

SHA256
38cd753b81111bfb4ed5e6d55cc730e6bf2c90af4ea7e86f8716c2e542cbe7b4

SHA512
8bd01c4055c9cb6ba9010681933cfad24e84138d27003fbe0885a93186598d4a57dd1b402cb6bee29103df589e71ccf83563f7bf7f2c4b02bfd1aeeab48b9bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38ab22679c54c10d585c4327310c669b

SHA1
2ca4b84ce3853acf1b9efede4ba30e429521766f

SHA256
e2e488aaf5d9602ac3f2ab67fc494c6559fcff0a8f3f0787e66dfcd2c29fac17

SHA512
6421948e775dfcc956c1651c331c8d9a72e8e5138804dcc9f27f88121bf266796452a52cf7a863480e207dba8dcc6fe8a38aa68cfb6e730b0c9d75776af2d34e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6d8049d72575b840b8be5235da3bbc2

SHA1
a97d978dba19aac6471e0477cf645c521a5f99f4

SHA256
d834a25235b92eb72e6974a50043625748a795d3ca587d0c3964ac0d51d891cb

SHA512
3eaa40f7437e2cf11c4359e7d2d1e8b41f11fc206f9fb170fea7dacbfdafa7bed785516527e63fbc46888926c912e94fefac4b93d5f16f055032247e484fc177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D2B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D7C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit