5d3e8868242b3a06445728efd57598e7873c435f8071c70b20058cf64ca94391

Analysis

max time kernel
138s
max time network
150s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fef00b332dab4e10f4c9cbc0c16fe45_JaffaCakes118.html
Size

117KB
MD5

2fef00b332dab4e10f4c9cbc0c16fe45
SHA1

534eaa4fc3015196e3e8fe214b35a7db2e2b13c5
SHA256

5d3e8868242b3a06445728efd57598e7873c435f8071c70b20058cf64ca94391
SHA512

3ec257613abaae7cfa1e6451c34bf5fecb9ad27e5b7a1d93bfea08ca38bf58f5bcc249bc881151ab7174f94864fc655588678ef3d91425952692498d11e6506c
SSDEEP

768:c654De+GdwqOowd/+a+MjXPsaKDvHmNw+GQvOxobykQ/lnMN5CdMcW5whWcsoAV5:c654DUwqOowd+lLcXIM0c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000128c33a129a88b657c412493fc33abd1db236b445608a169b5fdfaf703936268000000000e8000000002000020000000aaeffd246d6505b7e0ea3055df5812a49de5957b36db652fbd0bc27214a510c420000000f167c424bf07cfeae8f1bc25028ce1702c0b420144734ad3849570e48b235ccc40000000a410b7584cfde967401b1111556dd1891aa197247b5c58609836db27aaa4f88b37d23f8007a63c4298d3b4f4595ab719a26f4c14e0cb436c757f70c9a2683e17	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d72aea081fd06f109a0f1d8d137ef7ece473f2ecbf97ee89b18d3c7e22aad98b000000000e800000000200002000000092fb8d93fab773bef5fa1f20786fc5b7f4b1b1b0b77b70e47fcf56143c7a66a290000000d05bc625afdb91f06cad126d4b4a94e1375cd573303232d524fb200ffbb8320b5c5b4ec21b3e33a908846d85c2a4b9734754f7af152f8ba9b20159192b51705f31cb7b58e87203077fbd7b03688e1342c743456cd7d749834d2c492146f25b78c329c1e921b1dcf9f585dd50705846d4d43d7dadea7b267bc2b9070e2c728de7db3f4f56e20f66e8363f3105d55b185740000000a278c5f129dc2abe08065c46205fb3bf11d077a641a909851b85a332cb664bbaf7f003e02321433d585a96495019e62aea2f90cc615ce1e748604eb73d84ed70	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E944571-0EE7-11EF-9BF3-52E878ACFAD8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80851e04f4a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421519023"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2832	1700	iexplore.exe	28
PID 1700 wrote to memory of 2832	1700	iexplore.exe	28
PID 1700 wrote to memory of 2832	1700	iexplore.exe	28
PID 1700 wrote to memory of 2832	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2fef00b332dab4e10f4c9cbc0c16fe45_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8a13e6fa25656fae1ba118a6d27a348

SHA1
b7322cd9a8bf34b14fd9cebbb7c8010defa38373

SHA256
199687e8ac0f158223bd1901380d4567f62f70b03a0246cdc831642466c3a4ce

SHA512
815e998de388206c839192352a072099c37513013363972742f90ddbbd5bfc78e78cf87332be76ddc67cac711e5fe06ce41c0180ae2f700f4b0bf59b2057acb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c5d82449fec652286f235e71ca6bfb4

SHA1
9e824a52aa87537f2451d5529fb7296919c67a86

SHA256
40cab3bb42568572027a44231366b5657acfdcb1fdf9774eeb4a68e542314d6b

SHA512
33e37d245ef88b1e7d63cd1159182c6641660b5a23e20e66e99195d88a01dc6a4b8f1bcd40fff24777fefcfcdb54856782230ae60a9b13cdf0407a02434db718

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d675ee3db1fc7f954e9d1558fc4e40a

SHA1
6db85a1584c14735fa3aa931b103da9aa4fbcab3

SHA256
5771099f5479148eaa63578b0a2a78b5c548ed425d393970797b2bf8a4cf7b39

SHA512
33dc77d3e3a933dac50e8da3c738a3d62d87311180c2b837cf1c4bc3686124305f1ac87048925ce46d89e9a578c46bb62930a6f4754b824141bf408fbcb24a31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0066d642befbd72ba9abf120000c6d3a

SHA1
01a8fc8b387d8a540856227811ecf8c633158a0a

SHA256
5ff9e87cad1517d18da0eb48fa626904ef491ccfd2f9dbecce5e9ff3dc6eceaa

SHA512
5a41193128833b892912242be49c5a882b93acf98138cc6385679816bd44711535c86690eccf3b1f5be5867cec736d6fdb0dc789195ebcf1da109c644bf36abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cda6a2cd6123fa1e333da8cece91504

SHA1
47ffa9ec8eaecdf7438c99354387ad2f7441c271

SHA256
89b9210134488dfebed4462098bf164fb55a5a0d0e8230de04d44b69454a2584

SHA512
12acce847680d36f74d98cb13f9647678becfc18ac2dc998a8413b6b4f946f4cd1ecf26990730c5a615f5723a8bc4aa7bb0ef062daf2c1a9ebbd2601c1d5d24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9476c615fb68e3f73d9901f5f9d735c2

SHA1
53be11b813f99978efa652ff813f6acba08397e9

SHA256
a1cf191f934c7e154577ccef2f0ad5c9674bf6404eafa99d761f7200d5cd4207

SHA512
c56288c6823e9845f9f4c2bef244bbc8a86363b871c4490df3bbfd472b8dfe20b3b51b4e4004ff077858034500e45e7441f2bf377390386e7b88650dc25b18a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c3fb4da8916b88bc6fee8ef4dbd4c6d

SHA1
9d8fef2aefc311b83912a4601d90823d1cf03280

SHA256
a69b7c81bff79359910350e23d3bd9fefb667c84e88eeb39c5d0b1f56eec7b29

SHA512
9d478d0c1ac0454b60ab1e9185a8a6e8ced3d5da88ba2cad69ef964bd410289c98dc60bb31e2375e2016cb2eb2de15ae91ae4c8f13c23726dee36ceb7ef61f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
befe290c0e74d23475ac6ee3b73968b1

SHA1
b4c6631168f6fa9d0f5df7a20796b1c42c014c41

SHA256
0d2b074da95582560cf670b49989eccaa48496343d88e3fe122f0aa6e6b6cd25

SHA512
24ada31224f313949e62e03253a1b03a3e134da28463bc62349c983771e63067d9f328fa0782fe360de040edc00ee6a5b8a5e3139f13a6598e57d55a8cbd7c28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18163f485d94ad5cb183903a2a339484

SHA1
7bba17741a5cc5852fa45a56a00e32d83645d633

SHA256
9da7596111c63803c1bd3bae07332f10d5d1b8edfd8fcdd3ae28565f9ad693a8

SHA512
7c22f45a7be2ed85112baf8c1c1d7f256f7414fc5925121f358108dc6097a152b351f5e4cee4ad39d5b28d774ceee57bd3398f7423746074c52ee764cb58d41a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3c95ecafb6f8ed4509e565dbfbd9e2b

SHA1
2a3a7295a8dfa80a54721f3e1887f020f2f15d08

SHA256
a14f0ca78d6db961584dc4b9fc06ee3681cb03e97dceed855ad6b07270e55e5c

SHA512
78f2dc95a4ffbe9e695b4dc3bda312774ba2bf497f970af73d283e4c9736ecc5d714eaf61a64e8b3a66c0e3047ae4bf2c25c411f1e14759eba30b28e0d2c1502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c05cfb213851d0e15d42080541d00f69

SHA1
86aa75b9670346e1da1de1cef77f44aea2ec2419

SHA256
e74183dfdbd5172344b11bd6de5331baf163c57157c1beddc118e6a43ac98718

SHA512
7e39e78f1c71f689de1e7dd6aac1254174f84ba738b69eea49c7896b3e6492217601c0ab5ebb9e03500daaf00b094cde32eb623891b016e951ccbf828ed4e22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b9c3dc2519d3c92bb8ca84e291998d6

SHA1
5208011ce50f5efbc74b0563e2eb78b82982bf2c

SHA256
d8cb18e7b43287ee8e4ec6f3d014480d8b755f6bcac3429b67fd44932566f086

SHA512
98a2d5862e1f7b1128dce1209beaba65c4872d186219f29ee72a9f8559174cf472ac8f19c323d62daf0ec11690577482d006f863cd715494b2adc0f44213964e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1d55801035f5fd3b8ab5f15e6e82773

SHA1
3e47c02e3d45c4a9db3633570a5ca5b381d0486c

SHA256
49916ae9a7ab2d02080f421e7ca386600e821c845143c91af916c45e82cc692b

SHA512
7998587e37f685ff01875dff04dd7f409a2a25fe100f720871324bc0b275bcf28e0c4b339924330e0e7273486cfa18f85e8f5262b5b046ae7dc43c4b46014fbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5316a4cd454b5038cfef67d50520ad4

SHA1
14fe1526db68b49293d8fed1a8a646077f68e049

SHA256
daa124f48c4eb761a565eadfa007b8feb10a03276071092f8b457c6ef33d98a5

SHA512
f4b80533d89d8edf4714deae743f3258549edd0ad1a90e5d1d9033a164b782eeb9acad73e05e290cf06a084a7e28033e53f52e9f2706548eb4b5da5aceb860eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ef31cad15412297610b5cb317c07b1f

SHA1
0c907affa3ffba94e782d24f4ac938de01501969

SHA256
e440484f364cc013dee2a80a74019fd00c8b23ac75de41dbbcf29e2c6b0127b8

SHA512
d6680a027d99c04078a37c223e3e40f027b4025a6a07af20555bb8213a97c5ba7cadf19c7eeeb288151f42bda89ef1cdfb912a5968ffcf1dab571b6a4d324c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cc6f1a883a1b9e51d9d5d8ea1830083

SHA1
7c07b6dd9768b65cbe9145cf337115147254f86b

SHA256
46a65a4b5da4d302e800ca5e84a20d5e22c89caf12a4335e018bbbad0378fc17

SHA512
22f0a23af96f3dbea6e65e7fce226f6efa27e109bc8561a1b81c7843ec171b0789cc0dedd7fa653bc0533d49a93bbbb98b49f295dd2a349f84d957f2d11cd2fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71073445ca5a7ab307aeabe3826d080d

SHA1
dc1c90cce210a6b6e668236ea3fd522bedac2e2a

SHA256
4594bb14037b325cbacbaac8c4146d00504feddda568f3bfa50c481238e3e55a

SHA512
e07aeb083065b9807197b0a482472345d1cc3f7fb5ddf51dcdb97742a209db4d99ec38b5fca55e8db9bc7c9de802ea152d34184a3db0a92a1798263daa49d75b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7EF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar84F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit