f80aa9ad29a452de53ba599eaedfd14d677dc7cd46f302e166b9b9c25e66ed58

Analysis

max time kernel
133s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3032b15fdc7d4f491f92da666488dfb3_JaffaCakes118.html
Size

68KB
MD5

3032b15fdc7d4f491f92da666488dfb3
SHA1

aebcc5bce085c9e991122bccf3549a9526edcb3a
SHA256

f80aa9ad29a452de53ba599eaedfd14d677dc7cd46f302e166b9b9c25e66ed58
SHA512

cd8842cd1fd86c798e3327ea9c2a79e2b8c12c5376061eb75c5c3a59d70b87279ed07925f39deccef2ab9d273b6bfe190697acb2cbf9818e812920d83f52b3f6
SSDEEP

768:JiPgcMiR3sI2PDDnX0g6FDVQ0IoTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8X:JjOQSTcNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000047806e9e1f787348e85703a50ba40ab0946b2fe678e8002c1ecb1c9d69e13461000000000e8000000002000020000000361617c7f11410d1ce04709f6a8a4ce1f9f3ba16364565b2325bc3bff6a4e9d09000000035a26c496f41bf35b78c358f4c6fb10634f1f9e06c741887e654bd05061d46b15fe8020a44624a53230fa68d8d0d91346fcc77fd7eae41158da78d8c6a9fd7184c31f30b63ec9dc6f4e4aba289533a35f4c43df3c970de19a4ff82207e6757bd9ca3b701431dbaafcbf7013cb0c7619ab67ab0b06f27bd6f1503433e4b73f506b1dc629dbc0202a3540b2472146610ef400000001ae42b82162d4b0e1c6e665eac28b416682e5a2ba9e5aed7f4b360c41b1cc6fd745a3babcd420dc38927a4cf6d5a1ef08febe79e3480aaa9151d5ebdeedbdc41	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000b2ad4f588ad8f3308c8c56db52c1d332262f3c8534d1b2c62f82b7110b6628b0000000000e80000000020000200000009637da9323e6bdf6e0c403ce15fda8591640fff8e42d6417d594125bfd32b88020000000ceb08478d933f18d7e5b558e4f648112ee538228cb6eda44b30a7153b46d640840000000458f28b47da6f92226631a726eed0f21df44f73c950412d7d5dbbb63844c01e7ed765f18b62704e6a19645616e1c6215fbdbac5431b001bab95a62e88b385dd0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD961C91-0EF1-11EF-A7F1-FA5112F1BCBF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0123e82fea2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421523531"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1944	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1944	iexplore.exe
1944	iexplore.exe
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2724	1944	iexplore.exe	28
PID 1944 wrote to memory of 2724	1944	iexplore.exe	28
PID 1944 wrote to memory of 2724	1944	iexplore.exe	28
PID 1944 wrote to memory of 2724	1944	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3032b15fdc7d4f491f92da666488dfb3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45a811c7ab743b10ca73c4db314a52cb

SHA1
be42f327586016a604f63eaa36f22d476631873b

SHA256
c31fc361d525458d59351e0ffe766592daacf912a6dce96c99d0981df831f2fe

SHA512
542c09f7d2d6e99e63110750393fa40a99b40509c2813a9ae36695e5562ec75ab5b231fe9dd016aad7c66346626d1d20569bac3773e14504c99a575b8ec1f95b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99d6be56389cec4e4fd2fae340b2864c

SHA1
ae6f5fafa4202ae87a9b11e56f008aa3f0d1d5c4

SHA256
6ccadc35784e87cb04ca01b6ed37d0db2d474d4845cfed737efcf7b79ead9d85

SHA512
0211a5c608ec4a653104d9066077692a3c3c27c4ab560164626cfd48f443fe8a1bcdaea35b8e37275734c1346b7189fb4888b0a8fb6ccec5f42d6f16b7220e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7a6a7e1db0691ca542d580d5df00048

SHA1
6ccc99cbdb321602749211e96b22b17772f85b1d

SHA256
ffd9ab1b4469d643b556a8971735df1728093819b71edce28d2ca5f4d72f63f8

SHA512
bb4c89a8121716d11345d5007820f41a2a5794f232a5d4a6a5af7c02a7541ec3c1597b2c9db4cbfea217e0963d780e2acadc5466319ee4297ad4a4e9def88bd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf38b1c57cdbdbaf9377a649a36e1339

SHA1
90830fe5cde3a3f88cf64aa5f797164d862d7cd9

SHA256
2ecc6c43fa0e726c47de7e5c0b9cba1541f5a3ebcce925b003a59c55913378bb

SHA512
748c2ab71310eafae3a5e0d83fb352c65fd3e76333785aa3471e256024eb716e7195999cab319789f0ea083df18bfe25eeacb64fda2bd09a944eae928a958d3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ac6ca04900b550705a195c581c4c25a

SHA1
cd007498501fdbe3c51c3e45d0882565b4837a65

SHA256
8870afca04ca92b5a1b2c38d7f8fcf4c33a3d0e1950015ad15998268203bf3cd

SHA512
b3e3a9980c6d299ad7f5be4e863c1a8c4478589e23106df47b236ea19617e1df7758cf2396a244f79ad1e853c5a212e6257204470b9a3681831782624e7922aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbdf3947f16d30fa5b90bcd6e946c9fd

SHA1
f47eb2c1aca91c3ab8e1b22ab1538e66a82f598d

SHA256
063760ec3615f7b6952570027cb99ffa963d60eaa7e4d5153866c9aa5300573d

SHA512
573060d353b1fb4e809d4e8c0d0ccc96d275991442b3cbf19a0d008a787e4ebe5ab60c74849e0e7e480a7391e31a2ac769e4971e7795a9e8200bdf9cf13f21bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cff752642dced4bda7d1cf2af145e3b2

SHA1
003fd5ff212b71a29e7c2074deb628d0a9a4d581

SHA256
16f091ce9042a2c680e04650d3f449f2f86d8cddd902dacf79c1d76fee8929c8

SHA512
826836df0568de7bae3226bb96219a80ded6ce6324e310eaf6c9a66e1ad984a6290bec04d569fe5b385e414f0037c15d1a13d6cdfb9caacdf60607fadd01eced

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67dab947510c330b12fee1ec8a8d5206

SHA1
00d8d25babf133fc86d7a7004209088b17ca7afe

SHA256
9f6f48a64cff070e448a105adc3ac69e6eb692272c3c9b34dbbbbc7deac1de95

SHA512
a46d47cea4a64146eb4dcfddf7cac8f420b041b57b0de4815aacf888e6f41e42fb2d1f140d265ee0ef587937c32758d9ee10163c51813ff61c480dfbb33d3757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6d4f8df54108924eb84e34f5a9c8a21

SHA1
560370d688e8a271b18ef3dc3ec83a7a8f3edc60

SHA256
e28b6fa3cff174dc454e090a35d7eabf817cebf9f7a8f77e5451d159f378c500

SHA512
3afb2e98aa323ca03b0596a7b25c3d9690ce303b00e9adc364854c90658e81840a1144d40ba798efb1505ba8768aaddbb9429332c34f01eb64abae3311e5ef2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b6f6ec4b931482cab6ee1d8b5ba4cc3

SHA1
ec845499b2321c4a4f22bf26268fd81b8b08d80a

SHA256
16d3d04dd50ae192eab7d8fdd53d16d7623d9ecd37bd95d290e420f1012c72ce

SHA512
42da569bf3133f2dacb6a41d16d41bcad912016dc7d69afbdf82ab0d294c8f13679d7099c34ce8b82747436117ae346adacc6ffb8fe636dc0e566fb18d54e19b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a96b1c983ec4a3d4f747b63e695b3feb

SHA1
7a5a05c9d31595d4de2d478065553cafe4e3233e

SHA256
a9ec5f7b104ab63229efd7f5e295b8377afe01f0b840c64fa8ce4485296b6d2c

SHA512
bfee24f17b6755d0505be63d10a0a4b09857a8884439f711971e73bb098a5521a8e43ecfdd843e429e59afba77b1e532c918e8bf81f50e726f020e1d0b22cb7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
344874eeffd9edb126e6f3d041267f5c

SHA1
8dc0702e2eb0763e318147991325fc551bb309e6

SHA256
a4aad81bf35c61b2f481546b2cdaa1825f2abc20c886ff56547950a60e43b744

SHA512
be9243d87b75d8f1a9d9c4f6bebc6df42cbecd041bbf365484168ab1d29e9b2a0f438aab200546b2835392f3c5e07886586bdae3aa57404ffc7e9212dbb09823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed7f590e77789ea07ee7c4899254e232

SHA1
499a0e729e5854e712249345f5c4e78d6224ccee

SHA256
47431eb198fb8f29a41f7c06e6bbc412ea515ad36bd36cdbca6396c1374f5f98

SHA512
fbdb413db7ad0d1f57656736905b37fcf0c2396a2411cd06fcf8cf402af54dc01018b461f8d507435188ba2452323d504abadcc9f1f2331a422978002ab15254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71ffc8662e39b5289545b3b4e0fb351a

SHA1
ac24ff73a4d99b9b199b0f84cf6bfb3048876e80

SHA256
000c4a234fdefc8d38251d3f203fa75a6ece5898d51c1f699feea139140b6f98

SHA512
7821239e9fdfdbd4c0385842cf11b622dc9fe1032b0ddd7e0fc7661354028952ad6e495057f5b2e2889d1128f48daf828b5259306b4e8896032736eb9adf00a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b16d543a2438c967e95147c632235c9d

SHA1
a280b716fb68bc24fd89d2e0173aa3af70b4e9f8

SHA256
b4fe0238efdcaae4dc036414663d8298e7d515131a1c52afd6208b8b73965908

SHA512
efb57c4c611f800f00872e777119ac777b80dc88df90f0ca0036f0ca48a4c8d1383348794073329310f3b8e353a82ad0f060c02d0f0cb93b95e4d3d028e90242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67d4e0a114692aa1f4dfaa36530c4ac2

SHA1
0c3bc83acf371ff95a469b53d82ddace52cf1a28

SHA256
5ee3c473949a75d159867d646a139cd950703d09ecefb9d9ed013e383ea2d72c

SHA512
cf17f7f34661fc53a7c6fc39623a2b21bc8b21ba1e106bc1f98f3aeb80b17403c8802108b295f6bbf1c757ee12fec9739683909ecf3dd3b94db28de44440edc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A8D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2BEB.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit