5b158cf1709031e89c97f2bcc188080bf27a79316ed46204c429542ff295dd72

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3098554a9deafa27c01c114ccd68da3c_JaffaCakes118.html
Size

14KB
MD5

3098554a9deafa27c01c114ccd68da3c
SHA1

65245414db2669bd7698c829b027de55b466df5b
SHA256

5b158cf1709031e89c97f2bcc188080bf27a79316ed46204c429542ff295dd72
SHA512

158ec71d50bfef30486268c4f1a736c84b3543dd68a750f8fad16e2caeecdb63e010b1bf88a1f27ad101ddcf6a3a170f5fb30f62025b412a7a8447a4883e35b6
SSDEEP

192:CyiUGXayGiZFdjrmsSXhvFXuwQFCVCf78xy1wVM32VXq1xvXbjSQmvN5YP:CyiUcGihG3QFAi7sy1wVM32xq1xy1u

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d9abff8b6344ba2478f7eadbf529064f4dfee4b07692ef8f0e793c98b1f33bab000000000e80000000020000200000005ba1e2c3587ae00d1edb66a6a6c5ea556712911c5f3805fbf715a91b1265b21b90000000769e8592d2bac6ab9b8c85a9615862e1501a1965c87d8140a1ba77e23111c463e60062e09a12b80c8c54af0eed465ab830674971c40dda77e7d1785deb918b72c6f28d09de142411960c584e91765d5b8041411ecf0646bc864cc8322b103a244022a1e20da4db82eeb0eee9e2cbb2111c648da4588131d76281adfdb0d5d2f54faa961f9033b6331f41f88ac8f33dac40000000ab142bb1d9c0bddc68bc0c7579e6279d3bdc615004be0805561bb5325010d8554870dfeee4cf5a013d397513fba657f4ccabdbbdc0fd3e494785efb4654bf75d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421530032"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50c7c4a50da3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D10F9A21-0F00-11EF-B195-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000000db07722ae15267b618c679adaa7e24f5f46e0afa271494aabdb8a438dadd5fb000000000e80000000020000200000007809704d13ec1a3d1357307fc6f99695bd6455aeb45f6e09b6f2cdee724b75f8200000004b0074ddef5de9904a5c07064797a6c618373f6ca359c524ef4fe3ea37a7ade9400000009624fd4bba213f25723350a7594a11ecbfa26a144f7b66c91c8fab24b50ce221fe8d210010d9feea15907a51bc7cec092b5943475f1eeeda9c3623efd8b1b100	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3032	1712	iexplore.exe	28
PID 1712 wrote to memory of 3032	1712	iexplore.exe	28
PID 1712 wrote to memory of 3032	1712	iexplore.exe	28
PID 1712 wrote to memory of 3032	1712	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3098554a9deafa27c01c114ccd68da3c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6a86c2bfde02a1ab9e064b2d5f70382

SHA1
792db49d0e83f944c5553836c2fae3be5808fba2

SHA256
757cb9c9aae0ef038096c601da6c080a0725adff6453881cf128085a697f4aca

SHA512
9aa6413a687a8368e3075261d8149f054607266d5448fd447290df54d0216eb27b10fae2e90e0dd8eb6a54e8d55506372246261b3b068d6259d9189aca75445c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a0d16ba82c53a95e857f6cc8da0c31c

SHA1
fae6264ae616c4b77bee6c30fcf65db2cc05b30a

SHA256
7c2d7ce1c22ab70ab6412fac1cff1363438d935dace85bb97fe5f881d49b06f8

SHA512
0a41ffb8c00cce6bd3426a77232b755c04ee2bf941a989d001259b9c0a51f0a5d4e64ab4b31cc0509adc8a936e03ab45eac769e6be0e0441a760f46b1ed4dc96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
355c1cbd4825a8a02e689b4dd10d48a8

SHA1
8828a4f512afa862134e10b10ed0878a8327a3bb

SHA256
b1cb9ec2e53fb5d4ef830441c9e55b891ba098424ba66521b0e8ffad01b56cdd

SHA512
2c87fd8983ba997652f1fad92cde44a9ce265f79ca3dd02db236f1df7521bb3f15c0c79a3a2d8658286ac0fc62f05af5a793b622b406886d4535f9263a7b9198

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18b6ef896f5c0710d022b1354bee079e

SHA1
ebb6c073679f6d361c2a410339236b4d7008e0af

SHA256
3cddd07ebc963093c155b99e42062b2da0f6077715c355bed0c772b6cce6d1ed

SHA512
2723f0d395287f19bf5f2609c1163cc1f40d579d95594259c479c822bce4005326b6fbe325bdeb1c41dd2c3e071a017c811b82b6e139ffc32f92942a4727f06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44f2a206d07eaea396457ee8e2fb3d93

SHA1
df4f8e879d1306386fc0c1ae075876cfd7162442

SHA256
f061580a86a4eb46882b1062d0a52c88da24fd8f275fb5d782947dff0f94c438

SHA512
43a5678007064a403e09238c1556e6953b575912b947d44f007dc0a6ef082bf01486a3f5c07f60210f63d66482f119b051c812d3ae31aad5c72a2beba6d7da5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7bbec6e6ff07bd12da479c07f4a92f8

SHA1
d5b309457b68161104a2555324b52a0da8cd23ef

SHA256
e2399ad646a738760d0263ca153fc3db039ee8f910270f29642c58b3e82248f7

SHA512
26bc0e4117c16fb4731841f2a3f9f19495d4f44025dd2033b9603910fab5e64ecf16624a7ee6bdab05542d5a16b99c9e003a94d09b0667d7abe24987aec68092

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
929af562aed90e186bbbc4c18700e9d1

SHA1
f59d1e7e9111b372573c8392678fffb133148e20

SHA256
f065613980b9339c6cc3db887d6f7a3ea74022851b1f9eef6cc6d853bb950d5b

SHA512
6122ace324d2c670d66b5bfbfe7f066ac8fdd62b1109c209fa55683028b27c3f29203abddc2208dd32aca9ff5ed8deedd8c694b0d23f775760f87e1da789c608

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b84f3044de1aafcb15f89b9f1b405c59

SHA1
5eb4def08ecc74af7c5636947b82d665707f0f67

SHA256
04ceced20aa6b5f392ea6c020f1f820865d313f6237de9cbb6d9c3c8cd0aec72

SHA512
82bcd7b2bb179c1ea8376baaa6c0daf08bab2f9993180fc04d057cff4202ba6ccec52f4ac9e267985510206d40cb89e88c16b8dcb2cea5299fe31aac0a72920a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1366e8dabcfa7612ecd3a1988614b14

SHA1
0eae24be0cddbf3960b664e88a31375f03bcb288

SHA256
71535e9c7b5aed405bb0e6d29d51a06f566418066e55f4febc6d9f60f6691632

SHA512
5602aaa5f54d162b8c0c0b3d3bae6aa6b84079e6a39d6b86f2285169e838ab289c2ee824c15ef95b41049a893edfcfd94f18ac5f50a3f34000643cb847bfa7ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ab597f8c95f931f6bcc89607d2f697d

SHA1
f67714f3fa40bcc07e42d73e134ea9bb08503cb3

SHA256
b4d6538e4010b3ddad6e76a675cfc5a25553f35f64ddaa4d42803a10255b5a90

SHA512
4c9e5edf44eeef6bb3585f52ec0e7fd440d9d3302ae96d0a4794759be5bcabb9ce1b645aa0064d4ea48e8aac422d4f54570cdba568e8cb9162d0a11c0a9f80fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df0c398e2b0eece8aa81c324e004555e

SHA1
0662288a57c766723b8818e00c2e393204dfff95

SHA256
332e9366c974c665e8cc9fad17ac56d677005285a292cb668da2b6c5506dbf6a

SHA512
fafccd21cc6c0dfd07d1e0daf657cba69b1788ef9037ae3f39105c61555a126a252fb95d658591f5aedd302f07594ce778f23b0370a9bcce2cb9cd0ceb2cd134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a55decd61091625c6f923fa5ad628efe

SHA1
2caf4b0e60fb3b7af955e7eea0df638477a993f3

SHA256
0220b9a8b962c5c8ba9b9f738dfb46dfddff0f5ea80f5271cddb83b895fa0b52

SHA512
8bd3cd9451f64487df0fdf5e8a91e09ae151c49e6c817feb4d22dc17e5f3f6c7a16d039de95c3959529d872d9dd034bcda38e4e3aef56c8c65f82e27afa5aadb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53ba040e59fc7f0cdf1e33082afbb028

SHA1
ee4925be3cf8f1c2af565ab5e09e9ed338e8e6dd

SHA256
2ad8d440cc527dd70a604c2bb53bb790148c7c90c62a014e07a1ceef4d580b3c

SHA512
4f3cb6a8751add5d0370ac79b0b298934691962aa74423929ed48320d6d4e9bea854356faa2b74d353c75f0d241dcdca3e7e24e934f8af96905f2646192deb12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
560fa0b4c09ac512e202ae12e9caed7a

SHA1
3611d2b5f403a56eb27fa3b07be0b3bdf51e7f2d

SHA256
abfb77fc700f0398e3acb92fffaa9e5e842a7b5d7754d9dc7ebcfbd0013cdb29

SHA512
b4aa1e65806f7cbb058b838f2c988eb98ec291dda8ce55f55cc4659f7bfb8fa07e6abd7c0b7470727a620e08b990d4a2d21695e1bc5650a2618dbf47205a8d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca24d4f12adae83e2cf6384959e7fd36

SHA1
c5a3e870ea5efde7cc7f6ebc84bb23a3e2fc7d84

SHA256
d8c105cda3495fb51510c63b7f5a6c063d2dfc5c36d19e7c7a4bc01731eb8434

SHA512
65e91dae5d72ddcab1fc42c85550ebf950eaf3ca2cc89cd923dd45e7a75399ba3308d876c6bbd4bf2b27003bec5d3b19cf48d79ea1dbe36199aff8dfb2f4d511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
631bc0fd6af70bba9f2e7ad261712c34

SHA1
cbabf22cda943d961de0539aa7ca52463e7e0143

SHA256
765f8708b574393cefa0db344f9e4e48025c0a11b3b9a6ceb3f94a580082a9eb

SHA512
c3dc8076545d69c63e6465957b882e6e68d701b966b5d685a0c892ba78887bf5ba0312b4268ed61f544ff453b65e19589e7110a568f2af245b737c591cffb97e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84bb5546331e588014702ab50881c7b7

SHA1
aeb78d7f471eb850ab82286aaac18d67f153b95f

SHA256
04df46d10208981a1dbfa85ad95d6a306a7e68c09f01599d4a93dcbf9af2c5f2

SHA512
43ea461ba5de43b44971504fc3725769b0104d18c9025aea5d16db1873a7ca173343b2841cd72ad841eaa5b4a4042590c94f28710205d7b068c9809ca8687d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3C28.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3C8A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit