68907f81eb5c4d3303413dfd14243e13f330552b9625ea7051c1d14d3a31ebc6

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30b65aa734592ff5c6ba2bb2e83a3f58_JaffaCakes118.html
Size

461KB
MD5

30b65aa734592ff5c6ba2bb2e83a3f58
SHA1

2d074fcf69536c55190c6e505fcd8766fef843b8
SHA256

68907f81eb5c4d3303413dfd14243e13f330552b9625ea7051c1d14d3a31ebc6
SHA512

f04c4055ef60b00f49bb1dc08b6eb1b4799f3f69341408d9437b590de696c165b560f6b6b7aa9bad8e8697c3c45c456f82eb62b418f8e72ba9430ecdbef6d7ca
SSDEEP

6144:SpsMYod+X3oI+YH8sMYod+X3oI+YQsMYod+X3oI+YLsMYod+X3oI+YQ:s5d+X3o5d+X3Y5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 303494cb11a3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007a1776e0afdfc028ea9c9cdcda08642825fe1a2e8330ad17ea2b44640ecfdf1d000000000e8000000002000020000000ed3f66db64407878b2c03bc38ca7f66f1af82649395017aaa42ff923e5b3259490000000994b6b397355e3adc5029e5ab341a6eab7e4bc01fab4fbf57e70819baa3bee38da063ad803f4a433fae9ed50f228b83ac1cbb339f7ed3620b2d0167a1fd721757b4f73401a477f3cea297e82679ba8774db23ca01786653c3e140207b76a2efdd0840031f41f114c773fe6a0c8e5822b26e73efd9ebec1d42559209481f5309490cea74a4de514026b470db5d81285604000000021a0fabc4ed87246a43fd1bad8b473417d1bc8facd7b7c9c8284079119850aa35f4b2c5cd142fbb987d4485428a949c65f0aa6449d93a54738432c927f947d97	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000001bcb2cc45684164e984d0e4840200086f38edbe38b878bbd82a351ea076996e2000000000e8000000002000020000000de9c48039e0292a7f187760071b186aac79fb93d2d9e61dce073cdff4c58f29120000000fd6e1bb9eb05a711d9ad733560b3c1346eb21bfeaa7a0a0bab3cdf93d152043540000000550b7d7d3e7803ab783d4b406c2b4631643bd3e382f6d8b41070d8c4e37f091d3a2457e73c5550b6325cd6a8645796351c94a050b47f5b285757723926c4e8f3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421531807"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F30B7961-0F04-11EF-B837-5AD7C7D11D06} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1740	iexplore.exe
1740	iexplore.exe
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2872	1740	iexplore.exe	28
PID 1740 wrote to memory of 2872	1740	iexplore.exe	28
PID 1740 wrote to memory of 2872	1740	iexplore.exe	28
PID 1740 wrote to memory of 2872	1740	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\30b65aa734592ff5c6ba2bb2e83a3f58_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
827a3a1ea527975a46d684a64b6a46f1

SHA1
90e7096e126954ef1481df13a887249d53cea49e

SHA256
197ee681e9775c03499452f1a4107fe1d00224783fd55a98c160a1429973681a

SHA512
ffceb6e37bed11200b94caad153eb6adf216358e8ad88ce52c1415732c2160ea6683454988e2df03f81074e281ece2f6d1cdc02eaf8c99171e5b8df193b2504f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5f4895b8a9d31c8101b8ead98f42032

SHA1
1702d27020d6bbda90072d799b07435213e4a32f

SHA256
feb3518b62f1ed9c3d6765b47a1d0f824221da7715324c3d6758e805953e4c2a

SHA512
216bbccbdab3f03853d79020f83185abb53f93b447aac10a21ac4dbe0c0be9b6dbd742d22710e67a05b2877bcd8d80d2a12c503238dde84ef3d579a8eb6c3c68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2aa8c4fb8d94efdc98acae13a1262d4

SHA1
985f97a8ecdc24f2f6c3defe3f1486f8d2a1f331

SHA256
6e8fa00e80059230d1a4b8424abaea52b72c5496ace44692782a9d04c653a3d3

SHA512
59e73fd2b663028085627f06d30ba6f3651d5e5ee6c420fb05a00ab4ad5d08f23249ea10a33dcea49436c5ae1e146d93bc68800dcc827a8eb885503f02f6da11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d885b87b0dbe11c1d6330d3dbab35e86

SHA1
f67cb9e4fd4abe92adde54ac84484d5dcdb75dc7

SHA256
7e4df7929b17c3599a74b15dc1dd57fdc6fc0a14d8909f81f0814afaaaba0f44

SHA512
570bfc9f16f72624497b4ccb650e98e243c5711313710c287c4eebfd0c4d77616985f99bb4a165d8fb77d615c35fbd618982ff107a9d99d134542dcfea2f9294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8df1a3535c7cd6998717aa576bf0507c

SHA1
607c8f66f980091fbd3a9cc3f0b0343c46fa5406

SHA256
6dc89b0ada63ec1e252a8b825200653f5060d1f189cb21399af6679b503a743b

SHA512
6e6e22704979b8c584a3734ae72bc3fcb80fd1d78a0247ccf22c9c04c304ec0f618e7ad493c0d16c2d59a733589e7ab31e02d0ef46c52ba94a9604ed6493b571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5d7c8c0850cd9daba86e3ee6fa80019

SHA1
83f7d7fdae6b1fafd836e6da594e0f1cef2be1f0

SHA256
a8200e2459cfcb55e867da62cffdee403a8870c015eec30af6fa2f0c15ba5a7d

SHA512
c129092fe4f7914f0853603a450c2c111840d63031ecd062404a49d99b86b08d53869b779db5b5df2b659adc587166fc08b603db3de279a6d9e72ede6cd91727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5a7208e4de198e917c09b35bea5dab7

SHA1
b09459338f91b0704d33ff843fcc0f2c1f4499f3

SHA256
15ba9e2da294f8f3b30d5e3b547cb1a44789efd60a77865630724543915cd441

SHA512
aa125411524c9d69e28290741a7367c08d9f7b0df50c1e6873507f3335b883729887883e52c9331550271da2f7a068126ee3edc38a2d7e17018640fdd1d80d61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ce076afbad6fb141fcbd3c551b3ff6

SHA1
7728e76cff3314cbfce193da4732791937914342

SHA256
724b810bebc5d5a4fa9e1ad2385c2e9d18b69f8d7d7aa3e949118ad5ac444701

SHA512
9936a860de9185287905b1c8e196f8b3247f9dbf48886768c000699976fd10dea33191ca042bb36b17b62eb75c58fbd49a0f5ae2ccaeb78e6b2b29b0e0e848f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
222412a62055ac0888e6551c688aee5e

SHA1
66b2172affd9a968f7a850ac5e025185741c5905

SHA256
9d7f3442c2e5bb1d1e5697194d3f827d5d10369d461c7512b105200c5cac128b

SHA512
ff17ee801df816e0240a5a3a4d78bce8e5d2d0d05736f8e471e956c44d13d351469ee310b5bd9deb5eac1d054787f63799e4aff9b2698cc77a3369f1af4fe6c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee79f721cb37f9ee78c3a696e30fd4a0

SHA1
aaeaf3c5743ab02e43221247f19fe5d99089c1d2

SHA256
9f2c972548fe53303dffb202420213db0f7f85d23fcd85de9674c9fe1696c0f9

SHA512
497a6e617b868d4c4f1b14cda53f103a38a1a559a4bd3c4996df7e20d08d3bcb2ae9c48e35c0ec88b8ed2fd10a12223678b958c7cb83c05a31ef48e450440fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dde32a01e53b6957cd92942ad8526a2a

SHA1
dd193214a2c34aef29db8293be0adaafa102a427

SHA256
54be5af180e613491da8fe570d91ad996cead6a4180a9c558792698b8d083d17

SHA512
2a2ea989d5b3e9b69bbfe99e80911ac9c43246f971d0a795afdb717a908b40e8db39c705b5571a4dc6edaf526f02e9c91c58778a55d022f7b247189fc2a102bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfde333db68ad3fffe8468aee295b16d

SHA1
e00ed225b74fbc638f56346434a89e3dbe2367eb

SHA256
1dc9d4b29148fc3a7c3738b718214e4fdae557f74ccf2db82c170a11a8d1966e

SHA512
2ec1b58cdba4e3540427cbb93374da17b7aca56420aee5c3aeaa91bac1735995012f3551b9cc4b52f6698b8ea41fce1ace3452b4dd53f039490e4965e5c13a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bf04e3527f71d69e2b474db991c61c5

SHA1
aade79fb93e56efd9c4a32b1c84a3d95f7b2d62f

SHA256
c8507582b05ceaad3fe7ed73fdc26e328dc6f99c4dd221230d3e2747e9d7b5e5

SHA512
aea407f3f0bec231ae55e5209ff92b33d713f584c133ff5cc8178d52c07915d698212f311e9d1b2094314fe900f0e57161cf069e97783d313f0e45e3961c31b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d5e4a5fc1e98cd481c837c0059e6af1

SHA1
85e20eb9ab8e6eaf356cf77377048663501ab769

SHA256
f1e0ba79023be99524baa68b5e972c8b3c3d0847132768bcff07e1d8d71a0a4c

SHA512
2a94e97921be029e5175474098a75e6261fbd2bdb82149c2c63c7bcd39fe6ffcb5106a58ff8a5cd1d9405881d13f33b39257c5340371ad750b2e69378e007706

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c52ecdeb28bf0705785e710d5fbca1f5

SHA1
afe115fe5091d07506ade0375686ae47c7e049fa

SHA256
83cb46e04772352759edc142848f65a1428ccb8bcac949dd04ebcab3b6bb8ad6

SHA512
bfa6c93cf1cf149d163cf34ead066617efd575e53e9df1f9afcbc952e44a175d6b9c2d77c6076a5b1de0ee7dd1789dec8238b1b4cae3a3aac0f72ad130d52a23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a1e32864f66ab3cc717851c9e2132fb

SHA1
a3406b23ed7cf8754f68dffebf525bd9b9bd2b4e

SHA256
bbeb34e4a7a8ad1a698d71c79236c0ba324006b4fcf20ecb61abeb8b4ff7bbee

SHA512
fe1f959eeee752409a042a3fbd816e6be00e957baff2cb3ef3f1fd8f7a333bee91356a333890859dea59f8a34daff1655f8b0eb6d80a67386091a8b1891560b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc9e818584b614d7e81e00750f5f8dcc

SHA1
61cd10f4833aefd0191cd33caa2b5d60694088ab

SHA256
3ceb58ae4706ca6b72e22ab613fbf25d774de2b22556036d24dfca112f353b14

SHA512
e20e6641ccd8e46a44b4d9c93078b5b40b5afcaeec62b779d7587184fafe73feba579a9465e240ede576f5aee03351b77f25c9e0c690461c52cb08109ebf2e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab407D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar40DD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit