9c2f683af97ce2825a59ad9e35883efe7c60b5110ab59ec5b137d7aeb79e85e4

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 20:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

30d57f618eaea8bad38dec059a77b61b_JaffaCakes118.html
Size

1KB
MD5

30d57f618eaea8bad38dec059a77b61b
SHA1

0cbbc15cfd4b9f4da4d3f6f8505f631c50bde64a
SHA256

9c2f683af97ce2825a59ad9e35883efe7c60b5110ab59ec5b137d7aeb79e85e4
SHA512

5dd4a9c4ea6625eab314c6f0182b8d121e91a5e149116ad0a67dc8491900750d7474f8b5e50e531542eb2cb338d94d15410bd2800a6f8612a8df28aa251efbb4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59818F01-0F09-11EF-9542-4A4F109F65B0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000385da0e01e6387d7f471e9dcfaa9cc3cf1c594171af5f7bb8909da03d4616fd1000000000e8000000002000020000000f17358143fabc432e7437aeb74123ccf2103897ca87e63c4f1081d9645052f7020000000a5724b9f27bd52b06638ec02745df4a2f21b8da8acbdc9bcd9c1a207903f3b9e40000000607e6bae2cef32a1ab23e4b65d4a3737523bb354cb1414512d97c03ca73379be8c6f747378a8ac13230f494cc37a0ac4219bf32ac49aa20aefdcf52e78a6b4c3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000005904a83cc197a48e93b8dbb5ecb296d3ba08e3032ab76e2c7c8083fdca461086000000000e800000000200002000000096abd54e242f9fcacb35bdb00cddc800ce548c050236388bfd43a752bed8ccf6900000007fdede1c8d10513b851a01e057e0fc2fea2e03f539a266cce761f59db05579fc3da329e71c799440e92ea6c49147fbcc3f601a12bd7c76bf1d4904ef835d1a6df03791e352dd1c29fa0a6b062c0b0db7a8251661123ba352919e49abe1902355340f67608d62700365293e4bd3a9f94883d52f1e1bf04e7963a02c00ef988269586eceea808e4c459723d96fc46b923e4000000035d9d8ea489a72e98b38b7e06d26fb0611ee667915410046358e7b0d198b83745d47718f46fd9a786df57c9196d3f21225861077d6df6a231ad75283126d142b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a7152e16a3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421533698"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2380	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2380	iexplore.exe
2380	iexplore.exe
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\30d57f618eaea8bad38dec059a77b61b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9477fd8b9e98795eb0c4c76252cfc82f

SHA1
e34a7187c7f65a63ea2cdc7ec9468ee0c0404e5c

SHA256
6e0cf41e3c25dbfaf51a9a9b7c0febbe5f960c757c8d13ac7cdce66185c8ee57

SHA512
625a9f145e799dbcb8df9e5ba4871929829fbdc51990368fe0a9cf59bc9512c41c1fdc91174c896816b91fd9cb53263387cc7a6979e62c76d2640b49d90a4177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f51b1e709b463bb5142a790dad212cce

SHA1
d7b7c85d965ff7f0a64f600cb9557503c3eab1fd

SHA256
da773d2a35cf2837565b5aceca1b547831f785ba41db6cc40f1297938269f082

SHA512
3d9f706d502ec3dbfbdcf48968c05b8a2589331093a79a290b48702b0f65e9ccc091d2c088f2bd3cf3a8c9b2ce884d736c994c47ae57fed9cb4f4b220d76d2f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcc7643681137167665712bda1d8283d

SHA1
bbc82d7c7aaabd153415d36fd3e2f4653f33bc9f

SHA256
43c6945beeb3337b1a266e57332eaaee3847cb82f11842678b77e836c11b0f6f

SHA512
1d287e707654336003a24ebda067eb0d36714fa953cd2b3fceaf45007ed5803720e487e0364b12f995b4bafd77fd0883e45f641b788202d32e01a87e451e0f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c38d0e62bdc83ca3a46963f5e7d4063a

SHA1
68abc2a732d45ad5dfca8a916228d8db2becd2d8

SHA256
abf80f8b91d547c66457abdeaa4773a878c560a8bab8bce6af88a088451e88c7

SHA512
425dd1b904919ae26cdce1c723a08990b5943936566c83d1166a7e00bd67b9d20ab847967f41cebe7e7c8e9eb812487f50162f58000a4e5c8486d09b1a76b626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b3cb660ea6bcf2d13b86b162bffb940

SHA1
b5ffd04aa324e51cda31631c3abf82053819e6b1

SHA256
ec55259c8aaf7405b10008dedbe5deed52f73aa83171f1f65b7a75bcce860277

SHA512
150818e36767a07795a8de39be01a8c8e4c65f4fba33cac3ff3aec49efcfa8a69c3094eddcf700b0baade21d91567db45908ed8da0ef22c658b3319dc5917d4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
000d5bcbbd6cb9be54b03386efe1f6c0

SHA1
ea945ec57c35aae270b92ffd02e09f5bdc26d4fb

SHA256
044802dac83b83b4b19be4a699f0f665f61d6e3edd92aea8f9a298f67fed3d14

SHA512
ae98ef8ff33b28b3f7ce0bda323b9fd97cae27f87e336b9e747e7e260e79799664eb8d8742ae7b411278aa31a37fc3f8881c19179819ff5d61f0f14f30520b19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea4c4c3329ac7679eae67054b4bc3245

SHA1
4360b56b024b96a0a75739d884b775ae12dd1afd

SHA256
41dd37acf31d3b9c0bbaf6c9b8f4a762348b35661fa6d9b8ca543f98a097d002

SHA512
7e3eb8220ea8d8be08998f17bd32ec19b78abd0954490d59fafc7ba47d4f57388450bd2006bfe6beb83b29346b3872f59318c618c20b328b80fe456d14392682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55062869d2c33b55d08302589f629c31

SHA1
616119495e18421dd67c043c1250064953c06428

SHA256
5b6ba7bbb2f902ae0e91f0782288f8f44141e7a32714405d260ca5eeeb469655

SHA512
6acf945859138e47c82f9fbdaf63f1589597ff35d8f704a81390123425444181956f5bcff48394c0735c899649faaa2c0968f26fbd5c2d9801e43f1d80c725e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ce0ae76721ae37b2e8b2232e2412ef2

SHA1
4df43120fa19bea3c610f73436344f4997e885e9

SHA256
18a182b4323a931f069c36ddbc27fd13491870a49bcc8c090fa29be24f097550

SHA512
1904d87d5e8d4ad1f74ed4eed4eb44d0c1cc48aa0e5e91707df2d903ac1f3673f2a8c7613b791c7e7be1d465a9eab1ca69f34c1b6d91d3e2cf5bac7c68bb3efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a59c02c9008a48b3cc24ef6d0f00855d

SHA1
c24fddafe0fab2d36398007027650a6e36dcd62a

SHA256
5f30f8d99eb0ba4f88db13056aeb6bb762dc0fcae90a92088ec0e63211549ddd

SHA512
3afe8f15e329e08d8b0d16ee402f6d12d57d14e004ceec935a531d2627db46cf798dcb21f249f1c8d9d709ee707d96aea0bd481019f46157b15e5a87a620774e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
231f2000a9b29e1924c02087a21d2ef1

SHA1
2fad568df679a23650aa6c62017e8aa24df13b1a

SHA256
0443c9c1e851e3c8e475db5ac59ec4a0135cbe4464066a54c32086e689efe320

SHA512
ddbb7b167d000c17a410120203e0777a3a583bb00c9791c75bddb0b43c42f301890393e76533e0e3a95f50563d09f21d1ca3ebddfaf8e0c9cecbb8c2e8fc0ff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53c3d3f8cdb733126e8ed591ac0a7869

SHA1
b18e0d7557c011cc73312c9fc4e36cb7a96442df

SHA256
61eb2e797d64b95b47e19c902351f00509d53168bf87152a730fb9df96f60f6a

SHA512
3a0dd0f1b69001c4795c891db34eb0e6617bf7c3cb52aa2c703ef5336989f871a4babd04e46ff3ef675675a62da5a8867c7ff2dcdd0470de0e594ff83bdd9fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f0dd252f315a8f9e8c25800d5f40886

SHA1
8d45be640362449599a706c4d886bc0684875424

SHA256
1906f8fced52b07b5c755211d97c820d1d8537eb05ff303cf93650c653abb44a

SHA512
6649dfe1e9d9525fa942c3a05de1a8d87074a7d53a0ec78fcd71c61a4534ad20776a1bf8ae1fbffff565d40b9f9d0d1aa817fefd41beb18650764b8db190d763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04c679dffcc856f9cfd77f1719a83442

SHA1
700b266d932401a71cf0cb7bc41750114e94f6c8

SHA256
3ca005071014d0c93f8c3b9d80d2fd36c34e75454f4efff52ab35aa6c27a4d16

SHA512
e41b848028f5d555e9cd45daaf143a26c57b24ea8f146a9738f30207bcd9735f56d7d19f557877d009b39ff001f5a971df50505f567f18caeeb70336ad3288d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38c21279ee64cfe45aaa4ba373da67cf

SHA1
71aa99c8e1a2384e09baaeb1510ae9f26f22daa2

SHA256
b6fc8546848859dc6a0cabfbd0d3469ff74d497914fb3e7458a616aa5cf6a250

SHA512
7fec62bb210f690822d0e41451ef2b6651600d82acecab45a940df9f639938a27092ac678f6ab78d9940383cf9d93debda8f521e93b1193a0a27b9bf89574c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d13fe4adcc93f9c4021e313e85178e4

SHA1
390cf773ed77ece84876d85627f312635f34dbb9

SHA256
8e1a990cbcbb51462a20cb5ba436f3dd6d546d9e23e60deb3ed0cb396a2b96c3

SHA512
b3016b9f22793d48db9c5a859bf3a0aa4c92b2f7ea5ad25cbd0f2f7a07bcd35b9582a12628a53fc1543bedb3f2bc653e64658035f646c6f23a541bdf265602b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2BC4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2CA6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit