eb9cdb9506c617c53d570f7686b652ebc373ca7f7c4c213a17478b5ae7497eb2

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3718ff420ec064f286e28ec8527527f7_JaffaCakes118.html
Size

72KB
MD5

3718ff420ec064f286e28ec8527527f7
SHA1

a1ce758db6ed2a83092fd546f6c16cd1bcf19f0b
SHA256

eb9cdb9506c617c53d570f7686b652ebc373ca7f7c4c213a17478b5ae7497eb2
SHA512

e8716d9416f76b6c71088be87fbade3fbc2c3cbbe4449f6829f26b7ef5caf6610de6805955f18eda8fa2dbe467b28e691a2019d51c34b2fb2cdb8f5ee65171fd
SSDEEP

384:XdtzBFaFOqbPE/RuzTTFExHG8T0rO2FpG8T0rO2UE5FpG8T0rO2sG8Ty8TgAm8Tc:PJqbWuF0m871877T87u8O8hm8hA/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00279d5faa3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00E436A1-0FEE-11EF-9D76-F65846C0010F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000020bbf0986654647773a3cbc9a5cf6cc79bbf99f0709fccc25e60780a792846c5000000000e80000000020000200000001acd378d4bf59b1fa251c06fccc9d1412b06d2b3f75e95d25f79e3e0604b42a59000000061a98b263b3699dec60e6d34fe3cfd1122534d1fba7d0f8b0c649fdd37b7d10590b78b9cb685a0abc1c8ec92bc5a26c43fec1355a87240d723c37a5720fb15a1369724e12628ef22483ab9fca9b2642164dfe185d4bf83117d4bb0b0351e14fa4b1e9b74fad04ead21744c12b924f49be1e57daf6d9ed36582c43399eba84c614ce95b60c9f99875f7d6b53a54360e6b40000000b181f69cc127d19a3f66e3f52a46498dc2bc4bff29f3732deb77de4fa5401be61788edc8bc69344ba6f649b36e1fd4d78c63f868cd865561915af1be34cf1e0a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000d00944859ce6d97230f36951dd5f336c1998af75e2f3ee419fbbc5a3cb4744c9000000000e800000000200002000000043a8afe9643ff0485905fb8ebfdf85a4b72b3097e1394767db0c39dd0f5f9f5520000000a7c8eb0fb48d680fed3db38e3bdd164eec468686b89f5cd1203a3ccde083d7ff40000000ffba3e6b59f9579f41daeecfe6b11014975dc04a758886e80d6278fda5403b99cec5912cdbd5f123bb9e7355c5fb3347d8866ec7107a409a99c29141afb3fed5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421631905"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2552	2320	iexplore.exe	29
PID 2320 wrote to memory of 2552	2320	iexplore.exe	29
PID 2320 wrote to memory of 2552	2320	iexplore.exe	29
PID 2320 wrote to memory of 2552	2320	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3718ff420ec064f286e28ec8527527f7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b10d208497ed0a4c0bfc97ebfa28a4a2

SHA1
762018e5bdefeb1a788a5e99bdd7b9e6f57b1416

SHA256
298a6df910af1d713914b7d78d99b7139b0a82409d91238becac32aa736065da

SHA512
79c85b1ebedb6dfdb93761ad26a3087e9ec738f2f4fc61598a67ce71faccec2214607af6eac5b16537e714fc24afe835132065281b3e017db67813d224858760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64428951c073078c7847304b9a9aeb32

SHA1
4abe873d2a6d6e4944b9cc629510f8a0812e74f2

SHA256
b6a3d690da52e126509dece9acc40d54c80c3b30d65d9cfdb507d8b999230bdc

SHA512
b6c5ed7b149204ae334831373ae8f8d38380aa46db2909d1e478c5de8ba307e1237a808a910bc82a3c34faed1839a126063e463a3a2bb06777e5cb51530ff0ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24531dbf71555fbe6d0bd66b6e457e35

SHA1
e6c0f14627d452c52aa42e5e6e1a0d5beb816b80

SHA256
24cb17fbea17843d6096db51352ccaaf4e14a9964c24f290253ed219d051b57f

SHA512
f645235cfbc0ac8cbff64cf788523d8df9d8873f05be75efa43b2bc8673ff113b6c82ed24a8b9f5fa362784b4339d95ac8f1146c363f85bed518a138645fbe2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6091751287fcaab2bdd43aab81a3a9d5

SHA1
af35592427fbc0af282fe739575ddcad79676bf4

SHA256
9ece9ab73659589d28e72fc28127c8c70efd2937b3e49363b11b5f84072c2d59

SHA512
cd71ffa95aaa57d0b02443a2f04d26cb6915bc63857caf309de4c9c66295cb36c888f75e4d208a3dad4b542b0919cbf3629c926a5243301f21b5b3ea670dab44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1af949b09b1b640519368736d255589

SHA1
a3bf1e19d9eb02af33d254cc4664cb7ef0a001a7

SHA256
377e7524cbba5377ef6d7e67908e27311e4e072ecbf4234115ead57b1a2736f4

SHA512
f00ed46adc7af1b44d85d411e42dbb14859aab8aa756dbe4e03bad046efa54dedfe4a54252608732f2268042b4e1ab626b4531e75fef4dce630ed0fbf7aa69a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4da6389616a3ac1b1143c36bbd882ff2

SHA1
7ef888f35ccabace085800105d1bcd7a950c03a6

SHA256
5afc7dd0a3bc23304b78612749f9a2b36687323dd6c26897a1aea6ee2f4f24ce

SHA512
989003df4702832faa91f023d43b744fddcd0e899988eabcf822f9d1409127d464c7cc1ee755e4687ab96a16164355fe28a1b951c9871ac32fedae72d36a89a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70c773c7f7b67286f6f8d4cbf7330774

SHA1
2d5640e1431a223fe9a64e3eb37411e16c721a83

SHA256
856af20ebc8e7ba9cd8ff44061615def9b32a2726dad04369513004143a7dc6a

SHA512
77afa423585f25daad007a13933f4defb511f82f1abb245419c73c295bd574865876e417e7677570a14e06da7791a2b3434029f49019942efa045db356a23582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b06fd736281955dd1db0d1de55597f01

SHA1
3d1d0d851ac9b07cc8477d4f3917ef0b4418053a

SHA256
bdb2c0f20d33a4f4524e100130dead7b4a1da4db8fe3b30c05ce913733233f27

SHA512
44f26bcdb51c97e45e5ef5dc02b38a4e5ea87b1dc8fc3a075c0e15d7537251af84789f3f51063304f275ec360ecfbf307a15223b0f2aefd1c45049156665ffcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eef4cdac01992a4df59df63c59c0849

SHA1
4f6222a6591ca7feb681e45025dde1a571be92e2

SHA256
36f04957d18913dd2f16f383574baea03cc30e823ae0e9c7bb0e0a7c744c3a1e

SHA512
f9809de3d3171fd119b9cb84663abbeac813909585ede94a03acac1da44d7f100d9d3a67e9125f54519e370b531271e4034781b6c22ebeed7d4cbd82609ccbf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ee9492dc8ba293c4ce93496ce7430f3

SHA1
de8649180458b7fe0c22add39db364c1645bc7bb

SHA256
3cf1d3955d64f5b0899017a952758f8c4a8a6639176e0e8683df896432f7c06d

SHA512
afb1c2794ade4dda599979f32720e597b3d8e8df0768e1bb2b19ca88817465a2b2032f22ed101b851c225bbf38383d90d5e68efec5452cf13eaa3851a5386d15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e189f431583ed7c6876dc00a369b37b

SHA1
3267a9ba6ddc986971ed7a0b230ec72a227314f3

SHA256
26ead08e79445637bd24c1f40b6488780cc4b493e8d8f88b5790f954bbc05f3f

SHA512
c1e28374548bf685987c5e39a15ae397b5bb819706006d6d7dc8aef33e8049f601d4be7a3b8228f2c773300ca4cbbe766a466049bba044fe2323593fa7b4a7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67d1b2b3a5cbef4cd98e03c19f6777d8

SHA1
b1fbd05d47b3fe0cac14c3ca7cb27710331c88ec

SHA256
630a8713a9d1e13a876660b995e718d9e77fe99d296508283043623865e2108d

SHA512
9b6b5a40b4c8cfc5244b4b64585e706dd0da6128c95a58c5623aedde0b136791ed018d82a907c9b039f2b6f6160dbeaf566466cc5545551bdec2ebc765ca284c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbafd4a4c8b57c477424ee7ddc191de6

SHA1
cba8ace2661958c39b39ba94e6e0d9c636986a37

SHA256
2ea75e6bdfc2441a2e2c3cd55dfed54dfce5e49fb6f4cd3cc1e7df364e854766

SHA512
529c313ce26d7300ddc5e76c4d670e4919fa5472483a6d4a2f21451651a7ec0d235813efb7cdc4925e5b343e7c4ce1edceccf2818c4437e92257147eaba684ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c58bbc9260840e8d6433273b28ae790e

SHA1
4af5df11fe1e96a24f4fa4198a916cdebe96c7bd

SHA256
f1ec5d34a8b4a72fd6559f3f7684914e5c154762c196e35a98246dc1658f28fb

SHA512
75f17a4d6dac977c263c077b9fc9572dfb71cdffc1c257d38575946a05c9f3ac49faafc10c4d0eaf080b02758179c549b6ca024218b1cec0275ad9a1d79f4805

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ae42263f17b9eb682e749f80bd567ff

SHA1
f9e8d7acaa3674ac0be41dc37c0e5d52a9574df0

SHA256
d722394b82cff352948198da794eabed618deb48a2104da2020b06e87912c517

SHA512
9d14be3a3ed4cd40fe2f48a7fda0879a5c2c04a507cc793f690f53f485147f257605a39077200300235dfd11a029cd669c72da71076635b4bdc8d13b718bba82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d1d41a2a0155a3f785a3e66f6bae58b

SHA1
2a4f38318a3f0ab85be9248af502a75897931fe8

SHA256
d55b253294c61ab4f0086caa4a380a85fe41f0dcf0d10e35c896d1ccbb089968

SHA512
dff3562d540ddcc4c4298a47641e516c12d87959977f938a8e385f0ec78ec90e458b58b9fc23a70a4a855fd2db606805b6513a4f752a74c99f5eb709e4645dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab347B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D49.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit