10329daa21cc4bb2281a948eee47d02182fc723bc5dcbc05c1ac4ce389085889

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 05:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3888acc0ae4359009dee2294395948d0_JaffaCakes118.html
Size

20KB
MD5

3888acc0ae4359009dee2294395948d0
SHA1

9aa664e0e7dca80133c25454a9c094716809a65c
SHA256

10329daa21cc4bb2281a948eee47d02182fc723bc5dcbc05c1ac4ce389085889
SHA512

fa1b9aa396758bcabadad235e19b7c3e22740514cd06529286f659da4e5ce11ecd257c7fa74d7c7f63247c6105a2d7828ce27bb9ef1ea48febe543506a8bd4d7
SSDEEP

384:7yCLwmOSM0FAFE7y8+azCiKvpSlSNaPFsoF3x4ag9QQ:71Lw/SoE7BHeiKvITPFRBBfQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000003ee69fc99c36eee698c490bfa8e36e127af8747943225d148181ba25603dd5f3000000000e8000000002000020000000d04a48367f6838979444b971cae47c3445de4822c96f5fa48bcf964b5122c3ed20000000504660de544b5e8dd18179bc8d599822fe9148e45781f5fb6fd5e707351b1ca940000000e90ed0c43848370f6603e5d8810fa57325794c61f45f27eb6db6db11e43e9c36ffac38a57f4615f9f161eb5f6c886a2bd882c3a01f236cafb3c743688d302a4e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ad5bff2ea4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11B45C61-1022-11EF-81DB-4E87F544447C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000563b1b54168a46eeb238837f26756326dddbafe151c7a7965f88c31d32b1d0b3000000000e800000000200002000000075907e241dcc4482ee541e8eb22f75b76c319f9a2b8c698d67bd403eebb9a8c19000000062d61642b4ea72350f0e46f2ebce6047582f7fd23a3bf73dda8aa47262b20f30d4df111eef3c43a21dc4f4cee2f69f8cb1c6c82871e757a9879523d0c553feb6323f81b8264ecb099066e5457bd295613837292f6f5bd5a8f908bf8ca932bd1151b8c5afe536bed07b50f914c82431d2ffa6fb95a26210daaac11a69f1bf659e819be4ea428604f96d7cd5d7e9af4d5b4000000032e1443a7420fda6d1df6f9541d0e8ae83b2d3135b96decc9ad5eda16d171f03917172dca5d47f45bf833b9d59957149146a1c09d9a50d2ae342e3b02b3d36ad	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421654266"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2700	2188	iexplore.exe	28
PID 2188 wrote to memory of 2700	2188	iexplore.exe	28
PID 2188 wrote to memory of 2700	2188	iexplore.exe	28
PID 2188 wrote to memory of 2700	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3888acc0ae4359009dee2294395948d0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6422f37e1853e79510690320a84737bf

SHA1
074c3d27c814e116fd7e0b742b18625af84cc501

SHA256
3fd51b2a87add27bdd01b9ddc670dd65cc4d0fa1a16ea8e7a45f2c6cef0d9cb3

SHA512
de400482b8cd6c2cbc96b5bb0b7a25b127cab1e21ca7ab2e357ca8e99ab75d5fbb44b184e260cee4b58bf98f599c8a25b85057a21d108c34a51c269a091efb6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
061a8658ad7b9c1c8bdcb4cc163d2060

SHA1
15065d5945e9ebf3f6a9544c0f736faf85ffbea6

SHA256
1021f2c915ce2c92b5dec7c7317c1ab19bdce4fa6bd0415a3a93b98e248e1abe

SHA512
daa3fdef5bbe6fa97f4c7a132e2560b695ff9a9c6f7ea14855e33fdcdc10eab43648330718b84143319f0dc9a3b0500cea31eec1a9f7354060f7fd3e089dbfe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7278306317a29dabef9b3d1ca6bb9c10

SHA1
ffd2d5811bf8d861f829abcf85866893990be5a0

SHA256
e9e8ac7c01c9aa410f3f9683dc06a0c519fabd514a40c5c6090d34954248551c

SHA512
544a4a6c8c7a2ba3f676a91c0d986ebd5cd1fc4d1fbcf555ccdfd6465ea5fa96848bb639b7960ed9f460510d3a8ee430e82f9876ef6b0142fd4a46c3720ab55a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c6efe2ebecd595e7600b27f9ae7d577

SHA1
84cb30227aff82c7758d82f93a13335a8ac0d715

SHA256
280d63189ca5c4c87ae2b796361378eae232ac9a5b91dfbf09b3bfe603c3608d

SHA512
2fb7be9e5e779968b97c429d8c4ed89be5722c141d86e1f943d7f5f9bdf43d374990a0af634223de7c1fb905d1f2264b99c8915e6bdabf24698506011f19d797

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e67da7311c70c022c1df5e6462248297

SHA1
5bba8079a2f772e5a3a53df65bd5b67b8a21f113

SHA256
21a067cf31afd52115463725d085843016cbecdbb83d7845f878b17b467f2ee9

SHA512
76410756447fc1b3e6a2991d5d644ec907a0927cf945ad96e5d1a52b6eaf0c2022a245104d69befc6bb9068dfc90a1a1ff74e370e87e01c4ca1babe484300cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d2256f6df58879fbd489d59207c394c

SHA1
4a787d804b7d6b51943ac0b84d4bfc5c1de73efd

SHA256
f66711ea61c16ef8acff21e4e866d6928d79be6aad5d1131bf4def3317472844

SHA512
6849c12443535e612d593ce514af4b2b055a663d2123abcdfc80cd190b8958c5ccc72c568ad29810198caef9a715d1949da226bc2874ad8a975acecbb740163d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b94f5ccc9f20b0f7ee9ca4b927affb5a

SHA1
50a9fa0110171adabc5e56b56251bbee0b387f62

SHA256
6065883164648192de710a548c653dedf42910ee20542d06ac9fe2080d01c08c

SHA512
b03537a3c3bfbc456b5ae7ce7094ac129eba543e8933520629e5e5dbeb8a78f45f8a1eb8f8fdc569cbfef6e1089a1ac38530f87e611543976f8efb26455ba7c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a82d8d09214dc15320010d668ce769f8

SHA1
d2bc14f1a398d0d59aaa935f140e824d185722b0

SHA256
fc337e13c1ae93a42ab955ebb4062877ecefbd80d9bd66a9e90da70a84e47e8b

SHA512
b4a117da10676d6da8a2c1e92b36fa04ecce97733cf1b84e2758213346612b1f471ebeee19c4d29c3ed34ed66edc7a22a20c634470a7909a816be721e4ab34b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
379043a9aff47dcda25a6716d2e737b6

SHA1
dd81203e7881cd8f346c6e48e3650753ea413476

SHA256
cd32f4181052ae24128e264468a68ef0d8af701594fab27404bad15e397564e2

SHA512
b1fb15276e85d4a08af7699597017d1ccd9197ba10aff1fae38856f320ab4b6bf04d01f20b4a06c69caec53ad2c6cac8d1ffd9fa5a97debc798b3e68c84e6beb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
384c79f1176888e8621bf5281c2d7071

SHA1
15310df4d4e43a6a6fbe12afd13f9397ba84b1d5

SHA256
460da3540db64a2d63f849e439980a8c8a5665889b3bfd54e29131e833a3bf64

SHA512
804338cef55fd7cc591a5f181788671d503fa066315bde7c2e2852829a4fac0b27ca4938a019210646c042a85a4a7ebdc4604e5bdad248228efeb35ea7e4b6b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d689086db1e4e3736abc815dd3324d2

SHA1
1706b965917a402d206eac196b9256fcf7550b0d

SHA256
ccff8455aa10ebe04a1bbdec32532fa1677997965cd072aec1822eb6fff017f6

SHA512
66174329e7ac80653ffb084072e6c3b6cf7c5e9eaae94e6b5771b774a57bcc7c41e165dde0882b2bef72755724c2dc14c8372c2940884e08bf27f18317a71ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
784c9180c462e9bb94f5b11371a72236

SHA1
a2f36593ed51f2ee6ac7869952576a230802623e

SHA256
74fd1f0477036d146ac514d7b1a08469c041bf449a95d4c968af914a47b6cdc0

SHA512
33d0df57c9cfd854444d98b4998ac6b2e096e2876973851fa3e6097d658e316374c32fd1f38a4da83184285ed02907aadf9be3ce0bcd3e23c20d3e434018ae4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d35b702c983a0eef26498b0e762ae0a

SHA1
2cefbf68dd9903020f9caa15c688d7360ecd9171

SHA256
dbdb22f1b0ab9bbd8ef053f2b29f427ed285e428fa324b6cc1b20eb8b4c9425b

SHA512
950d7688a027c7d22e550af92311601d15e78097d132e4d207ad37bace3b447ba0bc00d43068e10807be516d162fa5bb3c902870a69efac060e158444f603845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e76d827911309f93782c8db113b5d65

SHA1
ff75773105d1c61077007290a8e71f391333b89f

SHA256
e7a7d61e89fb8e61fe4de43cd3cd68b529d77808287568aea9063d8ad785a5da

SHA512
913304b8bcc91c1e786e39a14329208ce7708731d808fed2533b9c92e198db0f9b3cf9fda3371477815ab2543e95ebffbe00ab00814e1ec83d44c57f84208b7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1af8db82cada49f6e1d8dc7aa34246a

SHA1
61cc1a047a902f3eb25d0e71fd8a403f28551300

SHA256
f6e336af038bf44047b3055f08131d438188d8d5f7df955aeadb2f43abb29996

SHA512
69af40b7e8cf2611056295980910864d64c891344debdc16116d31726e4e4c09ce4450bbc7f460c5db03783abbd5b54f4ecf1be11a4d287883a44090f19348d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eca50dc5cc72c537758264115f8150e8

SHA1
799e182d9e1c462e6ddf8016a425b87d8a15d202

SHA256
c9f20ebe0fb146874bf32f1437883fe6ab7feee298b98a828bda8e1d7dc7f173

SHA512
088b7dfb307bcff40dac30e2f6965560a91bb1021af103c2256aeef99a35ece77c271df46c4cbc55054b1599286e5260b64413cda15edff2d8a63a6f7c2c98c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1c50396ef8bb44440b37a14302c1317

SHA1
be30b06222a9781301bc3a22a948b5f0a1bd0c2f

SHA256
7c982ec09122319b67388a5c59227327338d7ce0f9768684e8a9aadc58eb2d67

SHA512
17b9a0ce023db466e4c3d487900063f9e392eeee8a35ef2e75ad0abaf39c4be8e4b9b794762f7cebdffa1d8f4f0ee2df47b59595db4d2104240d638fa23fbfd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD480.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD482.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit