62b3120dc051fc47259f050fcfbf029baaec713f7d44591ee0e3048c3b3d353d

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 08:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

393a5d400cbc46afa88ddd96c672d3ea_JaffaCakes118.html
Size

460KB
MD5

393a5d400cbc46afa88ddd96c672d3ea
SHA1

4583932fb3846d486576ad5f7f886d19bcaf3b69
SHA256

62b3120dc051fc47259f050fcfbf029baaec713f7d44591ee0e3048c3b3d353d
SHA512

ed4a1f74df7ea1bc654b2fee669455be524b52e930b82c3c29ad55ca5329ea3dd885df6b6713cc7a5f7119d8cdada961b300e04aabc1fff1f9c80a57d3fca9a3
SSDEEP

6144:SrsMYod+X3oI+YDsMYod+X3oI+YjsMYod+X3oI+YLsMYod+X3oI+YQ:25d+X3B5d+X3Z5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d3f73748a4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000272e45a97cb5623b0eacc6fa9379eee61b7bee7afe7f72f1aeb7aeeb40f661a7000000000e800000000200002000000029fbc2804b117aaf10a201c10990e695a3317d7bb2f879568a1f4f4538fdb368900000002c332ea9c04dc202b74e9247ac5e113e281345db36a3d4d359a79194618aee191fb0d1679e6bab167490faa866e1d6e821b5d3a159c601f872a30204ff2319cc5170a5afd7eb9d2eeb8e24e6004ae219ebf2e2805b3f66b3e94ed2660d1e5027b4b40cd5defb2819fd3d03049d61a4b2147909b5c6847b0b0099b86792c862dcdbfd72c20fb49b06b553af847007509e400000007db5d4deb893e32045e15a0c4ea9b7f758789e859f5ba92c6cce8befaa4e4eaec12bfbac848f9e53f6872616f963a21b713eb28aa43bb79a729432e4c9bb7a86	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421665136"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F0811F1-103B-11EF-9CBB-52ADCDCA366E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000bdce6863765756e783a18d477ded4d15206e9464b0d87e398308759a0c02d301000000000e8000000002000020000000399a3649bd82864fc543963fef2da20f46cf3ccbbfc889c65e6bc99c472ac0352000000025fd6be90f14a9bdc302a99f0a8bf9c192b1d78431ca5dc17c1200d5e2d09d6040000000e3e2384c0caef35b2e131bad475a815d7207b45c9851f8063e97f8af3fc854437790f808d4bc858ab26c857061410d10dd79c1133d0d0933a72eea0d9279f239	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1308	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1308	iexplore.exe
1308	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2516	1308	iexplore.exe	28
PID 1308 wrote to memory of 2516	1308	iexplore.exe	28
PID 1308 wrote to memory of 2516	1308	iexplore.exe	28
PID 1308 wrote to memory of 2516	1308	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\393a5d400cbc46afa88ddd96c672d3ea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc9e02344818083e59f95025b5bec245

SHA1
04e0dae52c14c61a7cf9df7fd32ba87171cc734e

SHA256
ef19c2ca6f514de622e8ab219931eedad7a708b6857369e192b68dedf8699e22

SHA512
52efb0fafecf67864c4ecb61e7a964a99770d7342d382400cc40d085b2f54836a6fe64bc42bb2bb88cb5ebce4bebe2875855d15557f770eada718e485eb70b7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36df1757ee90ab51421e3d8d3b1f1d15

SHA1
447098dd5a95820e633c1a67036d6a4640af55db

SHA256
5e44bbb5483d7b52a20c8fc90b10dcaa21b53eeafb33e41d4ef2e36f389622ec

SHA512
76de95128531111670de65c926d1b0ef1c19e2ce703767b17cabdfd9b0fad47012f6cf3f1120e0e07e78508446ac2b89037e064220e5e3e7c521cae002eb285a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b9bcfea7e997bfffa371555d277cece

SHA1
2f2eb0e63c1c0100a20fea438ea2509cd15b2a95

SHA256
414486d203077184b3f1d6b9dbc91a198da654e95a02687fcadc0e23db4325f7

SHA512
0c8468a3958b69af26f2366acaf05429005900598198607b5dcb1e480fadd640c814dd4602cfc59c5c64d10ac898de3563aef74612ba4bfed96406d17e61d0f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
432716683093a4fc35fa829cd6035cee

SHA1
d4ffa87394ce4f08e4fa729aa45e65d77845a6cd

SHA256
61433844a3c62abe02dbf236b8a2aa473bb54f5a624d85ce6b91a92b6bd35ce1

SHA512
a267faf64ca9fc585746d4d2abae1b8105c8395c350c573c61bfcc487aaa69d492b76117300b2cc070ab07a48c7d2c2d84a3a52b6237f1ec23722488a2f29cbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a3215809e13d158c4853713ceed0d69

SHA1
530bc454d6dcfbbf5d5658947848b1c077e345c2

SHA256
67f2c2759af57294d7786a8abad7037ed50156cc4a23cee47c3d5eacfee04dad

SHA512
aab2b984f0a04112aa01e80e465b653395e4fa103089d93c1c15b0496a73988b8fbf0318b83ce1d3483b1f13ba5cc4246b54a880aab129b0a1248bb7c7965e1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
783b8a4d7104d3d04cb1c8fe59e2d8da

SHA1
63ae8400ef512c2717f63bd173696ed74b7a27f5

SHA256
32d1164da37725fdb9fd85a4d55a3228949e48b9d4d7061b57bf8f5b99ffe4d2

SHA512
f841a53c6ceebfae43d612d8f1149db2a9b03d88d34f82886fa467f8bde0e3fe5a7995f8735d3a5a65dde7c4cef8a0e667964b799473dea1c26b7e17ccfe9891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca25bf788cf001b6351d8ab9ebe526d3

SHA1
f0b4af8efb69b79d8e719f8bf3bd1d287928026a

SHA256
1ea9240536ccc2293f65e97234565e593544d727d67bb47288e6c1f19bffce20

SHA512
778c280b8b9ee642649e1a7479adcf9d33496abfe47b1f466e9ff3172c40ebb18d24a90b57b635e267a48d304dae11aee8ad8132fc4ced43588f5e9fba38ab62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f072c69656ca77b2fcba57bb26f0b7c

SHA1
00ccb2ebe0e5986449a97f699451113a0445f90c

SHA256
a6b32e311fa71508237aed16212bfb72238f2ca55cd48c5ee3b69a5c63427a36

SHA512
e9f2700d25c7515652433e01895a02bd5a74a71ce47320491348003883f41ed28b814c800361c716d861340ab92c5264ba3d273e035b56c55d54b105909227ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59c98563f846880fc0837f9422cc5d2c

SHA1
96bd1ed15b500ebb1511fd034306882214b2c96d

SHA256
c2ccfbdee4fbedc53dade9d016d467c95ecce6089e097ede75826584e5ba7ba9

SHA512
5367eb156d966c51a51e83d64286b871a0ea0b370f1ea60c94b32a9189d76cf7614779f160e80ce837f86c875d87ff96c09e9a87bf049970d2842c2a74464649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31d52ad6a3fb531928915e1de9015cad

SHA1
40c35b9bf303a9b2c834d7a2250de0bb67cbea95

SHA256
97a40b657e07f6cca353d406721f8c655cdf2a6301656ad1ab66ee6dc5828942

SHA512
8090e2d2cd0c061d5f7a14046c14427ac7f65f0841eb17f5e04a9e8444204ca385b19fc7b6ce151f6f950f5be657f57aadfdf41e1359f0f8702e3ebe1339ecea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a295e7e65cb0e20a700d297ff8d1fc0

SHA1
669fad32ca3bb66a35cf3e246680ced130f21cb1

SHA256
5ef67f0eedcb85474d4da85d5385924b6e0578e8788b47ce33c6b1e35dcbc19f

SHA512
e097b5dbd33b103cf3a3925d928384a2cb49db834cafb97c78cbd333e84abe9d62bcb7ceb70239a42ae6d6080f6fd847de152f9767f0330e026a73d1090ee1dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a960a4d4f621269dc92a43c5cd63592

SHA1
9731f42ec38ab5750fbf1be61efe6682691d9385

SHA256
b696993d2a7fb5072dacac7aece3f9d9fcb9de06ba935d78be1b5d05d37dd7ca

SHA512
6eb602ddfff873efcb6a8dc90ac608be050cf3bd141d8805cd50232d49dc540af128aa16ac930a1e954b7e43d8b0902fe45d70988a8456a19f34e9a20c8f7708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
852e0d972ad953f5a77dcc16df747ce2

SHA1
6942982df13a61c0eeb0b7aecbc4bc79c5fe6d7c

SHA256
171877ff5160961a1edddc17d2838f4cdc02124c2a48cb7054ddd3cbf38b8029

SHA512
9b5f2b96a359e062c7b50d0c94062676f8bbbe4c61b2256c75cded2a7c28de7605ccbadbe7e3ee0e5ae02c4460d59f08c37240f5f9b331270d21d5496b45899f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e8989650c0d032405e10b698989a919

SHA1
924478af3b63630f2373a116936f08e6c9b3918c

SHA256
6ac19406a1cac3a69af4d58d0c50dd761ade931c2466a9d50eec20ab2176496f

SHA512
b6aca8dfae4bc5bee50b91e80b08fdeb80fa7b4c101322469caf5c6139098bf5c109f79e7c32d0898e3dddff742f4c83e1651e5735a08abe3043fb6c2fb01414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
102e5255c12f2c2a9c5ec7619693c2af

SHA1
c121f886e35aaf7902687b89bc9d0a971465fd29

SHA256
11b125c2bcf18ab1294ad6ddd38443c1753c40edce974d1a1478478cd3020988

SHA512
ff902bb53b5469427d23c701846e200196b3f45b4279b54d30f5245748a881ec6019ca1b172a952da44c4d7a8745cfb0d3b257922a23a05525041c79ae6050ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBCBC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBDC8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBDED.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit