6472982740a9b211a31cc787c5b0a1f56c1b863f7154fabc0868d942d62dc19d

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 01:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cfa9250c0b000440bbf9af808e49451_JaffaCakes118.html
Size

496B
MD5

3cfa9250c0b000440bbf9af808e49451
SHA1

eee70d359e20b5fd5699dc478f9f92689c110028
SHA256

6472982740a9b211a31cc787c5b0a1f56c1b863f7154fabc0868d942d62dc19d
SHA512

9db7acbf402e7d7037640fce115b1a48199ee8b68c4e36d180d226693886e06259bec3c9950b4dc908cb7ac2156844865369563da61e0aa23bb355f3394b06ba

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000841d8b25c924a9e260dbefc3a327488dd51de9661d7773f85e86f0bd87bbfc2a000000000e8000000002000020000000f71cf68228296423eead4c3e28f795baeadcb6f80099224e42611c7f30332f65200000009345fdd3fd7f9cee59b7c2ea45117105c110c9c865bc3c7321e20965ddcc7f994000000004eff4b514197abb98b60d8a7db48b2f4b1ae6211457a5c7b4333b548d15c3980d3ca4d760d83fca5ffd2b1b3048309a9c448ffdf1eec1f6695a00596614a2ec	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f4c379d7a4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421726668"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000fe5b480156708cf57c230724bfe99ce752c317390e480339a69ef538a05270af000000000e80000000020000200000002afe53340ff5ef6e2b6bcb35ddacc7b11a9d240a5b8708395bb67a86cb350c6a90000000165e84b8693622171115353145e9c8280a5c5c8e7f65e6c9e855c14416ed81c4e084d6a94b720e11db240873f23c5cd690b54ca4ddb870014d559883e8be3556bbbfe1de57e410cb41b208fed4a7283968a64e735236d599f0e2c0e410ae2882c345c55811d075cee08bc862d2ada394cc1997551181fc12ce9a98efedda7a3979719b35efb1ddcd3f4db56badaffb7a400000009059655fc18286a333969bf04f16030f58d133be4a38343d3624a0e9a330026bac42002956faa12810163c9c6a80a52f553354f53d0215fdd64d59573f0fd81c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5363C81-10CA-11EF-8004-DAAF2542C58D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2288	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2288	iexplore.exe
2288	iexplore.exe
632	IEXPLORE.EXE
632	IEXPLORE.EXE
632	IEXPLORE.EXE
632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 632	2288	iexplore.exe	28
PID 2288 wrote to memory of 632	2288	iexplore.exe	28
PID 2288 wrote to memory of 632	2288	iexplore.exe	28
PID 2288 wrote to memory of 632	2288	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3cfa9250c0b000440bbf9af808e49451_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8b61d777af9a7b91a69d7b4865f5a58

SHA1
8fb0778d9222c325fb058b858c6a0e9fad81542e

SHA256
2b316f7a266cfb7b7fec920d747d1ff73aad44321d9903609db662fdafc3f1e2

SHA512
0918c668a09f885b813be8c655bef4e76d968edfaa08f0229ea7b0c51b391fe5c124c8e71b754b0feb3150ccda98f5633e6c1f4000d3364102704126609556d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c62232465c5a435018b4709d03099bee

SHA1
2893f428f1067d00dd175900a0f23560ae4ab039

SHA256
bf1320cd1c9729761530be06b0e74149b668689b4243e13b6f9849eafb471751

SHA512
e62a1f89c237e4b592507edf895adc8ddde7a85f2afcc84c79f5827ce7a39939a0763342c900516500611981985e67ed90c0cc52cebad462025192d8da4f6f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4864bd6a147c236f67436e5ea9b9ee07

SHA1
202d20a6a82f8d33b4eeca967c7ed0cbc345b3f9

SHA256
9b066ea9b6c3f4d5d61b9aab788ccc82e66eb989809dc782945058bc93d5a4cd

SHA512
206de11b30ebf9ae3fb85b94440a2173e3d59b5ae92e3670d67589fbc73411445843f06c55ef66f20a87145c8e58897a174e16e3b6178cf07d98d28e731ad85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63698c0e365116719833e46887b3c380

SHA1
673b202758d71007ecbc6f962aff3c39d265974f

SHA256
a31ca8aa22714e06675aeca5d7fdd7a7b6b823d92e1c1ffddae991b543fbfd38

SHA512
361dba13b73c6333358394997dff3fb26ad92810e767e4b8d79d91e7c65b0d9a3f1eba0dfa5dfdac943cc8fb7acb014f55c28e0f1d12332316e25fd333659a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bda6b073cac4cb887f686800eec5d0ad

SHA1
cb624702fea190721b2d0834f74cff50f7a34bce

SHA256
36ead324f144d64dfc1c0b929f3dc02aec3912c89f41dfb036f7342b66ee09c9

SHA512
0225370cf36db43158e96033c8b202f64b04e25f1d001d6b1a040247d19ca1641d88b9ee0d2219c1c481cc4d46bd89aa42ed09725e42ba20d56d2179a0c28cca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
550f5ab31cb67d72b0c3d6607a0e57e8

SHA1
00b6175c72f7b2a46db708d582c807c0e3e1975a

SHA256
6415f57384a1b9287e2fd9f988bf778a2ae6406a2767e4699b22824172dfc482

SHA512
8c2381b1c997a08fe7f26e7d1fa5dad7c01f1c12218ec5a8a1a7678c8dd1819d0b299c8f28ffc0db07523bfac76d4731ade0d08baad4c5194d71c95608e29cc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7744e341e1ef9ef846b9ab3db46d76c0

SHA1
47c63b92ea35cebc73729ed18ddf5d1b59c9b569

SHA256
24454348a9deccb9e49744fa6cadd5d8ca8cba2f22e0a63ca84578264d043a89

SHA512
aaec43c9fe14c655b4cbb583cb1c80075f697b50cc97a27e508f4f3855296dca9bc1c264652702fa296b7c6242bcba7e17d598109303e9591e3466dec6e3d09a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ef6c0fd1bbb9fc55c3cba5fcf356b12

SHA1
9cf5eab7f004a95d338e0dd698ace7a57e6c8052

SHA256
7395dc560fe0b206d40c3ee3324b77f460591d758be6707deda7a719c234ab6d

SHA512
e1b630a72d0c49870010d505fdb80fc4a5e32ccc70853e3f889bd7f2abdec205ae42ee58d2b813b57a74f5763ca4a53cc3af8405edeb43b536654713136cade3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15becf8874260c03b986847537ed1c06

SHA1
5fa4e0532a5d29811efa59a98694e12f699286f7

SHA256
2737c6198945fb84ec91c0776df6e1f26fc08f03714697102be337240b5487e5

SHA512
8ef1566e293e08232b79215947fa046a08dad1d0e274129582e467565e1c3da0af062564a01214a92b6999bc455af5708e1ddc2609842965f3949458cfdb98ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55f55ed81b9454589eb7890f49c88630

SHA1
754fd15d1f667a5a30192bb096739af3e72b7ee6

SHA256
c9fa116f37ebcaa6c438f9ba7eae0e917f4f6ec013d4c9b8499b310f2b2a3e33

SHA512
fd3d8b08994bcc7ce3cd18784176ad0d5d6b82f704bb7607a3d7bf6f174c3d2210510dcea1a7c15c09a584a26fc1e17f1a6ce39e38413d506de0638d20695197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff86d64a20d99d2a7d3e85cfc2978a59

SHA1
f97cd73a7af8140ca60daceacb167334128f29c4

SHA256
0f023e9340bebf6f0356816561d6851a1e8c5f41d9092fba35b371dd6dda4d60

SHA512
3c1ce14f4bf8fae4f86613cb5225f993e52d88d02d5e2c31350c1b18e566012fc8bbc242325d4409943daadc436ef25d4dba8d509c234e3b3565ac72b2aa099c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53c8c929bf1008f849d40204771e35f2

SHA1
8d7519bcf7ffac3df5f9f24402dd30463c5f2116

SHA256
f1c3fde7bd4bbe4d3d2e4508b24e966476763f231316bcbfee7a29857fb0f137

SHA512
a5b5a2dde91086ec4fc584c1e997e3a7daf61681a08fd299d3440ace3ba66ef961f427f5a0372e1a6eb1cca82c89ab8061396ff2d09970a749ce85007761f4f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f928fd402aa2267ba63b798eeb45b8b

SHA1
df1817de6a83670f22726aedfd055f7a6f151ffc

SHA256
3e468e4d2e88e3db8cff778cc5f4569f8f416c332ffd3f366b63e4a39d394ce5

SHA512
7fc4b74453382b8dfdae0dbf67daea7b539e7314991952a7e7f039a8b870cc0b34be400623ef5aee7722f933db0c437f8d8753a0c94336b6913c354baad53dfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0b7e486457b072106264338fc853d24

SHA1
044f0317fdcd64133cc49ef800a9409b3fcfd5b8

SHA256
d51ace3b7793aa5c102f1077e89e59abf231e47873da2c0c00d311c9af31790a

SHA512
5c2faf69a20882509ae74f93e326f3e5efb363bea2ad78231a187561d4da735556474064435ff6c18904451222e72deda541a6a1d2ca5f8f3e55e658aecec840

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
078642b85153025cb26037e99f741fec

SHA1
767b3486c86b19b75aa9d95f609ee693655623b8

SHA256
5edb663331347ca3d0b1f23b19a71a5187e56916525487eceb4c47414bc93f1c

SHA512
7ddf6dcbdf0808c687c1e8813487da3b8a67b4d3402c3aec773ac56ab4ad5e928b3442a6fff63542cdf01b9a58e2b2ca3e903bc8bf5c690347e428314a15460b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
533c68d9aa15a3d4886642972ad4fc40

SHA1
4e1faaf6c0174e795f258eef5e6397a5deee9406

SHA256
2c1605badb386f7f0905e43e2c46f85efc7788f96b7d9bb96a6639a41e8ec14f

SHA512
34cd335f3f92ed24b7355ee28ad5dc7a623741308fae9ff3b5c53e3fcbfd8d789bdb6a3d7c445650b1707df450fe92895f49cbc83fcc9f4c98f37e9d4764510a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a446a970e4fc511a614c65b4ae74599e

SHA1
43147f738b8dd7d211a76db0c1ee4b663bfa1484

SHA256
bc89f385ea78a81839482f7fc875eac8db1c6d11f68a1608b20d1e22221296e2

SHA512
0555ab899f2c55ce90115dcb790d6beab32896da56336c99f381896cb96d056cb488c333c33356057fbf833a99384568c4894fe16828f4eb8ab8c91ce85ea282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
212142542b9786d988022f059edab8f2

SHA1
1d60e17d113681c1dc9bad785bf4b7c779173515

SHA256
7112dcdeb52c9965b553450ea6b4066facd66b8b168373deeffd4c9456630f7e

SHA512
d468e041341bbc2998724456a2969f238df76cc2a141eaa99952cc6f6dd21e9fe84e7154a2aa2477c9e0a4c9f218bcdea9f2b5e33df634b9993523a58e17d11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab21B6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2209.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit