da0ea7e13f65407ed1d73cb6d4098bf44732026897ac9d500846ad42a7072c7b

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 07:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e428b6a7696c0d770e17352616dc8fb_JaffaCakes118.html
Size

4KB
MD5

3e428b6a7696c0d770e17352616dc8fb
SHA1

b1dbf7e13aa94cedffbc84861bfdd539ce371fed
SHA256

da0ea7e13f65407ed1d73cb6d4098bf44732026897ac9d500846ad42a7072c7b
SHA512

fffdec525db3da4f50f30b092d9e7484de6b96280b8fdc4ef5029d0b0f8d06b1d49a8311efa55064c98cfad18bcf887294e1c589a2c9ead79181257323f1dc83
SSDEEP

96:JgGMgfOS/uw3O1CuzRQzLrZXdPKhMX1itFcld3t7FJX5aaogVvV:XMu9/pO1CuzRaLraLXcldt7FqCV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421745481"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6085954603a5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000961ac36cf063c64056b8937754353d3476319caa9ece07ae3628bda50304341e000000000e80000000020000200000006ae78436dd1bb7f52cd71c84f61b36d9b6e164589ba80ae82dabe9e01839355b20000000224c38ba699878858c6bfc897eccc47cb68d9db9e436b32fc76a016cc356888240000000fa016f7b48fca00df43a1400e6e704d509bc3820d5c4cfa14e7a39d35d66b91508730b2c452f72622348b5ca0cf253f4ac46c26b7a50cba232cf20ec3ce3ebcb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7204B8B1-10F6-11EF-AAE3-46DB0C2B2B48} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000cb84b9aeda80b84d43a3043eb75add535f4f0cec5d4fbe77b5e44685c827ba33000000000e8000000002000020000000c03e67e1e2d1add18bea51ff1d9ccabae750f8139dc71c28a6c8b7814ddabc539000000052eaa9f153a9606579d6542e6f7274f0de643a238a2f032a8ab8d70199d11fca4e849162232dadb545a31eb70b4e119b1b9b475c2682041cb68a081c226fec648d182fbb34dfbfd5c27299fe131cfe881d28880a2121d2f0b50a2cdbfa469544a4848b0fec25782e84c7b602d89cc36686ad0e693849fbbdd8b27a8cd2fb9b28e21c0e1525b67f4fdc75e3f15ef43b6340000000775e8602b38b7f8d25e9bc5bf1d5648d409ea2a5589f4a446b8684bcb18b65aa342348450aaa26f3a66a18bdea1ec2d585d27b5d18b3c3e736e4152d60befbed	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2852	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2852	iexplore.exe
2852	iexplore.exe
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 1976	2852	iexplore.exe	28
PID 2852 wrote to memory of 1976	2852	iexplore.exe	28
PID 2852 wrote to memory of 1976	2852	iexplore.exe	28
PID 2852 wrote to memory of 1976	2852	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3e428b6a7696c0d770e17352616dc8fb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e77f5fa92f37527bf37a91f2ae3aa63

SHA1
eb7ed7a8b441a78bdc662c5e2f5a15fb4d874cff

SHA256
a06313e1f6b6a8fa2ddc23907040cda21099107d48afdb199e0e9a2822a14265

SHA512
4eedb881e6d5120bb30ec56168db3555ec93c4a661b4007375ed5bde46742f904f660cdaf6c0725095a272a4b59f71b8226cc4dd90a7f629ad2f16966cfb359f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3525f8b4bd398db8931b0252a470a858

SHA1
3682a9fec37a2877bdf94760ed1ed82cfc14038e

SHA256
bccc9a2dcf703d83d37e8bb64a25d4bd8320dfbd55d42398bd1a96f80868424a

SHA512
5fcad0313e9add68fcfde18c8cf2841b5840178bc9329ef181069c79214dbf3384f1617f75bc606613b01240e6641a5182cde910d52b292534ea5710f70e8fd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f26454057b76c131ce93760888a1378

SHA1
802737b0d37cd363dcbe991d1f3f26580ecf99ae

SHA256
962f9a323d4fa9bc994e00864aabd784594fea2808a1e45e8f6fc05d684813ad

SHA512
59648488aa54504f173c57c93edec199642f4bb128e2ecb57c32d5eeb9712399e75be528c0ba96418e9a825bd5693ebcd29a9e1b65b56a8cf92b1610280a8677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dd899310939bfb0fee98d903e95788a

SHA1
cfa3212d947da4b6956d6b23f60d848722dc0f0a

SHA256
f852e317b98df7184400c7be5b8665c28c34af5f6f87bfa67e8a910644c0b7c8

SHA512
0df76485f09bbe054b7cd348dcc9108ec6ddded2ba61091fa0c221e224c5f8f3560d3f9fb22e7f7afc690287e86c3d008395705ceb70f9cc7cadb0352cc4bc6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db633e429f6fbe104a37c1ef40873cd2

SHA1
4822405471de162bc1f176525cce35a20289198f

SHA256
d427d92136b87dcbd2ca5236d5f1cbbac26b5f8e51eee57b789ce3cbd1d84bdf

SHA512
809e0bc793ec1ae0b3cd6db027c4663084a029a62459c1623041ecd4bb287c6ab3c559e719ea9c932595b89714a42e1b72980cef5759788ec79a357c8bdd2afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
308623e941766405c40b011233340307

SHA1
c2d90f366204471a6ab987ead360b59bf70f27a8

SHA256
b7f7d2a94d9979fbfc90a18899a20877c2d9ca33f1f5fbac717c96bdac36fe02

SHA512
18afa93b2eddece68465dbce03c2eed5b2a0327f2621904b853502d1cd1a26b51ca5d7048c410c7ef4fc8a37fecd9c3a9cca4183b9b1d3d935f46368cf064c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2790e6687c8022fe3051f56548b011e9

SHA1
7af55c90a220ad96d884b2ec9c5f27d588b9eb53

SHA256
05248b8e02b2564fdbb90196ba28e7a0c3b167af5b56df65693f261f6b3c911f

SHA512
d9f256f41eab634a743faba0867724cfeacda837693ae05be66ba77d004fff3b8584158ed750b197913c8328ae889e5101973e730ed0035aa91a30766ea5fbd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
145d764dd268f7cdc87e60d8281f5452

SHA1
2dd2303bd24ffea720c2f7e68431fe4eeafb3c9c

SHA256
1b1193a8b0c7e1c198c52726856627b693f077ee00b415fd4485e9bc1a5ebee4

SHA512
96fd89a3f4631274f2d3d22b4e93a66cb8249460eb56146fd72a383183c45b4f59941bfe1d8b668d60d60c18c44cc99be5768ecd0b0568218a79ac37db9266f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcdd60eb7b730a6729438e1056db4b3e

SHA1
f8022d0333dbfa848296d2eed776c30a09e72bba

SHA256
ecf1132a49b7013fe88a31e34a658bed7337f70293ff80e426f22060b272ce94

SHA512
7a97233d8fc3f272f50870f56efa6b9a449d111f94e85c233685425a6b57d134a5f105c6d1035590798464aea4b3aa61bd15ca9489f879f7d78badcbe7237e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9930895c148cabe68646a73f8781b28

SHA1
5507fae318ed4f55b3653b5b3833b5fb9746b7a7

SHA256
767d59689df4c12ef0f3c3f1561a99895847ac73b6dfb3f413d1b94514f5d59f

SHA512
53fc57302257779487f379e361134e2c80a4756184b487cf9ed54e41e7b4bab8ca6e7fe404a2a67accf1f52d479d4b3d19c1b1f177b75480cc73ce2190ef85b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc5e1abbc5aab7b6df49dcf83ab64bc7

SHA1
330c2b6596670d482705f19cff92dbf49ea1db24

SHA256
94145b0acb36b68bfd02fa8bf2e6b313c82cb4ed8c1b1e46cf8e5f4d9fca95f0

SHA512
4a496cae1edd1866e58d6af379b4f114bd43659b50b13fba57a4ce0e4441ab4f0cda691010c49ec86ca74c20253b64b81d6588eeece606642bd1a44ffe244933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
810326820c9d9979307210d76f294a50

SHA1
e60c697a9307730d362be480e8c5455116997802

SHA256
1d93c7423ce67ec1aa39126480ffc9a70b6bd4a027404fb3aa7aaa35e2c07f74

SHA512
3c0a8602503b654e779e3cff091e2773575e4a8b703949c1f7ef939b4ae43b8617ecdcb4586b22586d713bb371701b3232e959f5f5acc1658b3454a84a988573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
439d036ed3be7f24dd801a2e00f44992

SHA1
8ba5ae497f73aaf05295ad477e963985a3a20e30

SHA256
bf06d1655bdb2289c1abe4e057a8d7b26facdf72aee59b9f3c5f248f2f6a9ac9

SHA512
6dd03bde35bd89ed37e79f43ddf1f33ad60f5e88e2bc24ae80adb13cbfec4466d6a8f78c1f2df8d48bf53957beeef6d6d5f77cc864dee0b533db4b587f5fa5ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cb0153e68357675823f91e57a68bf0d

SHA1
1c1a13aa6f89259d256e4c7cbebc12f4468ffa44

SHA256
c40ec75ccb9ff4b7c7e7f11898f55da0c3b3e593c76a664a6631558d88ce7e90

SHA512
de683238551e35bf7291e2d4aba73909fde0cfbef16667697e96b6e8877359084a11c1395a267f40f685e2d22e7a0747f58afe01f447cf0250c6a4f1a2198b1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65855dbca43185c24d87534e87b60792

SHA1
9ec9b7fa3346f439862fec7be47edc6a8c509882

SHA256
ef4a9f56215c938abd905c194f4fe9a402352470e0c15ed120d6d89f3c022d0d

SHA512
8b3daddd438444af280a71d63762fac87c935582795d02e629a8050bba12cc83fa74f4e68fd33e25b0eaef31f7111830a2c35682129b2b4bf4c8f851be65ce23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab399A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A6C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit