b2870ad13489c6f37bc7657b09ae46c316ccdc13e71f924c094fff96c33b6cf8

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 10:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f0a26cb247ad2100ca0d71cd90b8c4c_JaffaCakes118.html
Size

955B
MD5

3f0a26cb247ad2100ca0d71cd90b8c4c
SHA1

ed4d3ba165853dfc97e5787992334782eb49ade4
SHA256

b2870ad13489c6f37bc7657b09ae46c316ccdc13e71f924c094fff96c33b6cf8
SHA512

0268bedefe326758297c2b57a8337d777fa3c86847b80e123aa8a1f45fd4ad7563689ed7a80ae8b56816839356ab92fe892f306e131e485055a37ed072b8f1f1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009382060ebf81fcc75750bfdc7d91558888a6dd36447c33abc017e08da844eedf000000000e8000000002000020000000fd623fe4ffbfac741fc3754c98f7a792e9d83a1a2f4981bd144b73d7bf680e7020000000ab03e0cef65d4d14e844ed2fc0d7dc3ca95e91654a5f49d9d0eca29e7440374e4000000048c3be5d6f8e73918d42c26c2ca3a50d30b5ff835e78c50e20a9195970ce13de7a633342ff3931a0fb3d834d64cbaa4e96ee363f56e84cc4cc5e6cb8de1e4ba1	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9042147c20a5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421758026"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000069901527471fdb21a35950a9b464e1870e79a2b4a10d2ffdf115120c613058b8000000000e8000000002000020000000a5aec6abcd677dec6c58c1abc805715d0290ebee14487f8d34724a7cc895d4d49000000063dafc21ac8527ff5f969698a8b3a470fbc5f5661bb178ff86657405e5d795a1ddeafda9c8369ceb5c7253087858a1ff6bd6a5fa39af0801c5c34c224e1501f5385b8be71ada837b7a4d7538c11f4fd670952fd6cbd6c3e89717e167e8810e0b6f0e3b413b1a009d83163ca513018cf6d2397cb496ca56d458afaf5c42e83e5bb5508b1671ea00e8875784752f89c80a40000000efba6a27cf31358f4296ea8844435d4f45936a808ce86b7a24c3ef52837e9a704ec0a38f9ccedb866d9f58db9f50e9ff12af32691b151bea8f264cbbe5e391c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7792541-1113-11EF-97A3-C6E8F1D2B27D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2024	2420	iexplore.exe	28
PID 2420 wrote to memory of 2024	2420	iexplore.exe	28
PID 2420 wrote to memory of 2024	2420	iexplore.exe	28
PID 2420 wrote to memory of 2024	2420	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3f0a26cb247ad2100ca0d71cd90b8c4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
970ecee9b85cb11af0d39dd1c9e2058d

SHA1
906a552fcb3314cd7873bd000dc73e4947811e2e

SHA256
7b39ffc1d0a8e98ccea583644fc4e992ff214837f20ca0a99ed367bdddda2d02

SHA512
442e763f44952818efa6f79ead02edccdaf58e2ff06b9d841a96b49716724d036861fa4395994316e3856327fbaf4aff72c127aad4dd2c0226ef5ff0ac311f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
679ddb4020545928f486ee7673a43794

SHA1
e3643e2d280f455e64ebde22390135f788d835cc

SHA256
ce18c3691cd9421f0b4744c43010ee00d6548b10ede8c77389e97ec900ae0a1a

SHA512
eb5b5fd0502f63624993305e7cb4ffc08a983097f071f4a5cb101b3ba41bf17d4a87b79a14c5707730828caa1bf8b6963d0f77b840a9b210a9096c974e507955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f68e2bb82ffd562c460a6d0571a90f4f

SHA1
47e063c3c58efbc3e30d40312762787be5318bc7

SHA256
e82211841c385677bc5192a331a15656377763f66babf59015461a9d2b1dfd9d

SHA512
ec935685c8c6f919a3fc70f4ef801a9860560402bc8d27726c399e1d491979688c502295665f09fc063a2e368693c1cd61a321031ed904550f0e05ec6825db76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afec2927c767abf975e1c6331cef82d6

SHA1
df7d1b216a7dd5267c81b74f0fb4d6b667429483

SHA256
fb84cdeab336e84fd4c6e88375b53b0bd061d2ae3601b85f296ab8bbbb2ed1fb

SHA512
f68b4f5b2caa09f762dedce525b278dc096c8feaf788a599a81d22e40481f977ae149ff327a9c28f8c9e4982cb9aa5b62002e259087fb99e78ea432c7fbec3d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8d7fe64e03b2082be82a921d059f576

SHA1
f73da406af7d8b55b58afbce053cc7f4895f1539

SHA256
daa363516d18c2f9ea019afacaa6eeb537e2e7075158f1bf4ef8f0371532a341

SHA512
bfad5ead84ba2d429faefd94bb56e325c5e6a5b8052ba9146ee49ea40c94ec5803eecb321685b08202878558ddd9165a161095f86ce4830d7cd5790a055056a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f741ec654efa2271d0a6c456c65d8fd

SHA1
b338d43c20d315b65acb2c222ab753e886db5024

SHA256
5147682c9da10ae4d752170a4aba357c766044a359ce69c8569b454f07925d39

SHA512
8491bbd44eb4bfdccf5dc7239c765aa67af9182bdabedba70bf0d8095bce6bf86aff1404098e902e908c56fe06ec8c965f76b55925b2dd84d44db1d14e56507c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ea52a71e1e1a38e2c90569225bd80c4

SHA1
97dc187bb1dbea7ca21fc34e3b146617276c2811

SHA256
2e3f38d5658defb47293cab22ed7facc384de495fbe27351eb63b80472d0c2ee

SHA512
5ce5428fbf2bf38508cb9088b30e2254318cbc7cc25cdd61b01ddaa8f94d5657a26736d5b34486133a83dec59bed5b4132b192f64ede20a96dc2f405bfbcf1a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1f9a53a2d63bb4a1bceb2512cacfc35

SHA1
5d74e0c80961201dc34627517c92bded6105fbe0

SHA256
e73f3533bf75085553c9f7510f2b21f4d8daadbaa3a1a371559711e694731cb2

SHA512
c8d792f86481edeb8d5b72f0e98c20d0efd58e7e73fdb056d84bc13851e8312e9957bbdc324788a777735789cedbb5f7138e03e57813b73a4c123c8d0503b721

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85d205b4b5fe2285337c8c1095dbf32f

SHA1
64f0329f93c8084a10e46c842cf8725c0d52b9d9

SHA256
841acccb2d4f450f60f4e62d6bed95dcb985b79034fa9a5dcac1eb90330c13b2

SHA512
4cb17f0bbee72be5eb7bf028a31b65b0471137badf8baca365081a3030f51b399010f848e0d67ff103245d665fb363c0a74efc091e097e8f0779cf62b386ca2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6a748fa4afe8707f247253bf1b405d2

SHA1
e668be6b8f98477dd3d80a332b814f16d68c0b55

SHA256
c617eb3dbb701ca32a41c3db2a0667838dae5505961fcd78b680cebaa60424e5

SHA512
15b9b35082c2d82486fdfb2b2efd329eb6778365a7a870a28e822fc880e43526ca23efdc3d0f00f66c9c8ea6c74f7851249717e63475c135e7eb41cdfd1d3b75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfdc1973866e61a3f1d3a440a8e5884c

SHA1
ab0988b353f06838b24b7414f305de676e96cd5f

SHA256
f8bc71c80f44b387cae04fb440c1c636469b2048424caaaf3aa5c8ab5631be7c

SHA512
ed6fe0919d8317edf55898f914ae5dd7f231925f504815505b00f985a3316865c4964b5292774a860f623390a6cb1494f084fc46d7760be83eb9f073216db830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c3fefc6b942268ee1a114f6160274ea

SHA1
f2869a8417d8a45f33b45147d931afb2c7b213ee

SHA256
4df7e092ad6d923c44832252738ad5e5311b17d15bbe3a69f4c445496d7a7d69

SHA512
360b2ec09fe94f704ab121c03a2df713aadc7b544efc78a8eca9341c7552af279204fd52882df18405fd69e765af5d51a1b747eb7641fb53cf9fba800db49f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18babfb9ecd6d502b394763d42659c86

SHA1
6b6821c53826d75dfa6050804833412e9304a054

SHA256
6238703401fcf96e759fc2d93967d99e1b856e493a37e9237c4cae2750ae8a85

SHA512
76dc1e6cadb9165db1c302496b688174d246a0777c688bd584bf0bf404392296599d71548f4318c41a3540c1327500fa0f52d9bb3a618d4a691feb48abc688d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
189d6bcfcd4f7f4ef019b412edd30d43

SHA1
14c78c31efb51e2c1b3f816ae35bc58e71a4fd83

SHA256
3ddc617d1a66731ccbbbfabec9106b8d74a05f9fd59a7342cb4e159d7d3f931a

SHA512
4f5d715fba8b4e54dda2ea8cadeb4b7c50df66ccae4fdf7f2d5bca7fd124156352aa7d6870d26834648dcbf9c252487f6f57c918c5bf6dfe2cf6a6721ae240e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d14d9362b0d5975a356207a23d902f83

SHA1
67dddc3455d8441177d95477113dd29b47289aa3

SHA256
83d39923e831baa4fd21535c6cf2b36609a0675b2bac6a28d39eed980ae3c0f0

SHA512
0ff609fb3321e8f7bf65e16bb5540ad77fad7fd69ff5aeca7efd565241f067e15c092d83bdf929921cecc27d91d161b693543ac50a300df4f8f07a5d1651bfc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6176fa546b87a43112443a3d03a4222f

SHA1
fb93817b6dc3795eab45327b139aa55e0d937ae1

SHA256
d6ee356fa973ee87b02707435c5ff9dde5e97fb70d4efa703846c459c589a33b

SHA512
27316e902ecec500eb9227c80ad8401db4e21c2b8a443223e15a2c0afe9b10cc28cc0e3e92fae790a1918124d0693ae93d2faaa00ae63750648ff53cfee49c07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b63e17827156536496b4e69846031f4e

SHA1
d9fe488e7a454f77bdd9bf08d1e3b6efe9b9b691

SHA256
40f7a26eef8d67c342395f0754012dd0b69090eb627d70d0f60744e061166745

SHA512
dd1be9cb44df9233ff287ed25da64bfa4dbe8bca89b7ea860aab9e388ccbfaa5d97585a54f4ef3446745431d3ce2fe9f2b3431f72d85bfe5aa3000c6b1d9d7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2CCD.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D2E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit