751de54101ea32bde2566df78a12bd134224f68ce3f280e382765ecc79cbf8d1

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

436612cab84fbb429ff8a265a97fa43c_JaffaCakes118.html
Size

25KB
MD5

436612cab84fbb429ff8a265a97fa43c
SHA1

c9a1776af7352ef7a4a586fcab9258425a8d54c7
SHA256

751de54101ea32bde2566df78a12bd134224f68ce3f280e382765ecc79cbf8d1
SHA512

dd083a40c9ff4058a48a916e488ff7169785b5b300daf12dbd5a38bc2d7df62186ad2ebce3190987a61e8766e154e18212d7e94d5422f4f032417d272d043885
SSDEEP

768:ebpUepgEDo1KBMSICuFTm1oPDQsQwzebQ:ipUnELBNuFqKOw9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f7f7aa5d996b3a1ccccf2855ff1c110c31814570b95206a8d92ffd0b5db32613000000000e800000000200002000000030b92c610c257114dee0a27f829ad0e4cad3fb2ca903f3f8451b158a95f6fa0a2000000099bbd40b5d07f399b64018abfab37972feab5903e2fad2044df3403ba6c291d540000000bbdb7ac46e98e2fe662d7cd3f85d3f447c18d8a2d8f8986d554bac770b8576eac57cd233d4fedc93dde8d229ef8d6fd73233e36cf944037c6360987e30938a9b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{988FE291-1243-11EF-9BF3-52E878ACFAD8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000be1a63fd4c001871af594938a6688f399bf7d2d96d0302229f1fc48e63194d09000000000e8000000002000020000000c735dbefbb476d73676fcb35d135ddea4f9afc5e3c19bf5e87d634d6b0685302900000003a8feefe03abc8fb836c1d4bb554268fb6cd72c3248e261ecb364cdb61d6a75c46d6ce9be3d67f845038c11ff006137d035acf3f12ef9d9dfa7bd65e4c0d980400fb91e59ede45a5b333bb9f7d433c2056cbc0d5bda4f30b326c043902d77390fb183534932a333ba77487ee6cbf4e8cf622151dec29207b19125b3f4904e2510ab0024860a0a2d509fb05a0f446a92d400000009bd7c59a5213a8d23420ae622e1c4a8f77294580ff737cb06dde128570887683dbc7f76217436c680a735232e22a4a018d3429bd757b3d31d4c95ed26d01f1f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ea346d50a6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421888568"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2120	1700	iexplore.exe	28
PID 1700 wrote to memory of 2120	1700	iexplore.exe	28
PID 1700 wrote to memory of 2120	1700	iexplore.exe	28
PID 1700 wrote to memory of 2120	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\436612cab84fbb429ff8a265a97fa43c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8d9f7373819ddd73389fdcee0b0a4a3

SHA1
7ffb96f2e057d6a665dbcfd5343ac60c2a372b6c

SHA256
e278f0ff142d342477845b27297b4803d9c075266cf1d21916ddaef16c0bda20

SHA512
7216fa9b1ddfe731c81986505ad653b7675bc3bf37d8e5115b49b3de7c2400b97e49adccc6dbaaeb531ca0d3af019434dcf54901c97bdfbd08fd7503c60d914e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29752090aea8e31324c53a155eadf109

SHA1
2e84c8b99e710c5c28eb4f6c8d733419d75087a3

SHA256
3e50f2c825d1178b32815e211036320be66276d349e1b6abc38107ed6975b531

SHA512
c03dca7de2e5dee9143d4f6a1364ea2bc9f92d1ec6a7c55c0eabcdc40bf66daa4771dc67f6fd602eb38ace1ba1854357bbe9e1a9463b6221f4904b096f19c23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aa738dc35bcf6af1009fbb06f2aefb8

SHA1
3b2c5772f165a1f45e540099a519cf580b14371a

SHA256
ca7f8fa78b05596993194faa83047a072b3ea7b2ff491e3cbaaf0b1d80d37d8f

SHA512
e8fb4ea849d2696af59b454eb730dac0ff0c1d918c46e2f8bbf5ad4ef3b81964940abbfbfa25e12382d890b18a39dda3a20531637df646864ccbe1f5b7769a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1661b13965a69860d80f9d4764181fc

SHA1
a0f52b8549472e3b5d9233d2f59c07588c20c199

SHA256
582278cb46753fa9e023a5bed6aea10be55037dd0441022ca9cf7bc39c48c314

SHA512
9df1c135f2c7f894a13f41788fa6b59adc917d61d983f77224234f4687b2449faf69708c4847c99065209aa477a3746446558f41d3a77b437fa2270e1d39e62b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99433e0ee64af0ec4aaffeef7315d251

SHA1
1e8e2a935b9d5eeb3baf83e3806815de1a4f9a18

SHA256
de3c2db6b77c59622f593e7c5d454eb8b3b75a583de5632a207652a97edad57a

SHA512
eae7110803d12156848fa55185761a4e16f8e51245ac110eebd392baf4dbebc0459ace54fa80df3e91f45c74b5d165a5dbbe97276f8c5f756471a06a99db8874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fb90e8a34794cae6c740259c2009975

SHA1
4ab0f1ccda500f4b2cd28331393e11d58942dd7b

SHA256
00adcbf3f001982077a968137cb1df90d2786b1f144261b0f7b4c38d7723520f

SHA512
43862588a68e82cebdb8ae34001fd5d96e5890f6f3ae7ce58de6d9e2dcdfbadcc1c34dda18b6593af6dbd7ab90d58444875864dcbac98ac68ea36554b8f91f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed6e52bef4292416a132a3c912982fc4

SHA1
6e18fef10762101a861a1abc4382b11310292274

SHA256
fe722126a364b0af05e6743697f6dc4602865350eca22f8e504240be49a64902

SHA512
a8fe71d2479b5f8b3aa33f5a9b82a7fbc2c557465ad9619f858538587e97b850732d7bc33e3a6e4822f7caeb0fcf583d9adaa90cb4a4f485f6e90371dc5747b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7be4eb205d8f91f3a6606da74fc7f99

SHA1
8a7e0a441230c44ef92b49dd7f08d01b5a043d47

SHA256
1c35bab4bb4a5d20bd43e8f20926e4b8baa3968bf7dabae7c8329ae5a87f19b7

SHA512
2b5fd06907be7836c0a9f53ad881a2daf951839c28a8d6043cff1010fb548c9ea33cd6cdd1efdb5edb7f1a1fa2f9bb068dfd09697c2d08315d2c9c0c1512c21f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5af3e44b0af9db7444614761a4a8eae

SHA1
473382f8f5aa880326444197e1c708b392d0188b

SHA256
d2292b42e072713f8f07b3f4ff247f4d4ac2adcb06d02af8e5f6840af0fc8d12

SHA512
6ae5a60a06f4b6d8b2f50ffe49e3491c3a3be32e47be56bb7d47458bbf3661c3414f9e00d3f6c36b16c3d25b82232a84af068edd8005a69e560b376a6d0410ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98b58cae6597585cb5d9bb408a0a3e45

SHA1
0c0c4ed0168f62a904345b171301bca3deaf7772

SHA256
7ea3477fc3441cb2d953c1b3b63b486011a7e41021c06857fdccf9d6deff7888

SHA512
092ddfb043c47046ed675c93c96bd8555666e7ff0fabdc88e0255b39f710285508ec4b48f2bbeff93039d678733d22b60549c4735d1d08961cbca763ea7b1b63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aacea06f5395295617dbb980000ef96

SHA1
b8c3133d728c473546e7040e72ed0f30c580fe4a

SHA256
d0225d639dd96d73e9eaa7ab107a9aa37eaccdd8a31e1ed7fae818c5fd090b74

SHA512
edf04b0a074c5fca03512b49d4c6c2ae7b33db5dd4332f856b6d990e99bfc4dbd6cdf5eb884e0fe8f5f50e013cec94db4b8a1f79c4ef2256f65f7dd656893bd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dd558280716106c5af65f12b1859a41

SHA1
82515210d01f9f13fc66fd1686839e3886167947

SHA256
1cb0741f45cf59021da223c902f01d163a7a02f8d38942aab8dcbee1189bedb1

SHA512
78df4194fd2d1b038892e28fc77255d25346ef120e8178146a47b54deaf43fde0afa19e3c37ec5912c3c24b88229ea262a80e1705a2255bff24057a488775b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47a4a4db88947aa6f1b005adcfcbe227

SHA1
71bb322342fdf7d9873ff266dd1ae33fcf7159c8

SHA256
9561b0404c967cd7064653dcf8d8c00ae8d2523a068511799c55f49e2f8d2d2e

SHA512
e6077da4bab3d0929f98fd393d5602b9024aa9250f9675120c55bbac4a58838ec4c265fa68b04bc442701a664e27ba5c652b3c926d2d642c5c31d6502615adca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e85c2eaeb8901df4f162daaae489d7b0

SHA1
9eca8ea9a9681f40ef908cc6cdfaf8f02cd2c48a

SHA256
f211cfcb764d262bffe8b38af17073abc7dbd8b25f4522635dc154b1e248909a

SHA512
5334b25a228b94ca2213b0462433346ac9ca7174f4921d8f6676da3d235d464757f296c5904465f09569ab4c4649599756f1a832b4aa855808593c6bc4c84d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ee595341a4530d25ece5b5072d0e11c

SHA1
af9d7a9171a7728731524ccd4f45b7b8dff8b064

SHA256
06fd19233768c5e0ab424fae9c2294299f738666559517b4c8fdc54f151d6ee8

SHA512
89a4980d62b6346f4cb448466d401a940d21c509318d21180b01d6065649e182d38b6b44fc562b8e43d28c2105ae32eea6c4480835ef80f83d36c9389e113d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf3b775f0c05213ee98bfb1fc330b684

SHA1
3968a8e8f6b56e567997760c03d8d86af4071052

SHA256
49f2d6b59fbb5d81760a05ccb5b99f77a0cb989128ba9c0417b751a2e2b93222

SHA512
d0b9b078f25314a310701ab24ad7a8f1e074c88d902131daa0494898aa53fd6719f0988bf49e61f948163e882b1d971c2a677c705f6ad040f8df0ce50ff1c63a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
862bc8c0da3d71b96d1c5106232304a0

SHA1
5760a45b660fe777ee6072ff3638f6ac93b5eedb

SHA256
799e549f638074a750ea1933214840b733f4f37de9990264b342c4ccafc9513f

SHA512
654189bc2e5a44c9adf572848ba95c8cef54f732a360e7f30043d7aff2bc54aeebbd575a97f1ff75b3af0bc51c328b15ae40134e9eef5a92e969cb1df0244f27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1db02162e992361879fbc9a9f2328bf1

SHA1
4a2df1a9e5f4fb83a01ceb6fd041880efa3ac1cd

SHA256
4602c4775f24adbb82e4ada90e9856d4847e00569f388292f5f2143d56be66aa

SHA512
9bf24387d9ed8056b9cc595f2b1f36638fa4f1b21c0af0d7cf8f6a44baa0c4fea836439b21767368bf4c0cc07ceb60abff52b470e11f72b892170506b76482ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1CC7.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D28.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit