e3bb34a331e20795d6159cfab6d3bb9de62b024c7b523010f693e9741bf03d4c

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dea8a418d2ca0b5d9ebcb2919a6bedd_JaffaCakes118.html
Size

12KB
MD5

3dea8a418d2ca0b5d9ebcb2919a6bedd
SHA1

cabc80819930812a2b7293210a982d829647ae9f
SHA256

e3bb34a331e20795d6159cfab6d3bb9de62b024c7b523010f693e9741bf03d4c
SHA512

580b246b38c9d55e2d73bde838d0e29cbbaaaa2362b5e85d47fca05637c6dba635553d1d251aff628cb2a17938b00a6da0df1f8628a4f5db032a1e726ce3d17f
SSDEEP

192:kGbNEB6OOQXMLMlfbBOfHKw7SGe6OOiLz7Ui9c8Ty64Gvn:dGB6AXMLM54fq0/eNOM7U6c8Ty6dvn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80053384b9a5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009fb9a4ab5c34303c1c5c065dc308cbdefcba3fb38aed2569b8e12823f76f99dd000000000e800000000200002000000015b5ab9569c5d8950da76a9c8b55bcdf98850913b00f30a4fca54118c2e7f73320000000fd64934c39b6c7cacbff7312fd81ed4b5c3dfb214349076c7e40d8e072ae4052400000004c0a35082126cafa3713c55d1e3f2dda73bbd4949f750870e58f5c83827b01cead05a9173a79e5b63e1c72a906c1c247e96239734985a805acbc210112b4640b	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2184791-11AC-11EF-906B-FA9381F5F0AB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000ffc443b47ecba58bdc9041199298046d256c409a7c7474004d6ac3a92b8778f6000000000e800000000200002000000098dbc6d1b886d872dd775feb7015f428fea7d165534c39ade6092542a4b9e50b900000001b19d2a2e067dfd7bd5805a3ed6587f93edeb33da3923bbf052d626415ce31761c36030cbfadde54da7d030eafdb2e46709991f78103e20a39b5e11cf29957d4d610e4e42d6cf9f5f95bd338f95788f9fd71fc1214ad274f4dd72fe30b124ec6c17a24ea735d8e118bff8ee0a7efcd3ca3afc673e378286349154c05af5416e188a23953aaa61c6edbbf2f2276a487cb4000000097ec9e99bfd2cbe4a2f8da59e04163e461638003c43cdd02a4389039e6de75e5f4212a9015c1b4c2077bd456f991d9ee95b43721593523e8cfd23b0e688aafa7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421823729"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2480	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2480	iexplore.exe
2480	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2252	2480	iexplore.exe	28
PID 2480 wrote to memory of 2252	2480	iexplore.exe	28
PID 2480 wrote to memory of 2252	2480	iexplore.exe	28
PID 2480 wrote to memory of 2252	2480	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3dea8a418d2ca0b5d9ebcb2919a6bedd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc67044324f032fa458341a47378c403

SHA1
6681d3139bcbf2678824dfbef18b7063d35689d9

SHA256
abdce05b1423542a2dc93ba14b72093575781ec7c2c3aff786a804dd8fe4458c

SHA512
dffe3255803e684ff9cb1747ff6857fa047fbc7429597476506fa07f7dbe1e8f26c8c29169aaf61670a7d22f148005e7749abc0d753cee838ec401280e5a99a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d57a8c9f3e05a1e5a104dd0fb4cec71

SHA1
e9ed3d8176d78e8cece9102064062bf58ffb91f8

SHA256
f1cbc870fb8ec25d8cfef825cfd45cf8fa787a5e8f16676fec81ca7c5749568d

SHA512
a101bcb9a888152a35af21e102aa89f0cbaa3c47fe8a0ffd801295f2af8ffd4f0ac5fe409ccb85b35d386046c1cad1d4c54cdd7f5e31b03542f7d63dbca8aa37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eeb6a3cdba8a5dd6ef7a509e754f8b8

SHA1
0f7f7dddca98feb74b33eed4297f58a99aeeddd9

SHA256
2d597ec164a59bfac69fe8c8389f0bb4b1e710aee62d0d5300de5f5c3448fea2

SHA512
6f1b2e5a3beb059b3e6b9bef50663faf89bc0005c5cad7c69f980f0e971f2e387ecf0d334e5a0ac2b86a21de0ce3ff47ff14a0db64818afb2ce0d78846b1600a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81495f2b50cfd2714cffec8e15bd88da

SHA1
9aca5e8d8acf3b736cf5c8d88dab0dfe1edad892

SHA256
3a171bd584c5eb5ff2008075d23c3bf0e72c1cf5cfc5d87beb6ec67e25869936

SHA512
b5e0759588842ccb2dd5cf8bbc98a17f946418521d28caf4d7694de771a6899161fb121711768d2db50d37ba679e414d826af183b9876b69fe696f4f58b74896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edd3b3f444c8ae5a0701b8cad336c03f

SHA1
7741f1b37626fa81164d46d80ca28779467aa436

SHA256
81e6d7184784fe30a9752976fc1af13bb75a9fd0c6764ac6305efdba361ea7a1

SHA512
da53df81417fd8ec73c3bcba171474b030ca7ea3d737694acd121b36ae3599ba0b1f255e07de9eceb0a665c180659fe5007576f06b8255e2299ffd989c900c5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2da8bfb39565fb1df98c39ee2e60679

SHA1
8aece0fa3ebfaa2f979d1ac515c891d69a0aca93

SHA256
08761f48939c65b0a66bad141a998ecd142a387118e36afcec1d90d030931df1

SHA512
3e27e25de2671e464699029088c9bca8899afba51dee861df4efab75f7817a21ff785b4f91a9ce96a971d5b15de0f0fecd8f12d95ea529953c34936d1450b70a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e4a29970069d7858c687f167121bd3b

SHA1
b93af29e03f4db7644813cd0e5565b2ded02fc9d

SHA256
33c7ea4649877009cd469462eee328157941f4b582d2893069ef7ef237f8eb5e

SHA512
9d49778af72ebbec5f8ca433be0e2ed74711e4707e903a471d30d2bcfc9fd999bba5e645b08d0a4b0427ba067ea06ccce970f4d1629ea429262ef6566989ada6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02d90e5a88b74d62a19c3d3f90eba6eb

SHA1
42145d80688027c2710fb5e4be84bd2dc4cdee9b

SHA256
fd69f89360a227f086b7455496d25319c0fcf1fa44672b6feb6c9e1ead60ba4e

SHA512
c79818ea24bdd3636caa602ee8b10ab5ccfaf6f1d8f7cc2890cdea7e08f2ab2b696a1f606f5e1b2b698d613a639b8289d3e7e6c5d9f9bccc505c26f7d53b91fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae7139e447d12a0073acbfb83b7da05e

SHA1
741dd14e91c151403d5e662a10d7f82cd0be0727

SHA256
54b09e4b7e4db058b87bcfea89f8d608cf86051809147cebcebbf19223d48ec9

SHA512
7484e7a60e5886d7721148dab729fa9e15826eed285111a5aa92190ac315a6b5f7211003b2ff52ce330435d1d23bff1fb6279b4784a519bfb25180abba7b1eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c525080eec394459886c73839bc1e1c3

SHA1
d8e6233d077a8715a7a3c164075930fe0e0d8540

SHA256
32dbb8dda7dca082d836241ddca2f9b82f22b2b60336ffeee503a740cdeff7fc

SHA512
7492167e702582bd4dbbfb839ae93345530bcb459aabc5576dfbb5897186b2a7fa3a2abedd3920314e4e6b2b520cea9502d0beb265eb7c5544fe29811ef0246b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f00cccd048107738ae752a531df93ba1

SHA1
a24cfd5775089dad2722c94cef63de6778204346

SHA256
34b1ee0897decb4626ac9496e1589ea96a72d49644b570168984fc078697d1b1

SHA512
a97ba42b8236050cef3d68b4bd60c07e981b56138139b44c34d0f9aa9cfc8b7b653036838482f8d029057e4bd5f70b41ee9f46be7f3cd3cf704283d277817799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7593da86b3d8f9776fcec349d3f9cd6

SHA1
b8b68b6267411cf1c43c36fc389c65951247224e

SHA256
6cea22fddb21e35cc079792e8df7f5629e565377c29db13e8f4dcc0d09f84271

SHA512
5eb5f173b9f7c67270d8c6be8d07d1ce57ef29b4a0eee2fa67c918fd2d245ec3a6611962c0e5870ff65123cbb68629bb5afd824b023f33e8716bf2fa8b55f6f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
765bd7ad26c01e6bcb695d4cf98ac9d9

SHA1
42a5d683e81b6289dd8bad57903c08a245a957fe

SHA256
70a4259f1bb00cb9b36bd64e158cd9cad784d0d75a053ee34610349542a21246

SHA512
b721d11b499209c4b6279141758c9ee700c40873322830850c611866b92e6b71a61f7db264ac280907849c313f072146d5c6697a520e35e706ad5c08666a1631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97be649e7cd4cfc405341c3bc98be1bf

SHA1
d004b05dab5d07b24a902accbf1373aa082de26b

SHA256
cad3b128f85bf10b0d4cb1016b366eda7d6d292d6025e9ebc8e5f6bb8073d277

SHA512
4e6badeda635173b7ee882f4d109e558d9aa352399e22e9b50960f7180a1f99d0e068f0c6cfe9592a25203045691162718a0fa067209e3562b398841f9749c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c0eadfcd8556170610e54bf5dd8a3fb

SHA1
001d40023f2ef87ffa1c6a1b5f0ac496ed3b7572

SHA256
90ebe4809f8967185f7253e465e68b155ee78bad5882e50cd812e675490f19e8

SHA512
4649294730046fae9650bceec9e91d45cee2e296f0b3254a894e8d79be4997c37a372850a90adee6bb391a620936ced6567b4f5a9c823e833dc548e0a7c491cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1715a0864f16d3b1051e7459023f711

SHA1
d4f39d5199641672c36bc3882d44d9f5693bccc0

SHA256
3d2adf185a9da5b5e4469aff605aa4f50ac91f5e5762d67a4599b8c9a07357dc

SHA512
d37837f0eee1b2ca1dcee6f6868dc916891f9dd78ba390abc054eb1a72b2196e93ff62d8058e0e1d5933a7ba949ba5a6da682f232d9574526c1d4cdb21274094

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab90FC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar916D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit