6e65d05c7a7c7df32b1fe5c14ea802b4e00598022ee4237abcad860d24ffc4e8

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41ceabbe5e87df674e59fb0ade777447_JaffaCakes118.html
Size

68KB
MD5

41ceabbe5e87df674e59fb0ade777447
SHA1

96061b89abdd6d1eb945aa9c2b8f9c2b3d51efe3
SHA256

6e65d05c7a7c7df32b1fe5c14ea802b4e00598022ee4237abcad860d24ffc4e8
SHA512

2dc4a359e07b85743890a1d2dc54430ec5efe6e1414eee30210b91a04e88da9210e478482dd0cab42e94efe48fd42f725b0bbf7e8ffec4b87b608cf965669459
SSDEEP

768:JihgcMiR3sI2PDDnX0g6RWjJj5yroTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVh:JNlVj5ykTcNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000377c25ab247d11685651f9884ada8a1a525c9c4f237e22051587351455db194d000000000e80000000020000200000005e98be4c644c20b9686b97bc876ceaeca922bfe43147736146d4ffa946ef8390200000009827055ab129ef3a9a23f71038a08804bb867237b61e733e99d39eb75cbd86c040000000665f3309061ab5c0a797d1c42862d6916edc06beb40191b06c9d06cb1cd89c8d7876d035b9c18794b4a2c561468987808d19a4c9f8b904b8b24892501cf80235	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000005938d55d46aa4667a401b494bcfd83439d0748e16d380e20ad982f4d5cfcd0dd000000000e800000000200002000000008e0b7064a560875443719d233f3402c7913ac9451acd4afe5d89a0d6c0ff1839000000001b2a6cfb5113e93e6c831f6bc4c9b2509b941b9f6b5f738eeb5088a3f3478f3c84c53c0c5c7ecccd6d69ce358afea74f53a89ee8a5be4fe228a38950a2f4769ac330adabebbbfdf22b2af23b65f2c9e8c0ad17a16eeceb6b7837a2d16ac5775ea7e3b0ca640f3b9bfab75312a73889bf427d1a4d14847e1b3c2d3e21226709e56e498867973bbe9850a84dabe2c2d8540000000dded3d3704a29fcb7c0ac045a31eeacd5fd356e765d8a57b2a078e1f847556e8405991ec7ddd63fe038359d0f6a4c07a1c04174f82e7859d4ab40fa86ddd769a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4457EDD1-11FD-11EF-A499-62A279F6AF31} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307ffb180aa6da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421858362"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28
PID 2000 wrote to memory of 2516	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\41ceabbe5e87df674e59fb0ade777447_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc6321eec409b1e048aab84e871925e4

SHA1
03864152048dfe4dbbc5c2275633f2604bdba066

SHA256
6cc4a81e26336be1c24d115fe95d54c549c88fb106526a87bfdbc4f8407a590a

SHA512
f51342cfe5504487881ac2c5230f8766dcfda7bf8ab0223400e0919ff9d1df89a2dea08613d07ef5910338618346baa4264d56e14e839a9ce747cffdeba907be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cfeee215bda4b94a36ab5923bfb91f9

SHA1
4dc438cb244a2b7e24f26fdfec8bf31640c21063

SHA256
7f127ebff2d2cfef38516d521e774cbc293549c042c4a1d687e31446592321f1

SHA512
6bbfbf0c968fe4b311796bf96dcdc3843be3e2fab8a4dee0800995b623be4c54ab49b608309921f69ba04cab6bbf2ed9114317c340464789cea39463c6d7ddae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1823096bffeda802cba01449b4ed21d6

SHA1
3771ec9b5e8a2c5249b7c6bcaed03a89edbdd3db

SHA256
b68e39faa4374712e69b13f247f690da1bb4ba6bf2e8ebcacd9b0edca2e86571

SHA512
7aee1ef851ca2cc06b846e7f0bf86a08dd49ad84a8be9496b9b90ba9d42f1b1158718317ab8878e98a2bb2e093398cb719c3c967d3c1d9eecad63c8832d2be8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59df9768777f2752d3f2063ccebe3df8

SHA1
f6cbd3d741996cf2ebeb56a845d6135e2e58d996

SHA256
b57937eff85630c786134d4024109f24bff424189bf0a04d31db424e2ac9d676

SHA512
7c461b68fbd6dfee08d1856fa96de605b529d05c076b148eec119fa7bb24dae9f158b2b25c966343a885836c4951da9b62de72452d56da5fa784ad5ad9ec1fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ed44a5d5351b2607eb3c2db109a9392

SHA1
25b2640566c8862a7fb1b7323b98272806bf89d3

SHA256
b1f3bc308f4e5f3cff14327032d1bda761427c8f3454d0f3ee02eba1553f4fee

SHA512
a0dad42d89830809a5a370f3de2cb7cdf0c1cd9e7ee2ad3811a7cfffc0e6348cc955a389654369238d9c7d994057524d60e257ec4fb92314855ace1f50a896fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e30f17e7d6b9e285536558e1c55dd47

SHA1
bf6c63237b4f831fa9ca46a27ab5f4d703c2e297

SHA256
19fea5b9c4d91fba369116483986321f732bcefc018b6086a815ce0d6b5164a5

SHA512
a98132f0a1859bd2c2a33b00ccd8f1ea3238c5714d5b05ca69d05c9b0f3e027b4f4fbadb86e6512759509ddc0c9a3a1d2956239ffaa10f154e69ad3ae84be634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7267331fb2223d688455edf1ca42b41

SHA1
801f496b56d37d946fad25a0641451dc00c28884

SHA256
1e43ad7f7b593265bf959498f143e2b5b5649f73746d22a810c3c9e5452e971c

SHA512
2b87359319a9d944b862bbdfe5fbf79f9034a1e374042c5a9c15c547f9778c17e3534c566d34d96ce6065ccc2ee37bfaade5594014b1425525b318ca7e9e4723

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4fedec96a0206d531bd0afac125de65

SHA1
74e2fb9c3a01f0d8d1e27b48e1582b50ea5b91d0

SHA256
77e7dc785f72945f8e68fe6ce3e7ec8ca5106aa65d1ff12e65fe9647b2cfab80

SHA512
f7ce64dd34bf1e1ab806c5fe36ae3c32bd5318c2b8a7b97c189351ad8c1ec841cb3ee5d5333202849c850f1833697317070c02a24a7fe74d4de2ac99cf71fc7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f01c33b6406d95eb47cad1c76eb942a

SHA1
b2178b457e3ad40c02001377cefde3a0ce051e47

SHA256
bdef614f29248b2e01d04a73cb35b9d3e49682402775bafd45529f49c03dda35

SHA512
01be6bcb811e3c943b98678d658a2e7daa23f8992997bee1e19a73bac62f81e332a074454f8eea72398114cc8f782427b877ad5f01df8837355b3860baff62ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b15861ab70e05f9d6fdcb9ab80ec22c

SHA1
f27a57a6f15904129a41948ab2be7048d7e14a72

SHA256
05760eef06ed57fd9a2eac0bae0b531bc300328154f253d736a3b49bfc9e35c6

SHA512
37d0063301443676f198313adc2c06357266adf108d9d127269c232b64cd995530f8b310ecba661b16097030a6b56e276d356ad35af4cbd8eb1e57920c7399d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a57f56cfaa3b9d16c3a98ec7de2d779b

SHA1
d5c80e73d30365e393cba8cdcb07464b7dfcd8ac

SHA256
18c4772d6cb517deef438498df762d97b5705355f65725eb50e6559415657d56

SHA512
fc2ad3038379ecd79ca75be77dfd5ea17c6675536e50c4c3b60092c14cb3aecb7d66531054f5f1ac6e429d54f85f12f0741ee6a7ffc81f0f1e180b7c649a5db0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfa5483f0e2acaee0d04328ab266b59d

SHA1
e860b2faefb405dbeed54dbc4c967b5cbced0d0f

SHA256
4f82deddfe5e3a9b03b4ebd65286b025ebf97d1c11ee4bf37e29ea685f4963cd

SHA512
30b84dbebc9189e4ef0f3cae89905309719b6392944f2270f979f4fbaf494577e590bb337d8a349f3885f2006eb54b43af71b39b7186b1f80690e35df367d062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
333671d3a4563308209783d58e79b759

SHA1
b3299b9d6a283801e8670b1ec7e823e98ac1097c

SHA256
67a910467c89922aaff6ff658d3d0332e04b194016b3145528c13e09275386e5

SHA512
efefe065cbf6ea631e06b87f7dabeb48ac9d86c6cf1cb695c741279222e68609d17faa4d55bb71a7dfee0a5010ba298bfcd3c1666d93611966b03765ebf32c7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eefc23fea292b60c1be37e5504481930

SHA1
ca59e286d0b568afdadf1da8bac0dd81073c0980

SHA256
a83477965aec68e2c990962049319e2092fd6e99cfabc668b6a067d500242c5d

SHA512
e8e1375a456213e50d53d85b46f0b145de0dc95b05bec3c053408744334534a25286eb92dbd3828237812ff2dce120e0e372dae5881f8028276c9182a2c5226f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fadaeee98d51e628747c79f04e8051f

SHA1
5e15b712d93d9c418b7912a8b2045e9bb46069a7

SHA256
a7a29192d2377b358e66c94698aadf2e44373366abaa869c1e29170cae95ca3e

SHA512
24744c33fde06e55c978575ffa980a4b4dfe3022a882af68e29fc51f3ec95ff073aa4f1b7380ddf27e40920ca11dbdfbe45b4b9f0ad5386601a06b2d60a5daa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b5bd7efd41377ba72f9372f4c561fa

SHA1
de59564b994eeda32f96e9197ba15b2a4689ad79

SHA256
b91ba1507f331e888ab040a30af8d357b4a42385caf3c257beee0241a4caebc1

SHA512
419e2d50857a4bb1ab000fddd24a1dc4e30a3a6d95b8fda65bb5d6894006cc294745abea0d705fdccc85422bc436b349c4ebaed0b70304aff51b70ef87035479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D1C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E0D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit