ca010adc0fda4e9c6254602d2a2a69bffbbb6eaa61e8743547ee2849c3147fb4

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

446a962d6f173f81bc12fde54f1ee6b0_JaffaCakes118.html
Size

461KB
MD5

446a962d6f173f81bc12fde54f1ee6b0
SHA1

82d089240e0cd2f5d66c66cba5ae1ca3d17b6202
SHA256

ca010adc0fda4e9c6254602d2a2a69bffbbb6eaa61e8743547ee2849c3147fb4
SHA512

ead581a8125333d11f3c0b8abf2e2688deb47f6d3fec0491a89c534cf5cb56172e5f65287a8750e3752dbf6be2667c42fcb3fe78a3658efbabdb935e241652d1
SSDEEP

6144:SosMYod+X3oI+YzsMYod+X3oI+YCSsMYod+X3oI+YLsMYod+X3oI+YQ:r5d+X3d5d+X375d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08303577aa6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000005dc3e7da350d0d3f9a9f2334a9d396703bfd240de3ba9a1abb3398bb76fec968000000000e8000000002000020000000f7612fe4a81b4d658e57cd8ae52d9972bd6dc19e6b872f9a2c4c4674e674666190000000855b5d0f08c7110fbdeddb0b6636eed37b80c4464e9f5fc2e397267ca97cb43deef597b9fd7ce76d3deba408a7dd6ec359e634542fd048048bf1a3dc2f6d1322b39eae72dd6210d9281731feabd7ecc7d65d1812307fdf08e4634be090bff766bf41295ce181bc65f25f6d549fe068f0801bef68f27294be19fadbeeef74d77e00210ddb124669c2cb661385a759735a400000005faea3e245c1b54fd9669ad7676ffed6ef286c69ff94fecb3f3d9dc8501a00d14279ed7ed9e7b92fac38c1fd95975ebd39116d808e139048ffc44c8e9c36dccb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421906562"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000008442015c5996300ef333025ef2d50d7a227a8e303061d64426a68392452955b000000000e8000000002000020000000b6ba7d6ff2909dfaa3b1377c71a1d67942e4fe43e4d04bfac1948353fd9bb027200000000d167d4928639c92a13ff558147934514270468aca9ff66d6af5ec81e0c19a174000000052e34ede7897a8ac93007a433b273a891eb4b4779339e74d1573dae4b31d27561bb80ada7f78b2fe1f07b5256aaead4140dc2093ef1dc3c73a437725b59428d2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E6AFA11-126D-11EF-B781-461900256DFE} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3012	iexplore.exe
3012	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2556	3012	iexplore.exe	28
PID 3012 wrote to memory of 2556	3012	iexplore.exe	28
PID 3012 wrote to memory of 2556	3012	iexplore.exe	28
PID 3012 wrote to memory of 2556	3012	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\446a962d6f173f81bc12fde54f1ee6b0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b333a4718eef0fa2e548e12d1106836

SHA1
65a15fbd5ed6d1670e973d03f360f64a478ffdf9

SHA256
a8caf2214539224de44a6925a532f9bfc5c4270c2a6a34c006250d6e366575c4

SHA512
504ebf99a4aa53ab51e6a527b3f880c7694228645fd0cb325b24212458c79119f4e251a919081d9b35f153927730e789c28f37a3ac026f57798cec900dbe4c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf502929fdda9080d75eac55a4e9d549

SHA1
d9b736d767468f433bbe24b4408ae557d681e34a

SHA256
55b4830c39da0a26b33b287c7eb3ed53d6c86fe02d02a107d7894a39d1d556b8

SHA512
c27e8d935f4106d99b872c76b1882b2810550f1a860e7bc5a375d9c64f3aa209a609ce6a95b8085e3e850974efb8621fb5d1f3ae47c17f595fb40062bff94124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61f55abaec2115187904bdc6af1d02b5

SHA1
033c5b8ce1b5c294e0dd0e3100634bc7448a4438

SHA256
e5120f5ee2374285e2bf02356a3371076f198ef81c3aefbb4ae5c098cc3990f3

SHA512
8cfa2ccb72515cf5e31e1eb1cbc61ed746094db54f317475aa0517ea1ca39208385c0f95f48edecc7806a4b60c5dd7487fa2e865326bfe443f12864408a3addd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d926550831d5cabcdac8bbc9f4c59b08

SHA1
34604445d633ce37d5bbdffc79458036f6ad4e61

SHA256
d663491007372626e8619b753fec1223d8bc3c7996bd62f4537d664d6a138899

SHA512
1a34313bbce0015abcb359e728cafb0d204aaecc89513c1a72c9dfa8002b53852dbf1fc4c509b1752de91d3e4ef5c4a5966262e3f109fad39116ba5779267620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9e1a120d67650b23706b88c020834e5

SHA1
4c791c1533611dfcd2acddc54c6f7c538dadbd79

SHA256
98a3eed15a42583f863914072f92ade16848cd2a0b92ab96aec1ce552078f585

SHA512
aae187b0d0243fc56ec91e35a4ca3b05fb320c1d246a30be50e30fbffaebea1edd362bd9852f00c483a37437024f44fd8ad713d758e5723fffe49b04ffb7c5e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5c36fcf9ebc29213fce1fddeec71dfa

SHA1
84d757651fcba265e966ccdbf814d845d36f0701

SHA256
237d3d5833b52d5c7d8b4154d02a8d24994c5413fd7349cdddafde0352c58dc9

SHA512
45be7630f5df48e61bb69982571a2cfd4e17367132903aafd1543a978013388a06c6620c9416579dda9cbc00f23b992ae2d615489eae57e4305ca73b73861535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62f1d4d608d3244c8c5921430f79f87b

SHA1
c21b3cf6997875049f7bd066601d57058b2c9455

SHA256
be57d70f177ca9e22e9ba4b9cd79c2be0096a3e87ca99011f3201f6f5e5ed45f

SHA512
8afca75d5168dbc0ff96a64c93941cceef463a921e6466fe967e0516425510eb7ec36d5455514c02281059816aaacd91269243d21478535d470ee4e0a3969159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3043bb71874f3a8e58f1679b5c06cf01

SHA1
c2ca2c7a9e239b81c3e8336c3c4a012d1e6af15f

SHA256
b4361c64aa376b70facf0694c87ef2b4d79d7d92f71cd0aa6d734b9537310ab4

SHA512
130c86e1680aa26dc5965d16b76e695b1f2724dc236a3df2d303ca2f1843dba0a94e0c2e9fed9900358bf334ca8964aee607b33d7dd079a9855c359820479de8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3c317c2001c7d53aede33bb8fd8a77f

SHA1
fe38afcc84ef2cdc3f5b036b3897063028cfced6

SHA256
a96fe2044690b95cd09139eeae88da95d8b46fd3a853cb26b411de973a044b59

SHA512
727d44dc21a933e0f00f1ecf989e95e228993d6cc9b95af3be455ccde0a599bf28cb100ba49ce3cd46e7742135c211a8ac769da3751e47c2fb16d19c39344308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5575255e62d4b4b89f8da6cf111acf2

SHA1
fa5f693775d4d52eac3ef929760027bd30a5ea34

SHA256
57a18b5918d2989b88cf37f42af8f878926ff3f64995b955935d8ee59fa2f9fc

SHA512
a40b6d2c2d9446147d8a80a57c67daf8e0f99d375999e17ffd891f07b78db986f4dfc3314c55cf29739955d8a04fc26e055c451cf5f71044c2b9a531b3555471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51a3e2179c349c54ce0d1eb2849dd965

SHA1
65e7083ca72584435abd727f4b2fe9f07550a6f1

SHA256
b22fece6570c2bfd656cdd3ccd44c5cc74a063d9d353cc365661d9bc49d0bb5e

SHA512
2add2f89b5798b237837cacf013d0c0cf6ec5fb57f4acd9d0c6f951962076a39cbe597ab1ac729febb5fc5bfcfb558b4c0efc024bf1ea7bf4b272743f291bc5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb76c654d154aa33355f5d8eb2218f0e

SHA1
44507ab04b06bd19b4b389b8208deddc407c4d6e

SHA256
b5396da25a6679eca05f9222fdc27d2656f76259606eb6c5c6d4e083c5e55d86

SHA512
236077778b5d853e8ecb0f0fedadc5baaa5fc6e7828f6e19dc48cf76cfb58664f6ede00b119523ca4c91ab4418fcbe4dd90eec903cb3287b38123cfcd87880c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b18bd1a4cbc16e59e3a967ba91047f7

SHA1
e8033d16d5b2673e03c039cf4f6cc2cc0e800763

SHA256
f79385bbaecc3edc485e0a869ec2167d464e2e605ed09df4dac5674b2afec21e

SHA512
aa53fb1f8536e1c896f0d488da6238a00a9d18519c2ef387d0f0895d42f8699d716524cc6afda1fa8744778498bd6e3e2a86119bff278ba27189fdfe074cfea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
686242bda72ca5eab20ee0935472921f

SHA1
75123ecf5350ae7ddbe1d5d5b76922165f3511bd

SHA256
d42a4769390ecd0f93f10dc9356e232d4bcf6b823f0fc9641f85e75365e6b6cc

SHA512
f130f231966baf534ddbeba342c240b1fec683ce791fe0a8dbd211cc16c47085468abb0ed98fe35fb44ae1450f46bed148376748e2e0fb3c5c41e9e8171bea1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab44A1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4512.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit