a9fcb0479a7e1b5ae3fa669b76e63754be188184996bc7af55de4392f0213b8a

Analysis

max time kernel
141s
max time network
146s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

470d07e2eb0906f3396dca9784c27982_JaffaCakes118.html
Size

20KB
MD5

470d07e2eb0906f3396dca9784c27982
SHA1

b12a7163fc10b4dd4d8634ed6fb72ce2aca56da5
SHA256

a9fcb0479a7e1b5ae3fa669b76e63754be188184996bc7af55de4392f0213b8a
SHA512

6b5dd8981a23f3f593c9da867d56d248d2c258861c97d88875fe839952b32caa81049f6ced88a2ed34eaada1af49f06e6c30726c1cb7959a5562bfbb75e59ca7
SSDEEP

384:CanlVBbjPqoV+zji0Ft0LOzTQTzT+TCTGmvTG8LYqnJTydoBCUjr:nlVBbjik+zxPKPg0GmrGEJTydo4U/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{591AE241-12D9-11EF-AE27-76C100907C10} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ba8d2ee6a6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000b39cab1bdac19046163c2958f5970def59062e947dfb3f81a098ec36b8c2782b000000000e8000000002000020000000e55306bdf7629115d2b698093b00c7b83f12d6fe7c057ac0880bb454915b911a2000000005643acfc4fe453b0c5588ebcfb2e72ce97afb0b9aa5b93d1c309f69923343ac400000008438a22b3136fa577e4a7743f82979999af5e904f9e35f980f05260c51b6ad38ac831b584e18fda95a06e1b72b1dcccf50a080821b8ef38c30ee077ab3f5912c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000a060257e91ed9ad3b96efa200c963a28c9360357ebd0adfe4bdd2209bdb4078b000000000e8000000002000020000000a360e762c94558e2271b6359a24841a36fdadc07afedb9cb18db2a4e552fcf079000000022ee887d32a1c66df78d5b038d44fff2d8f30854f3158b353a1f81fd18c2d84e0fb131786c0e70cce23d42ac2b787f90fc5901be537a5e5e60647dfcac86261ac97dce253800873bdb2298f00d4725e1e4dc48c4172eecb419bb5c4ec7be6cdfd22fbbb2355bcba325cd448f401f22a8ba73239d8fab0c7d8f95a8bafdba12344c8d9b512d19b76aa9ac0a6f0cec32ca40000000e59060ac94ce6f5b00d3cd9f4f703a2f4e0e092fb92b54a88033c40671263c58bc847e72a978be598e605eb10078d543ad14eac24c090aae000cbcc136d7ee5a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421952886"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1752	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1752	iexplore.exe
1752	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28
PID 1752 wrote to memory of 2480	1752	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\470d07e2eb0906f3396dca9784c27982_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8315ddb2f7e27554695183d029545cd6

SHA1
0020a09093c4adb804159deaf8c2ee451825fe9b

SHA256
bbdb9d744aed93a1373526f737d7cb6634274f2efe59cb7f260bb5cb5191b78b

SHA512
708554a4d2418485b5f15f9c8e8fa2ef556109e50c57ddc5fb514940c48413074c8e94bbf8d8dd528b3ff30e8506bf48364950beb2ea9771b46ff2c4cbae7392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5f417c2184243d829d48b78f332f0bb

SHA1
2fe11567004bb52795fa6424f83cefe0c697103b

SHA256
1f96c4aa4c1cc3abe6bee9ec9e23af590560a8e2ac53fd0f05b48695cf90cbc4

SHA512
001418b034e252bedd968b134d62badfc27d18bf87b219af589a033fe87d1c1edc03d38f17a9b5d3bb79f6e57fbbf8ec8a4f3b6dccaf8ff4623fade6310dc7e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45c99e6229d536e829c993ed8d4de73a

SHA1
102fdc77a8b067f93a0f8e73c701103c144f87ae

SHA256
ed1f84d322389c82a72426cb1f4a0a1608c1365a49cb1fb41354c62d4f759187

SHA512
415265b3c0b837940de5bc7de0f951fc82cc65986552d71a24c326308df6305ff0a67dd57e8d55bffb0907c937fbab0c303deebfd3d04cde11a4f163834d7fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f87ce6049143ab1c5166b509eac58e0

SHA1
c9942da098df2347636eacb413fdc9bb4e303b1f

SHA256
b5d210ebe2f57fe591d7dd8490a1bad4624389339b9bc233c68763f84c7824dd

SHA512
51d4a2c220bc472a05cb1945dd6e376ce001d2752f1b110f56df1cbb339f79d979e53de1c790bb0439720936f9e2da61a5d3b024def6a25d25961f89bc84278e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a68b0b6766d6b74e76bba897843e8f96

SHA1
e608c0ab28958049bef2788e2e29dc9d94909299

SHA256
f57d38cc8befaa9738899e284e88abbd8dfebf3d80a08bcb53c19df193e1ea9a

SHA512
8d9fb5fa9f10cb7b5c75cd57c1be6561147368b24608c10393d765ab5687a15407ca1c887c300214ab6c4af3e96165cce19e1f35f797768592bca0959a99c809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1220d78bce8f30cebaafdada52996bef

SHA1
b899e229ef17d7adbe1f5a24ff5b733393726df0

SHA256
0dd7bf6c7446dde6db65699b8850f2356d9c379612fcf685c680a3672bf10a30

SHA512
72f1332dfa81af2a36153009d1df11f5ea7e93e7b7d4724d54143adf205b74ae11688474539b79f0c0c76a4b0c5de8a03aaf7b657c511f4a089e8cc6a7ec0a92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20fe2984c592a7bf6cce6834ff9a2b0c

SHA1
eae84ef42eec40b1dc9ccfb8929e77eb5f98326e

SHA256
7c30924d2efc40212225dfaf3b3ad7363cfbb50362d4efb10833e6c239d47e80

SHA512
44320fe73e8ccfa76a9106c40bc1ba54ab6d6a0c05adb9ed3e251863d102268d608589934f49614a938997a9351df143b2a544831640736f6c26697c46b6180e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b593311fc671fb13a607b0ce8fa8b66

SHA1
f0327e68885d7d4635f84444a6d2959adffd18db

SHA256
fbe223c10af2208f6375a33de47570c78ad95404dae11b63ca0311d4a33e2fee

SHA512
92e3351bfe950004233740415ffb8ed07e772a157efba8073099b6cfcf760d296ff7b46433497cf5f789722a6aedf0ec885e165cbb655e1cae12d98fdcdea47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a19d5c5cd3eb008670aa1f9084a16595

SHA1
c27d64b321d7db1269f3abe287e30d204b87c459

SHA256
7632deda7d07db29411986a4e28e474f28f348c588d3476f2b734316d03d8ce4

SHA512
4a38594b4e64ee60ce75448db77686523d78203acbcb59da2047f8b86064d39fbade40fb8cadb430ec1a4b9b1104534d695d1540abf6dbf7c39736b327628758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0826b39733be68cde2799465568312c3

SHA1
19e80b5e3e13f2cd24956cadd1f4dab61b21aa78

SHA256
0ef2e801cf3da9f7b8da5afd2fb8cae46771d2a2846c239f22222c232fb50427

SHA512
e50c75683d640737b2a5af5fa0a563eefa0528bdc4a90570d50eb5df150b0b71eadf77e0d34e06ad5ceb70d7bab63205ac4dbcb1ebb3a07a016c7a62da25cdfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2edb1c286ad1de7a558c7d243e0dd66c

SHA1
13a192aa86b837729b5533f56e1ee167dbf534af

SHA256
7ac6ea1e42759aa0c368035862344da2799732b3aa7dabb5f8a83f170fd0919c

SHA512
99a3796e82d8b088c3268a508511bb38004ed70dae59a8073afe1382d2fa79d9614a4dac001e27b6b2e28d7dac5a938969d1622da29402f41e3b3b93dc412a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cc3faf2001a68c1a0bac698e6d2b95b

SHA1
8674710d7d2e0d0a67d80a3af86cb180e1e7976a

SHA256
fa9c5b0175c3aca81a31fc098e2e24307f731b765c7d8680ed59c3ee21f36e14

SHA512
74d7e31e94c01d13cc14009325fbf1bef82e6c6b88ef73c5fdd7a4e96ab6388ced4be1b9b06d04656047bfc504ca48a4dcd87cf6016a7380cd611e665d1b60d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4b3e9949edf1b8c66c10d25c3ab9d18

SHA1
d6f9b5b034d1875f24092f35fa65e33be3a8396f

SHA256
e7b0209da94cb85f721f519ea21e173208e52c5a53c3385effcc06b48ab7300a

SHA512
bda32c02edd898c46478d967b4f8988860492d60b63176da1534809d9b724ec3333b767bf78d5691b96760d9ec9fd47440bb9d9d33bbf70a2b1e08f3194bb05d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c036a9399ee551d28e4d616bc655e600

SHA1
f5e7b2057eb2db00bf3b30dbcc7f848895c31a78

SHA256
819b2e429cb9c662cdbf8ddfba56fa85aa68fe6cffd6f8c16a2c38ba0746ea5a

SHA512
afdfde74b12ae8c4135ea267dfa3a98d69c70bdb49171ecb5da044ea38410e73230938e8e8e496816693f55d5639667b5ac155dd30d6a046d831f0ab0ecf6a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5980aa8200276ea24d4af9135e87a5a5

SHA1
1f7430e9c5ef0548f45ba64670ed0c7744f62768

SHA256
f20a4c2c35c7d54d77cd22e5764ae176a45505ec70647499226e0541f56becc2

SHA512
99fcbd776a5322bee1a9df94ca0fdc3112e9f06976b18c6ab96982fbcc529a1251271aa767b08dc84dae265f7da87dbe5fa759987f5fb043b4f7048da0e0395c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0f72d0740b4ba92162ac7805ce45109

SHA1
ea4e8d4df3b7a61b4270f5da849f3761200d9d64

SHA256
f670a16943764f36ffe066f69af79b093b4e862b76163f34242bb2c83505065d

SHA512
63f2d56629d761bed37941b84b46c3b38263eff5889a322a288204ea3d79c32a80e83fa750b12e0bf13b6cd9460ac9a795e9445997b56b00547817aefc515594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
846a3682b1849b0e68ddd530f3e9c4ee

SHA1
a41886619ce3875111e7674c4b897b6a5e73f1ab

SHA256
67d69f0f54cdc49dd17ff5b0d577a95e3df3aec3ac979fc6a330410f0fc34a69

SHA512
a577bd36dfead3f77a5fb68d1053aec9a75d46328a293d119b83dd03d390cac8fe51d3422e1e2a6c1f0ba068fd98fac32247468969f4c9e5e62f9c605873d947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10B5.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1106.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit