4b0e031793b44b2b1e7c76bfea7f17d768918e1370bc7dc1b038ecef8d33b578

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 17:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

474cedc0ba5d35630ba0493a81acc542_JaffaCakes118.html
Size

51KB
MD5

474cedc0ba5d35630ba0493a81acc542
SHA1

26e1e912ef87a4409104e64dc0d4cd2cf1b9aef6
SHA256

4b0e031793b44b2b1e7c76bfea7f17d768918e1370bc7dc1b038ecef8d33b578
SHA512

a9f6dd39479062caeec6e7670b3d6ae613a6c728941c1b8da6fb0f3208516b25ca26dd529abb5922601f0eb59d6e7eee613e8e7bdf775671821cf25d296174e8
SSDEEP

1536:yIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZ3eG:h3eQiC59NBS78sw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421956916"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000075ab85cafe52e6c62961a284e1280f472cb8327bb3ceda5f2aa6a720623b270a000000000e8000000002000020000000fe65b157c866ae32f752b09a278f326d267fc407f56687e19145e8a061e37bc79000000041d08710fa3dde582cde7856d790ecfbac60d3a4dda963cf2d7e448b7117dfb5d106bcc73243609fbb554ef0c19439272329e9eccf82ddff3f7ecc73d9fc330bb8e90d096e4a3f4ce190dadfd149d53066a51668d0154197f043ce76f95f55e3e71345d4890110f0776c1971bd08c0e13d13ab2a4639668bc80a658e76b4a9058376c49dcfc2b21b9471bc3e1715e9fb40000000493ed63a4a447d9f27315e57caa7f58ca1fd7afb14e19b15f96457b735500b8d1850b181ce3d09d55516c4a33e2af636756a2ec08c2e903dfcebe5d8c1026380	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009e21b7de0290bbb699955a9656df16d3b0e1c505fb4e3bfb7d7dff96f62c2779000000000e8000000002000020000000ec8f2aa7485e0c473097968777a7764c09152c3a5bfa84ab0ad49a9eefb37ee2200000001a4e88ac8fd277fca9fd48266ec69fd83eea808f15e8e790c09ffb4d18a8da83400000005dc79a08570df7191cb83fe40efcb1659d6910d4f3952881ae051f0c4b5012a1b2dfc1676ceefef09326f93afb11899dc132746bec759636b416b7e288b8adef	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d078ff8fefa6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB234B41-12E2-11EF-B97B-5630532AF2EE} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2412	2188	iexplore.exe	28
PID 2188 wrote to memory of 2412	2188	iexplore.exe	28
PID 2188 wrote to memory of 2412	2188	iexplore.exe	28
PID 2188 wrote to memory of 2412	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\474cedc0ba5d35630ba0493a81acc542_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
380c92fd2ac86e6322e84bcf6174b8fa

SHA1
c9e81c88d7bdc5fc682bb08dd9c292ebae74e6f3

SHA256
baca3fd9d03aa678c8497429e27f8d2bcf3d8400164e7cf3e07e9629f4bdba88

SHA512
bc8ad5e99c3194d32e8e4e330d07f9a7d467b16f03d6ff25f69785f97668c4ad0b2f5e4756365bdba524dfc10c0eaf42bb66c865647a89b693aeeb3ea24067f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b918e03d93e362d99e85f568bfabfd2b

SHA1
9898d57e477abcf1668eb99f556fdfa935a43c67

SHA256
51af7efe9dd40530b9d48e120dfbe6ef0c1faf15cccab0a6280848febf57e071

SHA512
c7f70279748f0a9bb37136b5aa83057e2f151b63155ba31f2165430f4797633a865d70dd173bb56d71012ab9723423b2bf4921100b47cab7a3bf826fd06ad6bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c404f5335c408fdd5e03d8481781eb8

SHA1
ef22900010288a332a2ddfb4aabb47de1b79bac9

SHA256
375420b5d8de0ad27ab50446e7587772e5828f2858954fa0cc202a86ea3fb484

SHA512
e778df737272580295d4ea80e6104383ebba8168c481bf0ad510bbe6d185238ce832fcd006dff6344f1c3426ec764517a7740c5287c7d06f456c996cf479c50a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7739bc932b01b2c06dbbb76d0b6f22a

SHA1
88d287d471a786aab8b82714e29d041d54643f65

SHA256
fe95ee4948b812ef49e85ec8111c0235e9a15ee8954b48e40eedefc9b1201256

SHA512
86ba9db773eb71d54c7a092315879470f6da1abaf592e3dfbc0babf9d649a0b465dbf1f01391226aca68e88eecf0bdc29d2c085925971bb22bd6e082341ec915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3d20d8786280d4696240398e4132b69

SHA1
c54aaba999494cc8a91f6348a40457109e62138f

SHA256
5f22d1c9232fb97738c6e8f75a0c4a2fb36753006ec4c435db7fd1a47c48e282

SHA512
f04cfecc04ac7214a070cbad486d726c99f92588e2d419d76ca1019308aacb670c58de23a3fe202fe2678fb5818ab3dbd793d8a88cce60c5f7f258a4e45689f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec56c6c965732d9d4e72c36fc125079f

SHA1
630448be7b72393d0bc31bd8bbbe1d2edf9fd2bb

SHA256
84e1fc84a6ee262234933f35c295890e72ef03f6b19c0295600ab3cd5b27c4e9

SHA512
30500f7b9278d7dcaa2e7ae1b68cca5590c21ce66dc48d9a24be8a10cbb716480e86bdd578d21dc8d91b51ad07ce89d53179dd97667c027bac2972798a5999b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
828ede6c246738b3292cf4e03d452b07

SHA1
cf49b7f22558640cf9fdf26ed5573852cfa8b0e7

SHA256
f53bcebf6e506ea78bc99f90119a5031090b523c9a16207b792b63fda3fa30f9

SHA512
d4080dbb898a05444e516a53deea21f03580756d3b306251342744d11ef91e7490641f2f6f4d61c53f80dc4e131a2c6f1e12e32a1c7591fe3c95dadcd8442a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d6ce62a8f45e174e21db1aa4473ebaa

SHA1
16d25e6368bfea77dcb92bbfc3e0cc8683897c64

SHA256
ac7b1c3db8ee13c4a26eec9aa611b13e0e04f5f679798f02b559f927310290ad

SHA512
3d82df33338b6c89fcfe0c33005f4876b50c3b4e28df7a959be3dbecfe08e6021c0c43e51160713e28b8b328a4366e2c51c498cb08c53c97ded80fa432fde549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89300d7e5aa04c5587d70fc345bfc58a

SHA1
e498cf42648488731b3204d43e987bcf143cb981

SHA256
1ccf3225c91bbf795c1f775170b288df55d764acd52734119fb714eb7a5083e8

SHA512
e83ff498fc832a2644d983189befe1bef0c8659afd312ec344d0b87f18be7c3b2d19e4717c74cac9eed0a26cae983ab7b6870ff7937a5130841936f1b35a8529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b671b42d4e0f82918890dabd66a8a1e1

SHA1
c78cbdaba1ec98d98d5433ad1476e147badd8b18

SHA256
e3580a133f676bd37f683e2ba60366ffc224f6b2f4968cd152fcca0328e399d6

SHA512
7f00605217fafc4b3113177662f7c76cab7c754fcffb4a4c37c644ba2e7c936bf16bc1220e2d772ad58bcfc7368bca6499e96e98d19ea991f1983301856cd7d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fdd964c6c46e214a41260271483b813

SHA1
669178978ebee5d3ccf53476cfe42ca3845174c7

SHA256
9a4c76b30e93e5dca0f2ac34b947522e33ec9630fbc35df4a783bb65757cccde

SHA512
2c97860aab06630094cded5aaddb7362ad2179040e25d8f9bdaf9c63d143b6004644b7ce9bd57bdf65e8c623da613b8675acab33ea8a47943582ace84a42dfc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9425632804dd06a2b6aa7d2709bae3d

SHA1
b994b410d22cc75755805b264bd55918f999b253

SHA256
f90a0990c03ef49e406304940abfaf6b53a3e7f6725dd3a41a9a82a09eaf10b3

SHA512
0be676f6300bcef6d78ad2169ed782bf8a354d512080be7fdd6d98f8dd0c511871336e975f3ff4a23244d272248ecc0ff69a357639c378677756cab9a35c88f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
671240b03214dc5efdb6f2d10c0b4248

SHA1
e12680293bbf86075104a77375d94985243d6304

SHA256
54b246c02ad0835333e5c4dea9c5e82888d419ee9ea42370f18d343ee31b631d

SHA512
4bd97fcf9721c9f73605dc4663a84efe217f167db6b5eaf3813ec46d5ce5347e85b15725686036df68e459134c453c3ffd36b71549e56bdd5eccc57891434f55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcb635a8fe371c3beef3048e264158ce

SHA1
11ff4918b48cc799af43ceb48c49fc33d1ded151

SHA256
3a24a66a8d35cbcf6718790efc397ed3ee408cabd25fa2c2f72c548c665da24b

SHA512
63966c7558d020517cbe6d327421901514d3a9ecefbf04b6d9ed447342d4ab4ead76a87a8544031a05d88f80762ec295a1e878a117ffec5710567ff185c34248

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bd62d9ea0a2252309777c23456a4d3d

SHA1
4d5ec72a0d3cbbe94105e6ac5ee553773ae69c62

SHA256
17fb6387e8753c1022e1e22f7666a42ec8fe3747271a33d0fa6222be9badee0c

SHA512
35605e4e7dedf3974c61345c444130ac9c71c86e1e780c0b68f84f0413cbcf4544fe2e0d1b8789e9203cd1c01f0df1554d60729a29296dcb858b6ebc6569eb54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b16e56ddc26eab51ac6244e01205691

SHA1
4486bbcd5be941a5fcf25f59fa8bdda0fd8849c8

SHA256
778522cedf8af39eadb8c360f06c00f6a4445e22233aaad0ca643c516fbdac9c

SHA512
9bfad74cbf902faeabf76f422fc6edf677616ffe1e044ab0ae8049721e871fd55eebf5c91e9242829580d615e6c90732bda7a2495df059c56ecffeb1dd7a947c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab426E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4271.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit