d336620d2be95f1e30af75f2e5d5e1bd64ff84660ee37387bab4a90b8627e2d4

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 18:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

475de6644b9b6ff076c2733d6339401d_JaffaCakes118.html
Size

204B
MD5

475de6644b9b6ff076c2733d6339401d
SHA1

b1f964f1f79e79fe9269966c3d9c0e8aa5462135
SHA256

d336620d2be95f1e30af75f2e5d5e1bd64ff84660ee37387bab4a90b8627e2d4
SHA512

0728bd7bedb1f763fcabb3b0e59b6e5830fa2b934560af7602bae9837d53fffb9b4e0df905292318bd184af5c3b402565969f645e5ac943b50f4508db6f89e3c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e78a1df2a6da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421958013"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000004fdd5f2641cbd3793a029b918d4956e8e1759843a48e242103cc844051ef885b000000000e80000000020000200000009cf3e6410b3a5b61327776419d40e67e0aeea984d497a9cffe86a4d655ad814e20000000c94df7eeba6fcce2021436858ffb211fa9891ee913d09b8b1bc63b209589a3bc400000005167cc8f0a4c031d3c4fa5602ec97437e6dd52793b061701ab59f913224ca6621b94c3f855ce50fe1c531a0203764a2fe4ff2c59cb0647f52ccbf95be9658c30	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000747f48adfb6293c94061cc0fba2997a9444d38a978200f95064759cc22de9276000000000e8000000002000020000000863cdc8740857f790361518151fbed9f904149e077ae736650839e23214e8f5e9000000078469b0247e9e1079d16768f993d20cf672377dfb0c3c1db7dff14500bd22a396fe441eb4a6a7eaa58d425cc130063a9aba4bac69263414c8ce2b1e638e1ddccce2cd21a21e332a896bc12f7dffcb42c1c945c34123b2f684f83fd310208430dfaff1136f17f85508316bececc157f856953f95f3962cbfef9b6af106bc784ea1b8f5a76ef19fb7848d55871f80da20440000000a673b138107bf1adc4deb771d600137ac3f8e436debdc8501e663ecf3ff9d90d638ea167a0c4eedc578e83c64a626051675afbe2036c1c4c0874c2e14b401071	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{490B8831-12E5-11EF-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1660	iexplore.exe
1660	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28
PID 1660 wrote to memory of 3068	1660	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\475de6644b9b6ff076c2733d6339401d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5634222256f20c4346f04d8169f759f

SHA1
3944e4cb4ada0e96f4e6dd36c423f0eebc6c4055

SHA256
c25c4596799076f78dc9c7d6971bea174052f730d1eeace9029c67280fe2753d

SHA512
e888e37a5509f2c61d14c664a19524a893e63e4c6466a3f441613803dd7a8800b574ce77017969be2fd9721b08ebf1e958829c01a931d991152f13273d9dde96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee7ff0eb7cf101fd7d2c65d0a8a36e32

SHA1
469beef19d802e5a6975eb5b940d1e984fb2908f

SHA256
efd7356ef33c29a379c2c9a4236b44a0a7108978bcaa896e6638ae73eb928421

SHA512
4a33bddc4babeabf67ff6b882dbbd07275c68f84a7290a9f3d32bb8d109315a2b1fd5027ad8ecd218a73c76fef7318f12bb48b7408dbf5921e43e8dd107e6923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a86eae67ebc10571c5969136498e0e2f

SHA1
27db510d750dc0f3cc8b1da73acfd0f0cefbb2b9

SHA256
3014dce655c99de43690736a4cf6b7e48a463575e4248593f1fdb416db98d532

SHA512
252c4c42d261a92d614b8c318427f5f86e11f356df0d616d2652680d2c2ec73cdc4371a4babcf664d3738456afc335c06545e6f420f8936a8cf0f7abd80b8f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
871fbe380cf67b975daf0572b7290e96

SHA1
4591bec5a9a2661d27350778b2ecddba5bfc6a83

SHA256
96f4c6b887715fa518d297c1c382a998f1094b4a4f22925c6d57b0c45e79d0b9

SHA512
693fdeab769acc46ce254e6c6fc429919c8d58e4ed463f0f92839481115c1632f3a2a8ab329ce537d067bcdb46d64033773a38e7cfe47e15d2f0c12a538af351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f463981a6d99f880777ae34d3c4ab56

SHA1
feacb1435d887133a592443a94d46b84f109412b

SHA256
c0c1f2339e08ec76e852786aef4d3de60fef9ee1509b240c8cfa57dba8df73cc

SHA512
cf2748414435e0c56b05a91181275b17513c8a990ff9cafa2852d9ef7f1e3a30c1edd816e1209e4b39d8f4a3f0e6f44bbb7dccc215020d6c8017a3a8c2b4cd61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95419f22ba07626ca4f1abc69636dec9

SHA1
b2cdf8d7411946540326eb4d512a26b9a55eec0a

SHA256
0840f80a2beb48192b69dc01b9ab9ac99aed0cbd21b81eed048f299d80479cc8

SHA512
0295c8eadf39dc5e12d75f770f2f827bb7af4e02c9919bd2a8120a810328138d2f23830fc6df9342eb7792fdcd60fc24635abc51eec424f5dd03cc8445324968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51aedffeb17ecb204fa4ffba8c97d1c8

SHA1
64a42ec21435c11e67e98cbf99472aa889febbe8

SHA256
419ecca103e5032e453adc56334797245d7edd0829fb1ccb82835baa3e99e8ef

SHA512
14ee3fbc49ccd38da83d65297b21c951f3f0166766c72b770565fb51e1565831df7388a843d5f3f96c6b9220eb4bb928cd1be758636251f481cbf98505ebf97e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7127cb8ff716f7ef17023d49f252a947

SHA1
9a0dbebe2792831747036b510e6a374c7582dd4e

SHA256
b8ab7cc6959f94171d0e5e750b0d0f8feb421521fed51d1834c541349a6da86c

SHA512
fe4153012629f95cdd7dd88eb7a038ccd5e6ff13477bd50a574c0a4fa8f6b22ea522b6759da26ca4e71c7b8f7740446bd740af8c1a3d681c48a8730571a63859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5a1018685f826cd976e1d41232b1faf

SHA1
0bef2976ecb71aeb55c9a00119b53ddf1da7f5f6

SHA256
d8ea3833368d5b68cbdc92527bc1dc2ab1fc4a878d0f8c09293a1399fc819871

SHA512
54a9eb1e20e9de88176c878bb2b38ba9ddbe17f5a0890f0e523dd73493fd65b1c13323f4ec255061719154277312b0ebee44c27292578f9c992ab6138a7e4af8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f88b5124383cfabe05bd0607c4f33df4

SHA1
2bfc0b384aa1dea3f06e8b979f6ee1e4194dba4a

SHA256
05c7750e6837ea7ccbee6c3e836f8df84d58b47df414d99d9c7359046252e49d

SHA512
a2d89c16c9cb328da362cff326bb7ea6a289c48e1deb63ca88d498eca04d13c8099088ac88039730435391760bbc197920297f4c004fc84423b908ef1206cfb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7c6a0890b9f674e5e5435acb2c4159f

SHA1
694e0b2bbeffb6daccd2ca48d9a0e88e3a595294

SHA256
5056c1070bf5f9a4dcaa1ecc68ff26cccd4153987b3c27a3e6a2cbfbebbe0bc1

SHA512
abe85af1b76a2f158f03f5c6e39c6f4e3c94d2aeb1ea2791268da001557e81d756fc8c76896ef402f103aa5de97e3f5b55f551c1e880b26e17124244777d0195

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4592defd28666f44b620adce0cd42025

SHA1
478779411b6326043d605414a16d4a772d0f154c

SHA256
a58d01d2e090261533c47ee7d49a967170a339b8bf2e9e6d1316b22092e82763

SHA512
c2c8c871cf99acb6486b0567097e966aad866802a4c627455a4facc598dd66980ae04f012b57261aae4838c41e4653264d257bd8671750dc888972901898af42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb01c031fc9f05cdc024b9fbeb02be39

SHA1
3a7192d6a659d8c4aba7d54b153d514873fe29d5

SHA256
05550da09c61cce207265d2ba14cb832733d1cf78a9e8ed7451a94d9fa5c6969

SHA512
58124fc5e33f5fbddf2cfb0f298135e755ec7a0148f8ed1b50f02d65cc82f61e18fee939470bedc38906f26489536ad4d50d488cc4d07a6731c30e9e6a2dfef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
733d96ceff01938b71090bef4669a962

SHA1
03c7c0675894f0aed5d0b462d26398c72d968d38

SHA256
d02a8b00d8c84826d21ce3ed73079ec2ae1fbc88d43da6b0d907f9b8ac50a69c

SHA512
58e07a5766f6fa518f9f020e547d41817de0986aa47fd68b7cb07c5bde85e16eae16273516816545b85449ce42b177669194499c8c0c6fa8f7c41c5b907db72b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b338a2de02014c4a43be09493e1c866

SHA1
c348857ab686c3ef5083f3aa2794bb38c7efd135

SHA256
c0689c8c7125fc7ccf3c6a0daca8708301250a0562d36ca12e0a5f152e6a32a4

SHA512
7ef35817330238a2261da476caa2363d23edf2403dd628da66237f748b65302e47fb85031acb7a3c54f7d3e3c0b1ace6444e20ae4a9cafbb294d8199f5b57bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2AA1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit