b526b47d124c0d2c0eda1260d82fba72f14778701b81083d75295af7e4bcdd2b

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47f8f3795b0cca28f5e4cf138afe1c12_JaffaCakes118.html
Size

462KB
MD5

47f8f3795b0cca28f5e4cf138afe1c12
SHA1

59ea53f8c38838f17df2d0b515b34e997375cf28
SHA256

b526b47d124c0d2c0eda1260d82fba72f14778701b81083d75295af7e4bcdd2b
SHA512

83acdfed91829822c00ac26ecd09f9f9fbb2885d753084d22cfdb78b865b6a68a11bfd5d52f0ab4e7505961bfe8786ee993fdd34fade7d0c40bcdc976ee18759
SSDEEP

6144:SssMYod+X3oI+Y5sMYod+X3oI+YFsMYod+X3oI+YLsMYod+X3oI+YQ:X5d+X3j5d+X3v5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6002E621-12FC-11EF-B8F6-D6B84878A518} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000092fede589e212def23e4bb3120a6d0950e6dd52f03c5d11f98d6fc9fb47d7432000000000e80000000020000200000003c729a731701801974ad863a8c68147957da1469e521c64f770412498648d6df90000000c8e2cdfc1ec8ddb8fc46e30cc302ce1838f744a62cc31ba3287fb794f33924e728e59e7290f0cffdc508c47accffa7961ade80a065f55149f89e0ed19aa7fe97b1c9606a1d56c80a091548da0236384138d0507aaccdfcc101b3e9a0afc665d0891605382447f8b0134f39165eb82ad6968178d4da72ef82f5f9a2fb8f2e720f928fb91880814c928a83f9cdff971b8b40000000d06b9c4c64a7f4c19fce809b1efaab7966bee008ec8c4cf198a2a9c31ed248c54fd9378bca0d85bee7c46e70a07279654b38d040ae2fedbc8db8dc6f91a0bf6f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00398e3809a7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000006384ca0ba3033d3174254482305813ee4664d48423ec84af053d984c3b349596000000000e8000000002000020000000dbf2b73388a01277499cefd804f2b9b9172c654715564fca4bc4d1aaaa7cf7ae2000000055e2428edbb9940079e830ea73263ea05ff16a2f777c55156cc2fcb89f851192400000000999e769d5af1ae4db6f27c398193d9801b7fc03a9d4cac4291b5e71106cf1d8edb036b3fbfd956df6ad96169d87770df3acee460fa595e3d3f75dec24b09101	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421967929"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2988	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2988	iexplore.exe
2988	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2712	2988	iexplore.exe	28
PID 2988 wrote to memory of 2712	2988	iexplore.exe	28
PID 2988 wrote to memory of 2712	2988	iexplore.exe	28
PID 2988 wrote to memory of 2712	2988	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\47f8f3795b0cca28f5e4cf138afe1c12_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07a55382128ca5873070deac814c8ad1

SHA1
7e386247a7474526fad32fd10aae098cf3292771

SHA256
996dc576a2ac149bc9baebb7d9479a0e51d6c0403eaae059d97af04c3fd926d4

SHA512
8296aed3f25076d6f11e47a91205c43beb917a9b486596b4817279d1ddb412e69745e9c289a427136e642eaa17d3e773add662bfe4f26e626f303d9d11f412a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31893e377fc88c333ff22ae2124d0374

SHA1
c2b018b723865584b197d9be498f7d359c8afaef

SHA256
52e400526c4f17e3a5d652c934cdb06059e102d651b62bb048ff940233e7eefb

SHA512
691738462c752cf0c9d83813ed3baaf923c4a5651e1cc09d12f3d4021cbea9e6ccab7b461717d9414730ee2244dfca726a03b74052aa401e05f184f2d8b595ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d83e3eb3e6abe58f43b4de9c92363303

SHA1
8db0a2273ffc17454dda9af6f69287f04f6ea838

SHA256
07bbb5a745bcfb2b0cd7eae753189f94a3a4d2e41192f2cce2c1111885e69011

SHA512
31cfae92a1fb381e88975079e5fb999e9582440fee7d54fe3e91d1ec9079d54bd7993a76622fc2eb874f68ee457022e146ab979707d5997f0a72e27259dbc9bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac7e63e84533fadb74f3dc42b25633f9

SHA1
f1c7915ecc4dfc13e50005cf3fdf208d5cac9002

SHA256
43d3ce37d2d959e7d1fe5320a08a5702726e0947a202cd49631700f2df1a8435

SHA512
6a5d0a0c12c7eaa88a55737cd2d47007d759f01067c59660aa28a5897014a49f6cd5a07b9d3377413e803c336a92ede885cf95ea423be035e5f7810a80319152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb45f16b8fcdaf5e0a62035a3ade1235

SHA1
f7b56a2549f50d7fa36a6baa0e1c968aa9d64169

SHA256
91cb2fdeb79f4323346aed2f5c944eff0dbe48a66859c3c08b4b6606a3b5b55c

SHA512
8ca90b20ae08235e2de76392d96c252fa4e0527ab74bb003acf1417c40dba566d7d6214aefd2b0b28a030e7c09924f89c8788fc76c398fa55a20b85305031768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f138ee6ca82655c039d144d9af4bccb

SHA1
64429e26f88b7c199765fce0366031f606332de1

SHA256
cb4dbfce9789763ad045a7327554c25ea1a386aa2e117cd059239c98daa01fde

SHA512
a89bb0431ed5c8575268cb017fa49d1299d328f9ce768eece04e9cb71dea6e95441fd9d7796ee2ad29ba87694249eef1bcb170c42fbc3cfe6c5c2711f4c1f9e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a214218589ad497d49a86f3af426a7fc

SHA1
df12ac006f11997e5e8e16359b95990ffd8a5aa9

SHA256
69b443ac777882b4dd87eabcbb36f50f83aed78be3e08b294f56d2c99d151a76

SHA512
d7a3f58d64d1d8ae70a90fe6a108d70b663d8d99e34bc53ae4d765b558715fc25e5acdef909766ca0c5a84cbc7d22f896fd59e656e8205d631a698babb9d37da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83e5c957fb38d33d038c714ddedf76ea

SHA1
5163231a5caa2efdd988eb66cb8f498f51faebfa

SHA256
b15bf008d2578c8f2affe0c0998b2b915f03e0630a6b390b7e569252e2955df4

SHA512
9736358fb0ce7878186545e82007c35aef0eac66d6d87d6b0d84dfd1658e86465a24deefd3a34f8929d3701fd14b08d8220f1d29156b0240ed24fdd7e93c5482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10ff909d070c5bee06bab1f8b0626b4a

SHA1
16c0d8e48cafb83729582405b4da36dbe9014782

SHA256
5646ee977eddcf8e1d1c4606c08d55f954d4352b858e197a18b9373db8722b8e

SHA512
442891c46fb056210c49769569f341c5ba56061763246dce4c89c9fbedc2fbeab27cfba93987341552a052af1b2c62b847e45815ef6ada62b29727dcc5bd7a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98cc64aa0a9fd89743f5bfb4a2d49960

SHA1
dfcf0faa7270939026031c3300e7e81a36a81a60

SHA256
6bbe260dcb6c356580af46c8443929c35055627492404bb573fbfaa2e0591a85

SHA512
f6c2b3483a04a21180e2d3d769e51dc40dae758127e842a01ad80b5f6629c9b99b63ad53da2a421839e33d5086c821debdd8643b3b9687e849baeed2e4b806fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a660ba72d5baea7763f230076a21b016

SHA1
eb524c3874a113475a024ab93814b078df0f2b70

SHA256
bb576a0fc8eeb051743c50e097887c5c3a18970f6b85a9d2c60b38cc1bd85a86

SHA512
85d25caeed6af5c50fb627d60923f6b7f43b5f9be123f813a28091f374ecc1b3910687230d748c16abd9c794e1064cf89f60f0f8494dcfe6254ee331d6225b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b8e67ab9f30694e4089baa246d5ad10

SHA1
9d941274b7f05eb287b88bb37973d6ec8c2df267

SHA256
038e3c8c0c14da886f45d38bd305b2e17d92ba5679761b5d193dc3cf870a9731

SHA512
489d0fe29d10f80c0ccee0fd4fbef6dc7f26b0e1cec66339c86686bf782871bf8b9125b88e95a9116c935024cd49bf7924170773476adc5f53ab8f257e7f29eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a62cde13ecea3d30ea2dbb7ba388743b

SHA1
e7acdb095b469949aaca96d08be7f31056389ad5

SHA256
214d9d3c0c2ca8398900c3ed72922e4352a1d09b2ee182b268dbe611d8e4964d

SHA512
0ca412f1df117aee15ce7e792ac46ccd52ce731e20386b6f0091609c5c41522a11ce163102906873e227eaeca50f290e281817f955c1c999ec2213bbe7daf7ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ef5645ee715362b5a37ca22eb9adcbb

SHA1
847287bf6b9e1198bc60ebadbd9ecc4c6f7bdf10

SHA256
d2187d2c77d382ad9987a78c65edda5fd4d35e628db2998f867b0cc2a9fc97ac

SHA512
ca4107395eadee2e2162512ffc304f68dcaf90b5480f11d6f4e5150ef0bc65c282740787c90c4ed08519e46487a12685989fa6b419bee370db1cf56785fb7981

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05440d6be33b7ecfd59b3b01bfa430d8

SHA1
1ad9516128d1e409359b07a7760f9fe205a21b37

SHA256
ea13aeae391fbb73f7baa2e8b4fccb24c40b3863ed8b9247518b125190b7d78f

SHA512
564ed579e3fa77239067eb0797d218928246f82bea830db17105b83c3c4609d07f257efe10088a4f89ce2c591b97c01479ebe3a18138676d7f7a7a93688b430a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ad5ea7537f8b5af5af018fdc814687e

SHA1
e1f414cc9179854ff138e73e6feb49605e4f396e

SHA256
c0b112b934a0a5d9e060520422111fa8ea3140897d76a1b54ce318dab5ba69e4

SHA512
bc3c762344c10ae224b9d0cc5454d16885ba05f43b4be9bad5242f26fc9d82824ce754f0078c2aa425eac9c18472739ca3e7c50069fd40f661c5ac782cbac34a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21d6f5215883766177cabfa37985df91

SHA1
d9d700a58e88b0005094d1820f138263fe5d173b

SHA256
88842ecbc2ccaf70779285454302fc488e7e708a90db03d68d5310ffe97aea7f

SHA512
5093fc19d67a8e12fed9e58766eb78cf81c4cf8a7c67bd7b9f9e1f7766071940efc67875fee71197b959bba031f680ce4e55d7061212d32853dd609f108252df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4E40.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4EB2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit