fe66bb7b8f931cb909b2ce5542e170d2752ede8428b11b9a6b70df70663b17f3

Analysis

max time kernel
133s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d303b37d72861948b1ccd2b1b041017_JaffaCakes118.html
Size

94KB
MD5

4d303b37d72861948b1ccd2b1b041017
SHA1

f65a70c358adf446b09059f3ef5bde7941b42933
SHA256

fe66bb7b8f931cb909b2ce5542e170d2752ede8428b11b9a6b70df70663b17f3
SHA512

e5d9245282ddbda8ab537024ad2107e734e87e3160f20022e8c76ebec7c37313ba05bcdcf4e1f1197c4165a9c1377e4f4e5007e46294ece4c1106edaf7f42a7d
SSDEEP

1536:WMLiNV+v7LQWVCNti4GFprAUBIRAf9FDZ1iy3y6BdkrY8mgHC+qpEyW:WAiwj7BdkrY8mgHC+qpEyW

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE752C01-13CE-11EF-8B04-EAF6CDD7B231} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e8a55e01ca54581b1271b8a26f521b050c62e7fd32eb92f32d35cf72b74de120000000000e8000000002000020000000d300c20326b26bf6c3528e7858a98dca82eb8fc71bcf48d2d6aea4fce008ad4a900000006c32812f38009e71daa624f9745894a36740f462fd39436756d2f76df3e2981ea2c871f9d26b66af0573c05fa14f658a64d0ad18110393906e1e379e21ab180a720eed0ac756571f1408562e2e42d1d4b85622ce989a1035332491b714190cefaaad98393c78e69b696fe5a7209009f8866ff0532b6a65bedfc39382f217f4d565f3923374208b62975d44fa525135ff40000000416ebfce17932d9bb32aed51d0526a06970d41b7c4291089982b15902a3b9e76fa7ff39caa3bc39606f5547f44722dcd7dcd9f14e0991c988cf12946938fc84e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422058256"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0189486dba7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000005e92781029cba6d0161d9f3f64e74e997275159374ae8dcd936d3da179045f13000000000e8000000002000020000000097aa60f0913a557afefc043cd0c29bee68e7a52271af1790f68e20689b1ff2b20000000695eca7ee11fa6a69255b95d043d172124da29afcc5085fb08f8a2e7e5fb743a400000002050710ed8d69a659e8ff103fcbacc6253748694e6103492401986306bdf7be48d1855ed50c564a68233b1738e5d3b639b4b9ea4ebd5c21a358301ce3513b3d3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2368	iexplore.exe
2368	iexplore.exe
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1912	2368	iexplore.exe	28
PID 2368 wrote to memory of 1912	2368	iexplore.exe	28
PID 2368 wrote to memory of 1912	2368	iexplore.exe	28
PID 2368 wrote to memory of 1912	2368	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d303b37d72861948b1ccd2b1b041017_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c10016d2d67b237c8b97dbb694dbac3

SHA1
01142ccf0c00b3f419119b9df6ef03299677ea78

SHA256
adbdc800aeb6ddfb176c29944b9ee20b6ba978c688267012f3ce9146f929dcd9

SHA512
ff241bc837665c68169c5b3346d89dcb9c54b20a57d2a39419671eafbbd2800fd141dcc1442db61cb6efd71cbc4c7f1c06a215fbe0b177d35c6f5da84da76b25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31e26fb6b8e7badd827a6bd571717406

SHA1
bf3d7a73ccfcf9740bcdccfac287bef916d02a2a

SHA256
c4ea20d0374172f4f770502f0164194514402196750f9a9d8568e98531e2278a

SHA512
4e4b2fbd0b1c270fb558575ccb7d4895ef346e0c9d29fe238a71a33f3ab13b23912bd144f710b2d23296be458384e0eefb1ca7a9e446008753ffeae35cbc1a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
489a2ab1d668f3048fbd6ca48900b21e

SHA1
8a6d998525554fbf91c3f405a535dff163183a64

SHA256
a4d66bd5c369e1e3abc144df1afd94f780fad3f4549fb4f65465ec5d31aef781

SHA512
1cd350daca42f473c86ee861f3bf2ea052724777192670d1ca56380af086e65ed18fd58bf1c217721788fd782375261ba7e6240a9efb2ffa63916ad8d50e852b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19727bf3e750ba34d2307812e84d6d96

SHA1
4df35e931dde44bcaa3bcb092ac0d0b2fc3106ef

SHA256
962eea38357828faf7d487ccd771a9bd9f499beedb465141c13e971b1b441bbe

SHA512
7d4f20b3a6903c475313fbc8c1c960f815104c3adf0eaf2b620aa83063e9512034f952336d9aed2e657268fac53dfb533e425ec86ffce57a8bce7a3f19ee1d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ce2f9da223f545c70ce863137948370

SHA1
eb921cada4f71c9c54ee978f13988b68d2fc7676

SHA256
a7af92e99d0fb7df342cf344b3c396935d00f91aec652b6df4cc3713fb7cfd87

SHA512
0a5fa1f00bc0755c7c99a360d4e622eb2c39e74626ce9d62d88158fc96b60819fa3bdf22871f0e8592d62ea29e9c146939b0e2e9c9dcf8dc4acbdd0efb956cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72c05cf53772b192068801dcc33c8dee

SHA1
b7e559c0c0a3c45ab8afa13494415c7945b9e5db

SHA256
f976a7a9a8113b7235c48ea57c6f6a2a1f320e79d1965fc048da88ed39e8f6f7

SHA512
92b8489068c0c87908dcce502ee8e7b0054ba3213113395caebdd2960ac11a7d9bf1bb530ad6e1a47e4debd9f790fbf8cc9f0873423e82502e480a9325e09fec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d2e5bd56878be72291c047f811b3f3b

SHA1
86fa2233a041372ff0acc5a8372be9b842c80c47

SHA256
e8be000622b8e454fcbbcd68a2f608835236d677bc1a4a9f903d44ed393b357d

SHA512
ced212d5af83b7328eb1c7537839eaba2b44b00d996a872467054c77b7e5a400defc45a4426b5cf4fee565d1ef6d1f7c8e6731e29439d7ec7ce8620956babca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b207021f5944eb9f582a510b90533a29

SHA1
2fe5df60d07ff956b7e8553eb78b309e08936b7a

SHA256
ed9a239a2ef6c1bd5ab13e1920bec2233afc7db6d2f341dcad67a5a26e07ba71

SHA512
1a35664507b57e3771279717354d25238420a97aa4c5a340fabc904f92ee1328e29f7b5c0619eb7185ed52fd2bb71ee1097e1d0d58a640e1d2ca1464ee77e77f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b6ec16bf58d6e8c29ac02789ee755c6

SHA1
3e982d2f98fb6c5b93cc2f52329400bff9c9c523

SHA256
c6e245e1f24fb5a987a9d667d20debf2bd6101aadf983da022832798e61ce26a

SHA512
0a0c9bf4f6eab01fea785a8f6068055b10c707a342659e4bc8eec16a4cb77da69aa81c1514e606ff71d1e305ffbf27b7efb7fbc8c54f992d06ccf1cae76b004b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5413c9f2440dbf7dcaebab25005757f9

SHA1
4bb591272941255fc0956950be67f2917ba5bf94

SHA256
329ed420ac8d3c22ae246605549551794bb5192f6f3c1aa2e453e96270d623d3

SHA512
d9fd6345635fd90eb589591d5fbae347a63a57affad10788bca8a154101f176b2dcd7f5340d217d451ac128ae0c6153532271e9bc9a01936536a70ebd4223180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7f3c25d91ce223c3c9dfe236f293a3c

SHA1
dc365695541e4f68ad73450ed7178b8fbd21067f

SHA256
8ba2b60b860e0a28df7f2a1614fe926ae4243a7e11a306e98f761741eab4f3a1

SHA512
e53838ed5d56035c2efb8151d854202bce78cba7bc67d665dc041d1115ca36fa98c5b5926f6e8c04655ec45af9591291bf7c540258ad4255a4faf14c8f57ee49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
352a3b5143f7204003e5781b50582210

SHA1
25a30311cb070eb14e858b81fc4ee62849c526dc

SHA256
4cbf0bfd7ee6a8b3b89685c57fe5e68925a56791f124817126804886bdfd8e64

SHA512
ed4c0833f99c0ba8e00c6c56c392029fa73b2cd3a515cd8dc920a0a96f6c2fae1fe59e3e050a36cdc1f3e7927c4bbceaefe7e46a5593e38f4835ec964887d13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\wpml-language-switcher[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6597.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6619.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit