59a6ec0176cd44bf5f6f60616ac815d6ee5010258d264bc12a5c547e991031bd

Analysis

max time kernel
139s
max time network
144s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a70b2dc998a3a4dd3517b020ae6e664_JaffaCakes118.html
Size

69KB
MD5

4a70b2dc998a3a4dd3517b020ae6e664
SHA1

865b8d329060c5ec5c85e696995e0953261c7488
SHA256

59a6ec0176cd44bf5f6f60616ac815d6ee5010258d264bc12a5c547e991031bd
SHA512

ead495229451e624f187b0ab4fbc2db88183f49b1d0d836b561b633ef8e9c60da8dbfe5eedc9df98332ee45581042f68061230d734506f6e44229c6ff647db58
SSDEEP

768:Ji7gcMiR3sI2PDDnX0g6ss6vFYl1+5koTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpq:J3nAgTzNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422014096"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b83292c03291263e9530fd57564a6e0698ea5c64d0ca2e33df4aafb963e9b665000000000e80000000020000200000003cfc04a7536a26a419a0ab72b5718f2ecc5a85a79e2c4c88bbcd1c4a075c883e90000000d070fef0e599f225632fa3f4af2c72699d8510357b2ec90907a23dc3237e354b5870a0659289d8b7cce22acdfe9b02f1fb3e29d0f147b01b0bf5af8d0b2964c6e15e244663cfa7e213429596be0da57a52ada72125bb7dd8619e659a27ad849ada448fe45947584a50d01be528010e79c873db490ab0d108330c68ff224ca82f26a734d22c856a6fc694a59d8381bbcb40000000e7d578dfc1dd9182690e992da394f143917b7ababc8799efe4c4af2bb54fb1f3026c5ec8b1dcae670f10e891c08cab649e4cc7934d7e130584480fe8a108b941	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ebbd3bfe5ae16e6def52b3dc7f399a89d97d6b5b80b5245c7730c7762cac03af000000000e800000000200002000000024e836f2a803852888d86ab05b95afc23322a34658d7fa23f47f6f9007b31cee20000000d8ce5ea71f24bce95aceeed7d7d10d379169bdf446c6efaa47af06df1276b76a4000000021d15c1111ef232a014325d6aa56cde5c8b4af02e29151de30a29cfe3569a331d24135cc787cc86e65370c586f6e8b768bbc3a92ba6f1607f723ad728cfb02b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC848BC1-1367-11EF-8963-EAF6CDD7B231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02844b174a7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3008	iexplore.exe
3008	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3004	3008	iexplore.exe	28
PID 3008 wrote to memory of 3004	3008	iexplore.exe	28
PID 3008 wrote to memory of 3004	3008	iexplore.exe	28
PID 3008 wrote to memory of 3004	3008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a70b2dc998a3a4dd3517b020ae6e664_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
961d4d5557e3ae0b982577939126dff2

SHA1
c4cdcf6bd08c755bfaa0d86a48f28b30e6dbf948

SHA256
d22333df0c872537a9d4c1d67e325b074634227fc04e0fc24ce3b7d92f06a973

SHA512
dc9e6dc114382b455a71015c796efc77a64aa29b5fad4118cd5728d52a68030b186300c8e87d3ddb64f2cbfbc9d56935715ef6139be8718bbd44f387e1371f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9b2db5dd8ef078538a465e7e862bdb7

SHA1
9dead973f0c4016152f65f0ceb1fdc98017eb5be

SHA256
3aac3415ed4436df271149c933244d922b0a2f65f92c7bcb3307f93cb0b157d7

SHA512
c7a39b72e1e92e51529f08be2de88da1d12a2957570ef8158ff6c9ade5c0000ae83eb620fd601348d5d94f41daf0da879c0127705c63f210a8de9acf7b888150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5f7964405dfdba5fd12ddb91bb5c7f7

SHA1
8f072d68bf9dba221b848c841e6ea650a55111d0

SHA256
7e76c947f3a0e317d60eff2c415ff2cadd26b78d725f072199d954fc30dc4075

SHA512
3be9933d36368f552f42480c68b96eb331271e42cc598acba374cc015f4d234df8dafe150d6e4746b2f9b19ea402e4d27dd7546a402cd76a7aafd3d7e70b8c47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6c43d95ac27034eae91026da406795f

SHA1
3520b2584937e1ee06fcc07b02ff9010467fb14d

SHA256
3a0b8cd91ee7b539f2dbc27b29c241c5e85f606bec8ae282c44e3186b9c8cb84

SHA512
d56d7f99a3e3cde5d3a66ac576434bb7f0aeb71b10252bcd65e5a72ebed033e2b726d1497688f5b9be7f249fe5e4d4b0b5bb030b8b8fc805407f9ce54f92f983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
584c7f6a4d20d9396cd62dd6e5c6845e

SHA1
ce224cae947c61c24d9182683138bda4bf70cd53

SHA256
186f22e8f45006a2f495306cec77fea1eca93132816974f53a80d10a4222ae2f

SHA512
dd489e27b6b893caddf16f1b8dee9ee6159c72828faac0f20f3f70bd19a8a1974764330773a56381387178ad65ea32f113a53d5c91af2b3d298e93b5e909f119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc016203c3e97ca45db12fdf7e20cc46

SHA1
c0f28c9a9fa47a265780ec8fe7200fef84a392f1

SHA256
04d11f005cf0c12ce180555f49fd68c11d41badd15959b5f702b6f682424c2e3

SHA512
d3940961a58b5fcaeb4547cc3133a409367acc273c7f076215c549b6d887466ccaea2011debab1a1bdf6032294a4440936aceb821cff96ceb639aa71e933f628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c16702e53786c342441039090bcc697

SHA1
4a056e94c249536e736e3f5a139fda6f63f33f02

SHA256
5dd04b808aafccdf8b926a4809ec7c5b34377a9ace6c85272f567618b72a0f77

SHA512
0c6f33f9e5811bc7b472970dab0f8b81b4abfc63495281420372a863d56541bf014b6b5e325523985bf4f4d596d5ff25b3b290c2a39fe3d4d7e1e303aaf023f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e21bbbd2ab8a0d007a5b6e7c285a9544

SHA1
54fafd3c8862e518d632c8ac599dc76615f53c01

SHA256
bbce1c4bb2681ca6542e087e929cbdf148ea109fc55acb9e3c6a97794759b40f

SHA512
7288f0478af11f741aa11060c188c28898ba87e2e1b09081c559f4bc6ac9ca90449d1c50234a313efb8bbc96c913d63018a5de897353687ce05f8751d5b52a4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2778f19287418585a42f285bd40fc31

SHA1
ac61de4e704fc52c366c47fd1879d856e9fa9eb0

SHA256
bf68738cf27e47b0b96ae60f32b8d082e000bda9e92bc461a0eb82aa8b5a23e6

SHA512
8d4712f30e4c7dd224d05336d3d6dce2f8058f8caf6bc41577a77ec6c657997024698be0ca1916b103ad09e46e519837dbc1d01c736f95f531a6dcb278fd67a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0c6a24604132ee1ef06c25103f184be

SHA1
56d9212e50355d260fb69712ae91aa805e152b2b

SHA256
676aab3e04a8b91ae3bd0fdb47a8bd2f2b47e70b8a1ca5685e193718d71eb521

SHA512
1e408de8e0c700569faac5b18f1a3181fba89e7816287e124ed1c0beb469e528e83d4344591b1d2afe722854783dd4b5ef76c4df4ade47044896b437ad2bd19f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1106360a0cfa2e0425b94be151eca921

SHA1
14e7e376ac66cbcc6f8ed274d0587201242c425b

SHA256
4748913be00bb2b06dd8f8ed5b6eb64359d5ccff14e186961da004036a80d6f2

SHA512
394b1ad8c0835ffba43615a22db83cece3fe01fb45d0e629e2a4a9b338eef251c9a281e07d06c77711ac4a36e3cc2604f9e551182dfbba9d64cc3959b271c3ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c386f3cccc48cb6bfea2fde825cd352

SHA1
3bff20b5c9439ae7409fdf96334845c2f5681a94

SHA256
7d0918e06aa54120214da5bf76b579e1b70b311beb76dcf3ab1111aea475c192

SHA512
c03fd640c1e95d6d069f0ba19cf0189c6429b7492be7a5a831a7bc1452bbb244147c9f950562e0d8498f5aa8fa6a41ea09b93ad274c85f362083abd6dee4e9e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d16994a2d26099e3acd0dd55996cb93

SHA1
2530de9698a545cbe3fe98c733dc2eb1ae5f37ac

SHA256
bb5cba7b0f930be7b4d23d2c571434647db3ab0e5d4c117882e51d06f045a776

SHA512
df4b4bb0d5e3f9e941c249866da7141a67c14d9b0b0bcddf5c063c35321fe4ab8481a8a3a974c970955a9c4acf8cf37837de9526bbae4837227b4889e01a5f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffeec513c0d106790336b8912dbb6ce2

SHA1
5edaddd43d621f04c27bee1f008994eb3e3baea8

SHA256
8196ee1f74283bec196356d4162fc43f5932f75d69ed2011a66e753d7f052d2b

SHA512
5286d5df7c4c65ff5f2486dfa0b3eaea96c6ca7a739550b72f3bcd268fa13838cb3c9fef55d952dc3bb2ed98c0d214d0ef2b61ea838f4ae9417626b1b26480ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4acb23909aa3a8f807a4064646caca1f

SHA1
7aaa9136cc29894601e263a82177bc1b3bf04148

SHA256
fe2bdbde8054a0691ec012d70d0ab0170377041233859905d8c43385b67f7367

SHA512
8bdf32965b0731bce5a236b1b1feeb9e55c12aec53a5a1dee807f65c13884e9feef3e07252492de8799211ede19999d01bb61b34ed12b231ac229d1cb80bdb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2EE0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F31.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit