6432f40a8c547c2c1c68819204e363fea4c5ead54dccec85101019eb2a98f85b

Analysis

max time kernel
122s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b227ccf029a90498cec094439ebdf3d_JaffaCakes118.html
Size

66KB
MD5

4b227ccf029a90498cec094439ebdf3d
SHA1

1a804864bfbdcb757b3dd427e228e5374a653a1a
SHA256

6432f40a8c547c2c1c68819204e363fea4c5ead54dccec85101019eb2a98f85b
SHA512

21cd844c7bc338ce7c833ba5f9e09c1718b3435cd79398730e1f40f3eb5d6970b805045671a1d9d08d16cd345c95ffa5cffce44390c2785f88d43f1cc35dd585
SSDEEP

768:SAfUbbI3hY2TehbBucxDuqvvRorPBP5r1oa0JXQPht8yhPTUJTkz:ScUb6hY2uxDu2vRorPpVPm05

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000482766a8cc9093c135e1d199f375c9327b2fd1a92cb6f70f46821880c29a9b4c000000000e8000000002000020000000e67bfc5df6774440059587c332efc883dbcabe03c86fa2d30c69521ab4514a4120000000dca8ded58209f87342a4cda40cc43deecd675925812f9add6f496b28d3267e0e400000008767202efe30a7187d52cd6d3a1d514229cc31a4e4a21f4285a998fa12331e3ddbea9ccda42ad96976400c71320b5e97f023c8ceb7bf74c9147716c4922e330e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106ffe238fa7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422025378"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20924DB1-1382-11EF-ACCC-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000bc391cb30271dbc9e68bdbd5c8268d7f7dafdda06692030ab90722798a84397e000000000e8000000002000020000000000544d936338fb86932e10b11b9f955fb40d60fdbf50b13224550d9a6056ebe900000005773f5fc4fac6ab0ddece3aa3cd7ef4cb9b685c8a2e72b090f0bbe4e255feda69f0d0736e25ccdd0d057150e8f40521bec3da8b8aeb22e8db7740fe2626125390ac1424b2bbc679539ab731ddcce8c79d70a2101f4d20f6945ce73b6f4d2a56e37302889d41f5c6a5ae3b7702217e81aca1dda9777c4331aba2024a901f14b7b5e1ee2b1f17c8c8a083637932b78618a40000000e1f4d1bcccb84a9096a87d4934c089c0bb95f67b0b067f1d5a00a78f4fcfa9a5e0cfee65ac16c241627ec541709ec8f30eee207cc60b32ad119e901a20de2a97	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2492	2216	iexplore.exe	28
PID 2216 wrote to memory of 2492	2216	iexplore.exe	28
PID 2216 wrote to memory of 2492	2216	iexplore.exe	28
PID 2216 wrote to memory of 2492	2216	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4b227ccf029a90498cec094439ebdf3d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de7c344922692c01d14cd2c546c38d60

SHA1
943a3b9e9012c06f5689e162b7d843b3613391bc

SHA256
65db60735867066532015a204c41e6bbc7c24b59e83097dac20b4df426eac40f

SHA512
aea1926d6cedbd14964466c4c3f7c6b5bed38ad7f6028bf56d05d10cca067b5269af963e3591959391d0605129ad7c6582de307e7c36a8a476715c84de4e950d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d67966a8db04102e01c2e0bc4b54898

SHA1
cd1ee1d52a3ed0ec0f0b1b8e791385e7cbd706a0

SHA256
30200561235bc7e40a3215e064a94d8ada32feee9014141b1aff153f357b3470

SHA512
e3f59eab2345a3d4a5185f8e828248efb82f0d25713f180f8537613648a7eb80c04d448f10e88180b73d886e5408fcd5a96222e5166d9734fb90586c9e003cb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
707c5a18a9c8e34d3a75e91a0419540e

SHA1
4f5b3d49176a7fca4911a1befae0ae9d52debbc1

SHA256
7a1cd87f38563d31878d3309b21fd70160ba19783abc00b42e525f23608a96e0

SHA512
897ab6167186be61ec626869da105f99a8a7f9c41db6b50e8836fabb33c9e40dbc55c44c891c1d086069c8d42636b0f0d290d0b64bf5a00e97d6a134ddb5e793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21c5c229bf60f5014ccbd4af144db6d5

SHA1
e2bfadfbb802156ad6909fbe0b1b6e8718726f99

SHA256
3ea88c3d6e2619629ed03c41d8155bfbe08e3a3c9248140dde0a6b6681ff9e43

SHA512
a884ad65b479e5f710a1ab1b445f2c7ac1e1ab862e3b60b46907598debfa18f1752d2e008c6232ee65d7aeb242f41cedb623206370546b079bb1507cb9977c26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25b061aa52f0b0afc6f002f59f45cd3c

SHA1
1d5457b1b72fa91a00ebbdb471a045b45f91fc53

SHA256
1dd6db02817975753d3d8a241679a8c8dcde33e5a877c6b27fb3a2961102ee20

SHA512
3b52aca304d8a4d541b9bc61e9f38428c71eb0ea203a70938ff6261fb1ee8ef8b2a0045692c397239db8be5e0da671ab0818dcc86fcc8323df6c81a32b8032ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
802f695b6f334945cb644f66a2d29921

SHA1
05fe8d06a17a3038090f53158bfbd7273075c25a

SHA256
5949887f7792d399cd53c73d3bda96401ebf96e8d4175c58068f51dd8dc2ccff

SHA512
a57be94f560a3deb740d3d8ab13e959faf016ba6462cea7a838833da0d0b59397f155910fda4486d93bf36dcae6b2b9de6a083a11edc48406d72e3cd1d65e7d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a60104d958821f2d029742f157024e1f

SHA1
34fe37bf1d2788cd602dc14089ef655cc77a6fe1

SHA256
49ad97077e9fd3086cccacdb962a432577113d332ae219bd2ff15f87e1b03b04

SHA512
47de3412e4fe981365fe81f4868875f91f6f925843fc661b324b528ee24c3ea88e10ed501fbacb9b07166ecd07ff232fc629a6d5249f9a3552e5617ba061fac5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49e720c1668aefce84f3b3be4f4baa54

SHA1
1e8dcfa0b85305d6988726fc15c273eb785c5656

SHA256
9a0b7e82a802203ef80a7ea3a8c107d6ec44e94891327619f17ffccfe498b568

SHA512
1c6ab8b1bd1f98ac176c62e6b63ad697f2d6692052fd45f4eadebf0ee4d1b733587a8181440339fb046595fe090299d8533d2a09d5710a49e0b120391ea3b7c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4101866a40781eff7d6899c2ee0cb21b

SHA1
1bd0574219d4d0c50b3470a874ac390228dd45b1

SHA256
b94670bd6bd44ad32c33578b6f931a0c2eab55c030a30e3a5efc4630d96ae144

SHA512
d3edd1c544ad01b8482f53e7895ec6f18ba6fae5d637a17313fb13fb1c0255a2999846b3b8025b0ad38ebf2d4cc32e3aeabdd704d338b5cab4ceb81a5d9e05a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c343c2dcde6442d9d8e321f44a0f063

SHA1
914399d76f51073cdda3f78ce23e04f7cfbb48cf

SHA256
b5dbeed3df0e06aa15db63c47f7e176f068d64ea3a4a8e4237acbf22134866c5

SHA512
e5c4eca7353599bc674ba749dcfd7c6dfce1ac19bb363cd63a7d2b5aacead2e75c8184aa3f619bf75a6a0277bff29c01de8890a070c54c30e411a7bb6c76e814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be8d0a827ced8e8033ba2f028922669c

SHA1
6808e9b67c6e0f0488e38b7961f86ea36219180b

SHA256
b8e708d1579fd7904be0689033626d3cf47ac49ff37efb0cdc15bc20b2920163

SHA512
0a2ff498dee6b120f662cbf9e0d85bc98256d6403f2725113b85b6e9ac04a68caba43be34b99af48c1d33511a22be411d8c730d6a216d327e6a79b0bdf575d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fb3907f365d21734a6f92f01693b16a

SHA1
8f1390a08d4d095b4166c8f2859e76d0ba76f5fd

SHA256
c0db8f8fb9952191fcdb7047e9db058094d5cd62074a5e62e9620fba0d29c58b

SHA512
0e1499d975aad50d1f5619ae491cb6e64938dd1237bb83bed61b2424e7280e6fb6c708b3d0809ef77d643f9bf5ed6851c00fa6bbf6f41a981de1eb5a49256e3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4b27688b0b253e03ead70038b84bc7d

SHA1
7214d7a4979020367eece1c2bd2e7eaf971e907a

SHA256
a94cdf3522d233b7a4dec6a23f20b9aa38d2c063a6f68f953ed942bea2d23cce

SHA512
4419ed5dbf6ecb3d11b6bd2e4c2cde4362a6154021359e7df44d51e2bf105e46a4a0163f326b4a1937b97fdde09e35f1d56711b7d52d6357c19af4874910ef73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c29de9e736654e58563c623cafab36e2

SHA1
34495f24f2792e2a17232114a6568e07a966c0ce

SHA256
7a18158f0796d0b91e308dc3e184b96084996d62ed662e81237206e2ec3b04ad

SHA512
89900026f95483eadc82fbccbdef44c1c0811925bff94f0e75c8c929f80da2833dd331c074b6d1b0f3b5759f1d5968b8d6e3d96fd0108fe83ca15f5882085049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7eae64f305e1833e389202cfd70a2836

SHA1
ac25793394c1db4cda13406b733a6219d55f6157

SHA256
2dbb27c8ad6b2bb39962778de0cac16760bcf7c0688cbb0672da90a7e7b7df6c

SHA512
cd501a0db93ba0f066e5e3911b376eb53f40bbef55b9229acd6769dcc9c9ee538ad6071e80088b7c6faa15558d95a4b6c47242c8c1b03af5d9336ef5f000ecad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6CAA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6D9B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit