9dedc29d7787d17afb1d90a5d83fc7161771ad3166aadde497940d9b7c7e4390

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dda3340aede93a1f4cb0e88148d9197_JaffaCakes118.html
Size

68KB
MD5

4dda3340aede93a1f4cb0e88148d9197
SHA1

746f34adf5ab33ee69928f03695a55b61fbb4f35
SHA256

9dedc29d7787d17afb1d90a5d83fc7161771ad3166aadde497940d9b7c7e4390
SHA512

8075803b866e3f3415f86ef9a96eb297b9f16b3915f3eda54bff075ee23fc22a8bd53e1996423a6af50d15e2749f9611ab7a18b20872abb008169f5bae78994b
SSDEEP

768:JiOXgcMsSZ8tN99OIsKOunRg0fmUoTySqQCZkoTnMdtbBnfBgN8/oygcR/QFVG8o:JEWkTYPec0tbrga6cuNnzIjv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a64457e9f5a6bc43ae45208ea6b1ba8700000000020000000000106600000001000020000000f17c298f18dd4e9bad915910a2acb39490437eff808fcccca9f4dd0df811afbf000000000e8000000002000020000000e0d6e09ce6a06737ad57c6abc40c5a49227f63a8ea9a88f4706af8b9f16f3a5290000000575a57b84f37ab62b8e0cb2a223e729c8774402b103e6f1a87ad291716f28a36b6d596e2e0552ba9784b877e5d28a1c6fb3a6d12a50f6ae394a52d9c837abc8685faf1ba40407e54b4a92234a3e2f3b3cd43eb4aed33e5cfb7d837f3e079f877ea9265a3b01eb1dde9c994164fc4389e678c9898956851fe827a7fd727c1b2b0f54c3f7f50597c28e74721a4883b03144000000061f0c8ee32b55a3ca3717d3296de0e8e5b226335a9ecddcdb7a73e5b2bcb002fcfe524342d08b73454af0789856a3428bd170ad9665e21a2a476d4a7656ed312	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{315940C1-13E8-11EF-9EA5-C6F68EB94A83} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a64457e9f5a6bc43ae45208ea6b1ba8700000000020000000000106600000001000020000000304cc5ac6a93bfa1b7eabb52e3bcccfee9fcc4b3e5dbcf0f6a929fd02418d855000000000e800000000200002000000002564719229565b821cc4b03f38ab9398699f80d08033ba78cb41970f748ae10200000008af8218185fd7412fc14c87f6884ddd6b624982c82485b622d04c8b631653b6a40000000bea38c388b2422c5584eaf1c285675b5e37fd870c78811aaddede112418b26823715fb3af34c2f8bed5115ddd26290c004e8413383bc105be2e72a3b2709da04	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422069212"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01ede05f5a7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2700	iexplore.exe
2700	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28
PID 2700 wrote to memory of 2080	2700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4dda3340aede93a1f4cb0e88148d9197_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31bc68d0cf1c1bd3252ec75e04f13c27

SHA1
df22b78eba05ef5f2b2ac78eff45120cd8d560c3

SHA256
55b3eff23a76500ff9687aa865d5d3eb39ee579f047238f08ec8cef4623cda01

SHA512
1f071bc2f8061a4ea0dc07a65b3821d1b1e45438fdc8588e71fb24a33593174fbc5dfbaa435b99b48b9ea51bc8247d7af53469dc2f7fd78177bef29195950804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7b3cda7fc92f74cf945f2f2cf908deb

SHA1
4547c12a17c89af24b661a916ba386c6daae4392

SHA256
d31c47b06c9c7cb585fe8f8c18d9fc6ecfdd87c59b26e352958122a949a293fa

SHA512
51afffff7562c3ee2d1e262757d5333bc3d03090e7c7a439df429104d9e05f9b1529302a3aaacebd69a2909107d6395894b9ab55fa8f7dbc38a2ab0f2bdfe4d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2455a005cf0d6589cd8bf4716042e6e3

SHA1
7a4cc3d341911282ce67ab2d106f316b71d5ba50

SHA256
6b5f947b920f04c4d7ab82858df68d61154875974f853669d2572593697e0327

SHA512
43b61c6e41fc06bbaac38870a5c552e5c97f036383dc31c5dd8366e7170cac769cf985b91ff0faee158d0f1769ca652aea38c3d1b1befd2abd7f89cca6c9d662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0876d873eb62053f1b04ab44fccc83a5

SHA1
09b47323b2ab25503603ced3d10dc2288a31bfa1

SHA256
8f2848d9d958cf2885bc228a0256c92bb64b169692c01b481706c8c8b736875f

SHA512
6070f2b88ed3f75c40193b8a6d8e6a004e65e1c003a520a46ef7cb678b7a99176d733f8c6c3dfb13fec79a63f959338717def9a8ef448dddf58bc09552cd7d29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b8ce29e2522c81a38e17bbfd607c5b6

SHA1
24597fe28dc080a28007e19e9a514364bc1ba8c7

SHA256
6f80991acdd4797580bd0eb02a237b0b3def61238161e14657fba26b9ee56bcb

SHA512
d663250bc21fbea7d01889cc2370818fbf0af954f3b26cbad5d128e0676b6255116c04e9f770bee6595e763f0c64cdf44233bfcbd4d35eb7feebccd99a069940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70a5b117cee0d465930ba691e68494a2

SHA1
5ea1f2f4f4e0ac1d6858086b008abf0b46a1f206

SHA256
b901b4b8172a82bf4a363ec9a0ceb4bcf91e5e110741b019badcae6815f334a3

SHA512
fcb68142ad26215ff2c8f3db209db50805306527681de43043b06a7b2da98db31c60190e74bc1072cd4e98159f3531b7241ef88a48bbcb3346bdce7ce2c08c23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbd1304d3d52270bc42e89e5a78d9d32

SHA1
01cb042585d48d446ddda4d053dfddb3892916db

SHA256
e166b79f47945c23263ae07a7140ab1b13f2d6b5b84a871c289ccf139dc922f3

SHA512
3d192dd075d4b46f7dff8a7d6dfa22e6b8b1f8ba22c2f4dfc735a250af1d0f83067a514c9d49a22bb28b031f7d560d3c4bd7c90255dde0dd44afc350c86a09bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e8bf1cb09b727c5da5be8adc00c7e66

SHA1
14795b6dbe87f5759981ac03a723c464446302bf

SHA256
41d88300d5916412dccac9ad899ed16731631974eda8909a38a961572eba5302

SHA512
c9c2d61c7d08438052ce1705ca9adbe3e168459d26ddf106d8ebfa49609c46e97d1e32c5fe93b7f596155e15e041aa06aeb368bb48213cb63ce163d7920a0b4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63c2e4e06ab0c60e852979e9a70d008b

SHA1
e956a099e3cb9d47c93842f9ad89a6f9b0a8f02a

SHA256
737c606ea6d13eb05be9ab7deccaa148d612bc34d23c803d10a6b58537ba9924

SHA512
38a5120ea570370322a98c2d3f1fea2d6afbb83065c82ea00883ad345df2319a0cc8a3ab096344f5de606fb61417fd85d93d6589ffc6d097b5a1c93a7ab81bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1cc40a478e3939dd9065d3e4fd1574e

SHA1
f86e91dfe5d9c8b5929ae975db756b2894d77263

SHA256
e4417be80c14c520d0ea9c1a516841e7b0260c6710fcbb1e8b838074c9ec3c41

SHA512
29f5ba8b62c2eef9e48a7d45c376aab804fb6c1a3b03a881b5c1e938e5dd548c56560bb628d5b3feb46646437310ce707d7415144dcf7b6ac57cf42517894ba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bef574fff272b1a4cf9dd44fbeaaf15

SHA1
941d53cc5c2bbac991eb637f39d051c27c1e9212

SHA256
0e268e91978e74d4f797812e39b7b35581dd675af114cf19d24610f8457c0bf5

SHA512
be2e15761bb010bd539915c505ea07506274a1dd2a0508ba97f63efa8579206cbe6cf2135d30e568b52c77fb838a8dcbf06e79c510a00cfcef638b10cb864592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13adb1f410d5428196c9aec5045657e9

SHA1
3e9dea7451cd98ce24e91a2d9aa3ecce09c9a0d9

SHA256
99ff069233f4d049f839fac248a761ea781d90e2ce8bfbe9276329fff1e67ae4

SHA512
9646f35befe2ace3f4926dbdb2a69a78dffafc6b4c5d98ba024da8301abdb2e9206dd901ec88910bd898ca058eff0f2db4b2c40fdbf478a39d9ed4e19e0151ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5e36065b5cfab272bed3c71225821df

SHA1
460ede609e7444dbfafdadc0f103304848213fee

SHA256
413068074d560fdb867bbb7cd6a203dded2a97a51d1793df82cbe2307b2ba7d2

SHA512
d56299b5377a930ffb70a6c758ed177400c8d236cd90513e16ce307181a59b41f09da9b97756bc4e6fa719a4091b74f7d082094a3a77f8260809439f7fa026ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb2151f8097fac13c7405f70a2587f10

SHA1
78d7c2e9166a20666aec273944351b0516d7f172

SHA256
081e5f6274bd381f37209f02601ee4359ae95bdf204db1bee4cc38a0593d0149

SHA512
3dfa98cb573b8d98a9bff6c8f7fb5da2cb3b8d84fa106585a63af6e0ec16be93597ef4eba0a46fbd86a1efaecdbb987b5c08d9cfc8db2c3b26da8e7fc5ff378e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2509330b87d79c661fef0a7199f3699

SHA1
26e69e0bd99493f9286570047c6ae600bfc64d30

SHA256
730cf6dd7ba9d50e69cbff52d95c365537c824214b405a836a4d122b8c2cb557

SHA512
70d0e4c156044c5da13ac54bd4d331853f9db1384bb5de5e7d6408fb1e586e566ccc653443b9d459c5cee8f887327184161190a43acbf1ae182ed9f86472aba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd56fbbc99987d6b1e7110b9ab3e6bc5

SHA1
0bfa2527162a9424dd58fdfc95a4490ad515ff73

SHA256
23724c346f61ba8301e72c97c3f580e8befa394e9f40251a677f6e7ef7160454

SHA512
92d72c0597651b87ecd7c3515297e2fd081cbb8704344a4a42f3f954ae9bcbc69ac4d5b94389dd00d28b1a889fb9fe9a3589e46a2f368853a4243524ff7f148d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2159.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar225A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit