cc9d1b5a88fbdd43d2490aa5239fd9278529e080af9f7268f5bbd5915f48531a

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 03:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e41b2831bde2bc268b284a5818b3e38_JaffaCakes118.html
Size

20KB
MD5

4e41b2831bde2bc268b284a5818b3e38
SHA1

1d2b56b048b8696930d9d30ffddf9db89179cb76
SHA256

cc9d1b5a88fbdd43d2490aa5239fd9278529e080af9f7268f5bbd5915f48531a
SHA512

02903dbe50d2fdf3286cbc9a092652b9dfea4681b10478c9be5b80e29ed922090112d209ab7ff496e570fa761962da86faf1070c68125c1830f8728508eb12a6
SSDEEP

384:zinKcRAa5r9DIimVBD8cKQ3RLD+pX/9D0md5WScfIk9xheLzVc970:ziMa5r9DEgc93VD+R/GmNOIk9eHq70

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606da8630ba8da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ac7cbbb1e476f544abc64189f16177ec0000000002000000000010660000000100002000000057f8a6951aae26f267b50f66c84e55ce93496d30c5998e3d23a518101a1ec04a000000000e80000000020000200000005da779c3fed2b760eb69d5b3dd9c4d8e4553f1ad1c7ddaee6f2b51baa34bb72f90000000858113a7a7415b02263d58fd4e7b6decf49c30b1fe2800729a876b0540a24e03c2d5b8bf1990a39f2436d4d44b68ac4604d2ad4cde2d510f07c023e9a65284888cd074b72512e44308f58f386534fd66d6020edce19834b2e46d77fe8d398e5b16fa8ddebded566f20d19b13c5f0f46a279626645d58723c78be9c5a2df109c640739e7df66d5068144634843dab54de4000000094b9fdc94dfb51cd75d4034757ee5a677057d38ec46619f5b319fe2d4e1be521d0d61ff21971ca28ee125fe059ded33474a69019f6a3a67ce0201f0726d15b40	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8EFE63C1-13FE-11EF-A0EE-F2EF6E19F123} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422078819"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ac7cbbb1e476f544abc64189f16177ec000000000200000000001066000000010000200000006c443eb54e92ce37bc965e390f8ca8b55c698e70428d266480c1fbec88e52337000000000e8000000002000020000000cf261ba0ae51c0999cebec6e6e10eb864d4d36d1669e01459ad76e0c1d855e8b20000000e2a5c129dc8cfd1cad59413f37168bd72f797c2c391a689a1f51dd340d2489d3400000003055d331d87b8d1bf34df91bdb64e35b9e6d0b437c054eebaab6aee77950c2bdbb69df5b632b531a10e9d4f3cf3a2c1ab7dd0d793e8b1e59f1bd6484980da840	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1756	iexplore.exe
1756	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2556	1756	iexplore.exe	28
PID 1756 wrote to memory of 2556	1756	iexplore.exe	28
PID 1756 wrote to memory of 2556	1756	iexplore.exe	28
PID 1756 wrote to memory of 2556	1756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4e41b2831bde2bc268b284a5818b3e38_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e67fd1446dc297e142c5ad434ba0f3f

SHA1
0a3aec151dc69a78432b9fab66f03f8fd5bf0128

SHA256
1eef3f3d8eae041cdc0311140df527eead2abce75e4b8423e16a564e2f638246

SHA512
25573bd320565d3f787ee4d87cbce0989fb5ce02fc6a51a6c5ca4608d148a111936bb1234013bee9476c5e6add20c6a8e9982c93d5e2532b6f8e26caaa2bbc80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8ff64d4cd277e1f18155918c724e933

SHA1
ae472bdd84a95ff48abdaa683951ce400c51c629

SHA256
43acc639ebff80c54d1fc016a644020e01d242593f53739c7324c4e7651434c3

SHA512
943a0515fe1245dd7db05dac30a18c23b3cafb5dc7c4d8207099a1cd68948f583c96aa34cb44f67d3b2328a21dba9e5aabf4ae0c16baa451a3d29922184f2ee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f9b49e4bfcf3db6ee887d8b33e5c532

SHA1
73d04b462566c5c0fe9f293c1eee0f031067f045

SHA256
f142a3188ababb65e4b83a813a934f9bc1b14068d0512f9d79be952224c92318

SHA512
58aae3fade2dd9cb48b9711e39401831ee94057bf793399bdfdaf485b1c0494e182fec63e5409318fd86ec8a9e3788a73cb8984bb563fd9d3a8b6530de04533e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18f76a96e585ad49c7385f1876dedf0a

SHA1
70e44bac57927e57696725048df765a82a85669f

SHA256
dc6dcf1a80c0b23e18cb9413aee49cd557a4f199f40e27bf0946c37e8afae46d

SHA512
1195b5a14371ff7eaf7382fb958725118870e58d3d40734e971634a748b9d7d517eeab681c17e7a401a12360bea5b4adafb99a6a63e38dc2fef4258b433321a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21c19883d4f1535934d62495f9d982f1

SHA1
e1ff7ebb71c4414bfc7439d5959231fef6c54e8f

SHA256
0bc5e857e36ee7a4b8b6bd9f8b19b80f8c0a29654784d3a19e7c990e3037feca

SHA512
89c63271d1f76f7fb12e6dcb193e9452724e605e13ce70adf59b281796452e38fa30fd446c4b2353dcb40139076f5606a8f51404e8d87f97eea3a6a737cd73ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f747af816083c3bcc6587bf942ac09a

SHA1
d90e81f935e076d5ef6ebf9f36266d67973eeb4a

SHA256
d7bfcd76d150736f9c5ca7e49bb918f5dbb237b939bf15f5a93a983fc7c4ffae

SHA512
061e1558ef0dcb834e8fe63b523804d30120d6ea97790233396b945544d371cd0304949a72ba1fdc99bbe22a43d2d305250989fed979b8933f21ad459a7e38b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b21a7025efe55e6c7392dd591aa81b2d

SHA1
1bccad3937971470954f362a3048ddb0a33ab2d1

SHA256
a95362537eacd26cb223a65c7ecf3780e7810d67ef169e67015cc284ebd4a404

SHA512
420792579c6d6b29ff6a7cb098fd812e057339b72e7b870777c18c55fbb887c4d91ce7814ce804fbe8e6a392ad4a338a732b96af7f7ce4743637cade4c6d1b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52c70275c54051555941125fadf787e5

SHA1
7dacda5c6c263a62103e41b89af330cedde9f9a5

SHA256
2390653a035de717467a141d112882b4ac5e565b647367ba931b69cbf581841a

SHA512
684d0bb0fbc29e37c28e8f0f7d76dca8fed14a8892e8a9a3c7e11fb6325a82fdb2af780716f3f0bf05364e3b8c7348c969acfc6768563f0b672272f3340cb4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa326eb1b1ef9aa8a9037e1e0c9504c6

SHA1
4e4fb41873a10a3c366a749d881eab4de255912d

SHA256
45dc09e7b09848e884f95967e279df2a16468ffca106d7d0e50302bbf6f0d08a

SHA512
5b94e6ba03c29a35c92ab0ce7c4650284f79cd5eac33965e8a016f61c2410fda02d5e1cd51d1093a9ee2d70ca045841ea76bf5e4e3b17daa94e346275dee4a7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad41cb5ce50a0d55abb8ec7dcf86885e

SHA1
2adb8acbaf284f0f77496f8e3ee4080f9843ee2b

SHA256
e0a7a498225e5c1525a8a6f987ab604b83cb247e20405c10f1f13adac3d23e08

SHA512
e1fca98b646d71198652a6866e8a173868cfd6a9707a10cce1e0d18b0c21337db2197a5d979f277143fbae7858d474e8792b919a6f7dc77869a87e050001b87f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620237a1b2db7c53239190c945bbe349

SHA1
922497ecf8d71aed943c908e41f0d4dc6e82a9bb

SHA256
4d3f5823bb97b97adcd93a90d0156aa266523347fb27a506665e59f07dac75a3

SHA512
de4033e66cd20903685ca7e393639b7b2be3799c415dca491cafdfc527d5994176f801d13dceac7a69fdcc71bb938afd6542da0a55110fc8d08d5b2bcdf843ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41332dadbecb50c1b0ae0ab8e9a1d1c7

SHA1
7b91040539902da80503c58b7eafaaf022ea9dcb

SHA256
b22ac73fd4c4831ff7e198bc8ffae1551807b957c0adc1b5eeda41f2a0ff53d4

SHA512
79413b40797cca26caa420bcd228334f95922c726de4774305acbe2df66fa85c94c648df336eeaea5a331eddbb606f29f0569d6298442bb0b6c75ac3076a071a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
859ad18ae0ca7eb39a1bdd493085f1b0

SHA1
91949127fbbd2d5d352b914b3509c167f3acaaaa

SHA256
cb31857c0b54fef7c2b8dd182f4378a9712024dee6b207654f5354413f69a71c

SHA512
0b1dcfbe8f9ae3bdafc975daa51f5f5fa173bc6f038d921632ad6e4207bec937b9e3a604a98021370e9ffce1ea976f375c24eb29607e908ebc29f90f89c7d521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06a57a0ea54dc8ee4c240b2d2aa618ae

SHA1
493f57f780b0e0b6e09beb9d12b3db310826ecee

SHA256
74892d7004f2af442ea5933e2020610a137230e3a9358495ad08102ce655ebc6

SHA512
54e9fc48e8a2fb5a33ee36d20058207fe5a96a6aaf1aa23a52d9b877d0b13fc8d05c61ecb5828dc0b826c88551db3656fe69055a40936d1ffc72dd4f841bc742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b16203d816572e5a771b497af1c8dd9

SHA1
f826d1ee116deb8c970e8045ae9f722f2e62ceea

SHA256
d70a2f9ae2c5fac6203086c9c9c9d07b232f90f2cfb2823ab6ce3ae5fe33bf11

SHA512
a0a05ac255b97de0617eecdbf541d2bd6a8e8340c8690b0503538b34afc310b16de486fd1147adb34240d2f449131810ed08c30cf8e39cc4ffa1a8f590a0420e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
798173aa8ea260766765994f432ead6f

SHA1
d89b148da9216739cd717e5a7944dd4a18027439

SHA256
0e493620349ced93bae72a532380086e6b5498338017c310ea195b50ce60eb39

SHA512
8a93827b0037a403934a52549bcd3e6268facc06948a4a78895fd8fe6951c0ad8f51d9d278c0e1041cf9787e3eeba4c8d21683ef9b3837fbe4c9b858caaec774

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab15A5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16D5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit