5977090ad6595d76ad72de44c07dcccc805ba91b52023dd7172abbf307dd9b7a

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f3598ef4537bdc6239554b7b49b95c3_JaffaCakes118.html
Size

13KB
MD5

4f3598ef4537bdc6239554b7b49b95c3
SHA1

adcc696f6d971db41a0c70a76dce0395eec1d7ef
SHA256

5977090ad6595d76ad72de44c07dcccc805ba91b52023dd7172abbf307dd9b7a
SHA512

c785dd81b12684a22183941b377b15448f55c89df1906e566fc85b03cd7d67e258f32ce2dd8191719c581d8a9d6f3264f326570391484a9266f746292339cd2c
SSDEEP

192:gdEKKa12av0W4swDtSnNhZh9wN1bZ9EXXWUstVAAkll:gdEKKa8pD0nNKbfEXGUsqA+l

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3E39201-1429-11EF-AD38-76E827BE66E5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000982c17ebc18b65a300484ead77718fc7d4fda5918c5bae69e04786c8e0d7cfce000000000e8000000002000020000000b86746817d0d37a90c898c78ef0e297a20e985c38ec9a14b055e882bfd25385c200000003c5383283406c2844f553ba51c14a2d03db72c9b2ea4e97cfc859592140e99d94000000057deb02bca59732ea3d147463f42948e1c1e8111a3fc4d2e78c89e4bbdee1431a829cb9cd564991c1fe110c2faf414012e0f4222f6063db2452b994540ba18e9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406585ce36a8da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422097403"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f9ffb17f5e0ccdaeed3b1cb13a7c48bdf6788a94c98137b3954ad8ae94ff3749000000000e8000000002000020000000c79db7d57749aabdb020646cf98c714aa4cb3dc32ae285605e56df3659789efb9000000005ec51c9fd984089a9f37dbe6d73476b0071637005fc924b0655452ef730f044ceb16d76c1c7c6a1df36363f91e0545661c7494fe34a0fa64d8c4048323d2f2b899712b43325ced4cb95a78a4004a74ed9ff2f9681a10eb8b5fc64ad17582ae84d66d6acb99ef0bb51fcc4023591245bbb123740b229e75df7755fa0ee50967f0d2bb61c98ae9bf770aa318722a5ac3140000000b14952b591a7e3f48fd371fc20a4f53ec5e274122fcb0de648b59c26332a611bbdee136cf13188ace6dfe185087fc3fa4008fa7c4b2c0d6ee801efad8fc6ebba	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1860	iexplore.exe
1860	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2140	1860	iexplore.exe	28
PID 1860 wrote to memory of 2140	1860	iexplore.exe	28
PID 1860 wrote to memory of 2140	1860	iexplore.exe	28
PID 1860 wrote to memory of 2140	1860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4f3598ef4537bdc6239554b7b49b95c3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b0f5a111b0e0efc522ca1e0d25a6e80

SHA1
f073cd42b1a901559ba6cb13bb5fb68ad9b9a3af

SHA256
b9bbe5a58f70b4bc780b9c7410fe283cb39b23e5b68ee7f2495a67f933eaa1dd

SHA512
c09a03786d1a84d8f1847bec9a65762cd82a73054f70086480e26468819d9b515cfcfef9b082123be109af61785baf1c9158a10c91bee89d177a81abe63bd096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
898e9cb9b885e7c59118087820362cfd

SHA1
1b5a909191d481f4a858e629cac80194cf90cf5f

SHA256
801999971b70fcbac54c3ac2e384e454e971419a2a16c5a31a045b91e31fae8a

SHA512
cdc859b750390e768e78e2feadb7aa3f56fae5a76459ce322515c58e3061704521b6b6805a3c900a2c74d4dc4d19df039252e95c4365cb9c007555a53e7a821c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f82d86f1010b9d3b580400b30f01748

SHA1
afa7d919240d03c2257d58881f6c5203d1a73448

SHA256
0344d6da96acf4beed74d1d6052fe8465ef07d3541e53c6d3633386bf4445f4c

SHA512
f7655d9ac59ba10c62ab3b4824bafb88758e7e26b671d627580cc91685e0d4e38f22d2b449677fa01945301f7df5517aa9058bf3a3ab97a7e3cc180ec50d2dab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbb524cda704100a59d3831cdf454bbf

SHA1
096b59b3258189ba5cc4b9f4547738d9cdc869f6

SHA256
f43a5672db237f37524521c82f768924af11ab9f1c1bd2fc3b6e2f810e783dcc

SHA512
2d367e3a035e21df975f9075ff07ce6d03e2a5accf171a8f1ac034c4a414d88576964c914f357947497686d6b006aded8f70b06fcd4598c91ccbdd03355688b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cead882aed4ea2493267e1cb92d2c230

SHA1
c491c8c163b07ed102ce73884688562f7552edd4

SHA256
f082dbc38e56562da4bb0cf72d5fe69eee729b796fa574cd5db2736ed2329599

SHA512
c5739be7a15bde5458e8035c2e660e5dd39ece10938f46e39597e990811ae0a3b52a61f59ec592de4e813acb1566e4fd1a70d152276293fede7c86d247901cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ad49d444abcf4713825b2481b5986cf

SHA1
7396a3a7334f474767953f2d5fc9fa4fd77ba1b2

SHA256
66e24646a96cfba7e5ed9659cd0e711358704806b85328d1b9510934308c8384

SHA512
470338477a4cd43a61dde1ea08057aca64fb22f09b961edd1f53d3758bdde4eee94ba1f03320abbf69ec32c6d75c2bc2f9bf7f1289b1246ac745a924c5110c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84e60634e8eb3d22326d6d930802a03f

SHA1
d8f6ff8e5988b151f99b17bbfb25f902cd0691d7

SHA256
97e933dfc9f54de27755dd9b45cc9c3ab8bce5454b0baee2a10f959b7c58b573

SHA512
8a917d24e88a3d3e76eae7c654e5ca7b269d691d7aa31d09f1cda8be33570e573b57ae0386a13f60fa7d896eef15d71a1d372e7ff499827e6c22462ed8402e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc278773ed8a82f83f67bffa044e4928

SHA1
88afd7da48f1ff1016a00c0782744f03a2876bb4

SHA256
c8367b41cc262051d9536ef99f4e901c1ca8fa543930110d21ddefeb69a12afa

SHA512
46cdc7767ee87a2b19d8ea8d35f77443d864342749af52fb27c13f15d27a751a693f259631195b6372a4b8d50e7c5a2f83cba0ef096dd8ad47cc13acc7b729c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c0b4f665dd4758c12891a089cd33b61

SHA1
20a909327a9da55061d5086e9ca5a35394fdc464

SHA256
44daf37906160b5f976b2f86a16381b53e1555995ff190c06e28c10c85439897

SHA512
671153c165fe79eb0640bcb86547cac67d06b3d2794a586679b8bd8fec804a02dcdbe4f550ab218be9b9b29fd7da48a90bb6c2c093ad06915e4c5cf348955cc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23f04fa75c3182cfffdfcd9aa6a1385b

SHA1
f95e6e1ee5da288c6314dd01cb39e0f86ab90abe

SHA256
193ac66f1bbfeabb3b8d074807c76f0db4f02ef42376ab09ad15c8fc3af381e5

SHA512
82855f06125bd68c557c372eabe29bd713d54d6b319a38ac5fbe520521849afb94b7ffa0c781a3c53bafdf6c74f6cb78a15d3224b8885deaebbfd440a57e860b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec42ebb4a16760ceba114cb6e6d0f883

SHA1
00912cfd85ea9f3a21b36e95ab45664a870767cc

SHA256
851832ed7cd570b9cda27282f461f668c3d7704c6699d939094da4f385f825c5

SHA512
b9f3ffabb3d8359f52df23c3deef034dbcfe6957a9425b676911a2b69816c5baa069a91bd593055d1838ab104bb26a35eb131875fac7c20c483f34f7fb6a77b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57d33d5108b506ea97c04fe0e3d57d67

SHA1
fe42e6de24dfc10b842c31e7b5d74d1719b5ad0e

SHA256
ef62b4038fca350ae71691f1bf6a5aa49769dc3ad14f3493f2f4d8b44d7e9387

SHA512
b221e9d61912832962a5b99c2b9f889ee05d17990b8e3fdd2cd397a9b26473d420fdfca30aad364756a687d622d8a08190b418352ac0be2b77461aab7f0b994c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd10760a94ea586c5baba52605f05959

SHA1
446916c7e5184d9343180f1cb36408ed8b92c0c4

SHA256
77fcb471f140e31e99304e734ffa79a1aeec6a1b28b90b1500426f7a042ae58d

SHA512
6c7c8b1909464240b40ba583918d8d492ffa3cd79330eccda478b4a1a58419a6df291c40f547cf632c57cfb01a1d891bba94d1691193fd2288aca6a9d9f8c38d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72fd56d0cffa8b62a9c839dc7374bb5a

SHA1
5a40a430e8c1a6b3151b3fd3b55128362f4a035c

SHA256
882af641cb6ce5f78df3ad7d7052de9ea397cfb584c1c9da4311bdbe6c8d011a

SHA512
cb77758abbdb3e09baae690b0e5d9bbfc3fd192d30f3bf843feba480262d1fa06516a7bdd9a2f5f16e00901eaafc36b3c910602bed1b98d0608f64257abc3607

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6be4d54007f87eaca0237eee9f8c6ed

SHA1
671ed0c5e1beb601aff118c5a8a5da67d23634c9

SHA256
07218b3c063623ee3f11e40a2f1c2804ba165cffefa893139be09121d6ffc0f2

SHA512
7948d4a2d9c1d91361ed7536d6970bf7a2864a80362ffe4b8cd90414e39cd369a0bba615b4ce5eb839ad4aaae5c39dd59469594cb4ae027b1aa5a52a91d492fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74342ecc4d5b79995802178560f22ba9

SHA1
5744e37ec18ec97405fc83b9280254a3bf2d8c17

SHA256
08333dfb1eb64ad9f86f0249ddadeb8c29c536283de20f37e31a88e29478efbc

SHA512
6303f8f791f1c6b650a00e0169b2dba59d8c83087b81014f094a3e5fd2b1bda17a832e9cd63b4974879fa08c304ebbd3a06b8fa653fbb95a76708267533b39be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a440df19386caa2f27e12cdac721570

SHA1
2348518469d86c139c658b7aec7ad9a5bd70e791

SHA256
4334d862fb281d65ef04eadb716eafcbcdb764ff5be2562697918d89286a56cc

SHA512
7878cece569e599953e14fb7754a5744992d9b7d52baca6cc6e1e919f58353986c5669c89d17335de57173c493c0f48f9476201584716ecabfe02b40bebbb737

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab560.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5C0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit