37bb82f282a79ad8b70a701665e0408d58ff107a3d7e0a0e7eadfa17328cbe44

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/05/2024, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5af4df6ec15eb21c9bc7295550fa0370_JaffaCakes118.html
Size

460KB
MD5

5af4df6ec15eb21c9bc7295550fa0370
SHA1

a6ca6a79b571bbadc118f4af210f453b01ab0377
SHA256

37bb82f282a79ad8b70a701665e0408d58ff107a3d7e0a0e7eadfa17328cbe44
SHA512

ceb752750d98cfb4467cf3f49271dc0d2991cc43115a6ccc3a4022e2edc8833a6dae5e294151d3d61d1f4d386cf9dfc2860efaccebae06251fa8529029e3d6ba
SSDEEP

6144:SDsMYod+X3oI+YisMYod+X3oI+Y5sMYod+X3oI+YLsMYod+X3oI+YQ:Y5d+X3y5d+X3j5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000081b939f3e1f76b4867a0c9a2456685993c1030efea4dcc7c86510e1f20185280000000000e8000000002000020000000935670bbc8f6f4996c7cb58761fded6befd046d4c13b369672e058585e7e212c200000005ae45aacda94659f7ce800136f4e6116d5e6445d4578f596db4144684542bfcb40000000a7e729e2c3aef6a7cb2d4e6e56733b0ae17fa54a60977b57ab0a4488628d9e5ef95abe75e0956c9600f52d5c595bd65c5aa7e66301443a416896c2cab5d23781	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DE37F41-1612-11EF-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108774261faada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000004c794bf8fecf794d78e9f0eca2e860d77c2262b635c95ed153df36810c7139b3000000000e8000000002000020000000bba010eed6accaed303beedc0818b11e3d955e5e72ff15fe9d363f45c204601390000000bf2597d7bf6a01526f3b9df3a5dda22db6ea1b6148675487638d1891ead232858a9038a22b1627b6da7cf31f01b9c1febe9f6c04388a3a6386e2ff72ac7577c4a73d5804a9c00ea1967b0babf7a9a25f05728731ecd9a7778415567bf6e9357c521cfbeb1d938641a90b6238e4eba6bd19bd2bfc7393cfd5b4d9a0a17adcf1ecc9ec18a9638326ae59d5314421da3ed640000000feca63eae4f69d5b6585b99057a6bd00612c289b538b4e80acfb3e779221e8db92ecc6724918a78d3c6c01464d762e5e532253b15bc0606aa58e80b5e359c751	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422307202"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5af4df6ec15eb21c9bc7295550fa0370_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dfd6bf739e32ee2174ea3364e69931b

SHA1
7e3efac2112fa61fe35bcfe34b7db4c39b0ba8e9

SHA256
36312cdbfd06e1639f02711ae779a7f21583c75cd8229af8c771a1e14aeb7e50

SHA512
572afc5d57bcec45664fd0a82f7e49c99c3fec024c29b8b610b8e2ac7eeda607931a259a412cf143d92acb42495589091237db818ae212c4a598e28cbdf31122

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2502f5e153ad2a3597afedc14577ff1

SHA1
3f0344dd2bfb1364c73c09c00f041cfe9764e188

SHA256
f0279f5f62e7a83b764fbdbcd19fa22ddfc06b455edd20a469af92cfe2472577

SHA512
c1641257d4d16ef47b9de0e9b50c675ce5d84efa34f1b715b220feaa76286fd6c1b6c7517b02f6daf2509220b34dad72eff17fa3f6e8facf0fb41d59653d23bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa4e161a4e70fe05a583a6a49e197a1d

SHA1
0a9304068a800e946adb1a7b55f48a5a6f883838

SHA256
225ddb436c1118d0e2f468f6d847d6666ad84a0bc7ad1e1ee65591b0e9cc8b38

SHA512
1ea7e3e9dfb0acf225ba034de188b2bbaccfaccaff84ec49f9d59dac7a7094014aca91b5b21c962fc0ace3c916bc3c9158f0cb7f2e2f5357abef755e35daf7bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80c9205dd66a2fe8cfc533e478685031

SHA1
adce3d7974025e2fb315680b8921581364ff2320

SHA256
d7185970674539ce68947e8dc705c994c5b696f1411652229f10aa1fe2dd3ac6

SHA512
6e02fbe8bef1f2d18f145638c27f18537c82f0f33e0e2c347466bed7bc3b6bf4eb9d280338588019877fc195198e6b9028bd400743980a688abbcb60a0c2a485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f1827c575301cf4cbf07da66bbc408c

SHA1
2008149d8eac5a75db9bff0347e3caa35efe87a4

SHA256
18dddb0dbbd6ba9b4e6335ed43750d02309994d836cbcc21b1366fef9b850e07

SHA512
e005f2416d06ff157631aa83fdd2e9d84516bc954793ba16ca7cbe59e230763ddb6d41586e79371595eda5b1672f6323587d824774a4ba22d63de6bc0bb24c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c6ba7371463c58a0282600d58744ba8

SHA1
3314b61f21677a7ca5a107a59b7085d0f9ce2ec6

SHA256
b6b64d4e72ddee285113c27f78d25a88e3703043681c5d4b77b9c7bb8e01357a

SHA512
f6097526394422abbd5d8c07f54659c37fde3d958d80a2c9f5906bfd59c7a5a25135e0a1c31c65a71cc6f7e32ab51e482ef9b972771fe9648e31510dc47e67a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2af0597c7caf2fad2d8f5afd4d7fde64

SHA1
efd3df62155f2c91f35d466964d05821156abf4f

SHA256
74253f63584c012d0f5f55115d234215ea5b83ce6d0ab2cc10b8c8c30b297607

SHA512
ecdb0ce916b0dda8205fbb8f7d6004965a0ee28ff798fc38d1cb7a69e5fab07c2ebd0a397b6f5450230f9145cdae6e4ff0a2fcd1ad9d80a6639b4d3a6f126d17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd64ea4aca49caa1476072941a2e1240

SHA1
81e448a7aaeeb1ce466ca1de9d097903f1dff62a

SHA256
752eddd0bdb11c660a0393b618063aa323e6d52eb36e092070b395aef9a3b8f5

SHA512
3fbb6c60b05cb46cf45df6dffd36e93289e9f236893bd7fb27180bdff90e16cb9e13ec30d3d129774fb3010fa7ecd22cdc53f73c0406e6a67bda9cfc270bacd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87264e3d73cc99fe786cb354166d73dc

SHA1
2e0a1ed696848970b963a1af3220d6d41fc6d68c

SHA256
9586d06ee2a9ece200263b7bf0a20c83d131abad592449d7b030c9ecbdd596ff

SHA512
21d2c867ac1bcbc53e54637f7c54657a0d9f5071eb1573abaebbda7a8f07bc4cf452589ad0535a54ba5e19c32a0002882711b4dff565e6f2c2f6529321043619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c614cff7a349b820440cef90986a687e

SHA1
4737ce6bf12ef48740ce6be4db2db7ea3d8ccfcd

SHA256
27231c68cd96dad6882c3fb2b29590ef4600dfc7e9b1e6f739e4f7e712e087d7

SHA512
ff2895780f076d35042c82ad0511e2966b31206cecf3cfb1f40de794e13143a815e2bcc75166ed97fc05a535a9e80e1d110fd2b5e3cc7acd1e477451eacae3c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41e73807f4486ae437ade7c1f8887b14

SHA1
952d53fbcb614cf9c0c5361554039c3f44b6d514

SHA256
c16a86a91de8f7661c8f727857eb3aa48029fd457c90d322fb2fd31772c7a769

SHA512
b9cf47b48e97181485a0df9f913b2312bf111776060379c9d5c86bfdf833c5f2460c9979df8e756c5a80187cf44aa964981b169014769e9ee51c763a67f98da0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
035034add7e8e8139a32d89c64b9a2ef

SHA1
51ae8c1b57d377a8bf1a0677962204b7ee8b94c6

SHA256
b95e4c99ee3ef26cab374bff64ef6f1fd04987295b0fd109489515883b379ae3

SHA512
005d1cb8788f8afc9dbf93f06ed565419cc8bf76fd2558f495784ce37ee9e9ec267a851a3f4c6a00f3cfc4634d538a52b91566ec1134d3a898f208d776aff7c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
694b87402bb9c41acf3a8dca8810ea81

SHA1
e2fe636502cfa4c6932248284b1000ecf6e4a19d

SHA256
9273a2bea4399c19aafacb9cb49985bbcaf5246d07449843ed6a1892eafba4bc

SHA512
e22afdbf0c1ec5f961251525a87e05c1d538c453e466e69e3e6fb054990bf8a86c117586db26e53ed6ab270b127708dfdff9a3104184d311f7dec8e36030012d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8e3bea13c707d7de54b2d4313524cac

SHA1
8f5999a30ee87819bec24ebfd2099ef0b332d5f9

SHA256
ee3abd78db1af1a8c65ef68a483677d60c19b53384bd49df6d7b68732c056c9b

SHA512
a3916cae8cdada4f2b5dd3c777c89d5ff8e8d2d4199bc2aea82cd70953ee5a180d3d22dc78ea238dcfa6e6c44c9f7122d1df63220ef009350d4049f459a2f539

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4874318a5561aa97c11a6061cc56010

SHA1
3aad9eed635936658dab5590d4d0cac7a17217d1

SHA256
0adfbcfa2ed5ca11946ff6e4a3beca39cf0f71c6bf8f2378c47e0aab6c48fc18

SHA512
a7a71e0c7a912a25bb593c2d7ffbb74215af8174c38b6d54f8bf68b868d5b2d4b0ee5a840975e5a3da7bc24869b4f8a1e5a1a68ec58c0928640da47ea7f3021a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4433.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar45A2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit