1932a2420b3f9e4cddd528836e77350c34fc2b8cea73f2760c78862e739e1af9

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ea8c4bdc6b429680336d3d007b1edd7_JaffaCakes118.html
Size

12KB
MD5

5ea8c4bdc6b429680336d3d007b1edd7
SHA1

5ffff86b37c9e4b9ca6fe7cbe3e479e2e2e66526
SHA256

1932a2420b3f9e4cddd528836e77350c34fc2b8cea73f2760c78862e739e1af9
SHA512

c5d63cafad2c55abc32977e9dbd55d135369edbee8f872ab4c90e186eb7eaebd649564ee8b0bec6a1b1172e962ecb747d91c7e04921dd73e50c11eca79f423b4
SSDEEP

384:Cyic+LdPBqkIQFAi7uuvMMl2SRfjI6wuRvLLu8EV:Cyic+ZuQFAi7uEMMP7FJDi7V

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009c92ed2592b2c76c0a0541adc81f11c137b2c8d561a7c7d86aafeda2bd15613f000000000e80000000020000200000000d70e33a2fbc78097c846a889e320091666bf10b453260e6f0dccebe4d1671ea200000001083307a162eee18f34039be023f7c1d3a3c055489f680fd93b72388992fe60e400000005f736f947dc42f87a90dd12dc9ff3d483e1bcd1dbf194e0b18301ef573663f623b8dc9628cb14067333b4905619873cdd8441df61b60950ba1bb13e4a6b8e838	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E10F6761-1695-11EF-99EB-F2F7F00EEB0D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ca71b8a2aada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422363713"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a6e2043268f1c1dd7b6ad20badfd7a8e52f5037790a5fcb4a622677898553cdd000000000e800000000200002000000070996859b1e338dcd9b00779298d216617a17056a6eef07735a924a85b2b7e5690000000cf50f35afeccf1f724d8a5dd65fe510be4b1727abe9c7d9d079020178d55e10d9355fc4fe8b159b0fa501ad41386d8fc9ae7c392201fad5ca40508c1624d9934a455712c57dd2dc2712f7487cefe6a773db109be2bae528fc940d09aeda6ddf1a0cf17f31fcb5e23650209bda4e216a44f11d57a7474f3896c26017379d5da4b675a719cf93a8d649b2022e38c24c83140000000ddbecffbd4bdd0e3d058bb161f56848a6368d6cd3f9807de825e207a2a825a8d0c2d4855a03ac9848b5091d423a5130a642b2d81886b242481cd4393a8eade8b	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3056	iexplore.exe
3056	iexplore.exe
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28
PID 3056 wrote to memory of 1272	3056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5ea8c4bdc6b429680336d3d007b1edd7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
872e5061b5e892f974fbf07e28ca3edb

SHA1
f856c1541d320998dce86bcdbed58563ec456312

SHA256
53d990aeffa8fe4ed2ad54a621bbfecc00e18f35a94fabde09fc3ebe49f72537

SHA512
ef9e0a056bab53d61825081d702fc2f501e0fe2baf59597ec0fe7eea9d0b2121583573b249b5a9819a98a45b33a8f83af53c341b9639b18d99cea9f0b1e56566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75e5342d27e420c33db8ed17971ab91f

SHA1
ea192f0b6906ed7392b0d40f51ff48085c199d0c

SHA256
99b7309a99f24529c74d2b3aa64cba00119ba4cccc4dc526c20763d6afa17b73

SHA512
7f14fd952c494abd29176e16cc07286e981ab453df6ebb047cce2f924c509e026f43a061da7e604c0e3a1468037ad6062e0ff30fec518526e8c3f55b38660d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00cf787687402a80b6aa907ee8453c06

SHA1
4c6fadc6e473bcc9c7805080e1cdcbe1e255b60e

SHA256
b21b887e1047aed67a10a01240b0e09c2298a76c4c76d7439b647aeced0cd766

SHA512
d9aec2679ebe91f51de3fdbf983b93996b38e39de12be70b7bebb53f2136a9d784979423808afbee3a9a1441790f7d5b4d5de4c7e15f7b2226a7e1d605b8fa14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f9c127bffba83ee8f73da72cc79b336

SHA1
03ff5252cbd7f8c80df7b6db2447fdb8293b5453

SHA256
d7d8a2df9f756d4224c45bd3fe5ad268130ffbdfff0ec081b671f99554ea8728

SHA512
f519b367a9aa84cc863a9bb06bebdb8d29ec2a6a4e33c46e6b866a7d22097876d2f5753b71328f28579983cf63428568837d1fe1bbd86f3b1cbe37da05159c0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5377111803fb2b48749f7b159c50ee3e

SHA1
0f619d1e49af3c2928446ff3de8a871b36bf90fa

SHA256
156c28f3a6fe76ad629f495f7081401f20e76b7a3f8b6908a3da6bd7d8daba68

SHA512
5e3c79ccbcf231c265e2048188ce87bdb359ccf63be0bcec5acb9be97e61c1336b9f59b08a638b38f09fa6fd47c37eeccad9f00a0b5877a08a602f9b5dbb8cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35df4965ee8987fba85890831ec97db5

SHA1
cd66c76d5715f90d0025278191780bc7722baf75

SHA256
d764655e4b8f83626f4797d1ca29b279cd8daa966431dfbba4d58d411cb6b049

SHA512
97c0dde8dfe712555709e0be526c935d36ab266a008ba5c6cbc639975ccddd8342a57aa1bf1e7562a1c504e10358b2778a28feae13ca8064aa6f03de4e89220e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddb35c52d595e8e49a187df4f7cbbdbe

SHA1
bc68a19ac987a6c77de89a99b91a577d0a8722c6

SHA256
9089b44f0d097408a4bff16499226516486b30bc31f79ce7e6aeb3684a18c457

SHA512
ef1da5c6936a0ffd57d53b2476b670ec5fbfe4f1e52ffd6c4f88d72b5917dc9b7abd078a3c10ec3bd172c39ff009b6ce17126ebd6e5a332d0ad5dc290c6174bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0663be47c3baa4b9b9e9053d691d9c77

SHA1
216929c4c82d9043c960425c9cf4b4ad2ede344a

SHA256
d66f5dd3bf820b836ffefd89bd904b228dbbee975ad7496140a9aeaf16e7334b

SHA512
2b45fb3bc04f35994a84e4e822a4f279cab89ccc7981af650f9880c1555b21ec2d0785d0e7ec4391f14e57e9b8a55a07b055ef9c20718e11c36c4f059400c732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90fbbb002ab8ed9b3a0087c06f6fb60d

SHA1
c419439d5c231f1ea1744146502dbd75968e8f68

SHA256
0d6eb5e18f452a50175428dc30228c17a3378d0880cd37ed538932014996ce18

SHA512
f6a6956e894eed9aa9b1aa985353b1e96891315a983766e8dd23f8cd8d916dcf29997bdf752ce4be61dd1b4deed209d9a5710335b565a331e65bcf20cd2810db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b24f99840ce22e2536e40270c2df8a84

SHA1
5ebb514d8cce4b27e4e4c895c7b502ac2850075a

SHA256
524c49773e2e88b8e15189517117349ab4b6a2821c0560433523ed269ad50457

SHA512
8ce669eca4591038a2c97cc641f5f85fc584e26740369b9efd215f7c67001ae184ba589d810fa0713623017c38784dbc3209690c488c06714b12269e46c8f71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
544a20cc85ad538b904f166c8b3b3a23

SHA1
8bfc38e232ddd8b80e8206d78a37e7d265621cc1

SHA256
21f7122c87671ca2b5bb3647ffb9b3861fe0a6860311d3fff211bc71c3d9be49

SHA512
64a9a0de8271871d6e18a8c9b9ba1f8ac47d067a53054b0249d1034babfd53995566c2ab16cf78b5b1b138b0cbc776275d7e74e8e2480081fd91f6b055b41836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b128a1e4d1819e2f7bd499a5eaee855

SHA1
e7aab0258a8b9eba5ceee6c1aaf56cf7955a79a2

SHA256
ea7a5fa9db37a5860775cb5a4b13a6306727eadd7ea3e115395b8b1448d33f47

SHA512
7b120c843c33830e41ace9d21f9608b766c446b512aae930359d153ba4c0f35d3283709beba6f99a57e4080bc9ab297db1430c11e7306cf15fe621331e3cc4d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c77df2bb72f56c0f93d08adbc7cb4cc

SHA1
72cfa1e3cd26ba7d470f9887b3864da35227c1d2

SHA256
72fe5280743c2cc16fb3cee16efcc2196732c47dd4faa0c6c55d336eaa342b70

SHA512
84156d964cdbcfa232258ef5089a8ab912a1a364f56b51cf5ef4a1a53453a0f8919981587fc214d35e550a4c4efc293045df245aab19bca264e6dac1a9edc223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23f3898370218f97bf28cad0d8465f0d

SHA1
1369dcab3bf6e3b3cd259c0318255bd4e668cd85

SHA256
a140c286ad7c38fa31928d45c053ad6e205df0772fbf3eae7b14cc36feef7ecf

SHA512
01274c55c0e026062bb5522fa95531028887273a327f15e2f23a7ba2fae4ed58e909a1110cbcef43878a391961d463777d2184dbcc7143745fc1b9359c5a6d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e38fafa54d7748daaeb349155ad59ef7

SHA1
9b9a35eb0fb52718ae6facabeead9b17376a205b

SHA256
013bd5de67cb6f88d5cbc3e65ec0104bc00e192a2e31baed2ed58ff48c669a89

SHA512
0049d775b95eaa7ab05d4ab23509c087a17109edbb2e692e69fa572206c3a0c24604d77fe2d864e4e6ecec004aec2ce923ccdc2ab122e81096d17381c18778b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e07b762e4166e923c125010a94a0ce8

SHA1
48a905904b21b4024de472e9ebf0c47283a3dbad

SHA256
8add245c4fbc593ef0704fc127012bdccf499bbcd09c054fcfdb0cbb1db191d1

SHA512
bb50d1494f5be9b05232744308739022f3be76e86dbdbc5935dc7fbcd8777272c7150526d121076a04d7d613bbd0406d59ce8e646487282d3ef348c077de8cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96c6ebfb57054ef4e83afdda67c5533e

SHA1
81dccef0b18d830808d453e71f9ec35e23e915ff

SHA256
0824c8168fd8a9abb29b1994100da524a366996e6746cd1b30d881d112038c9f

SHA512
a3788df8249a777d75f8b13c8d98f0a270a923087d8676ce6a95ab5ef51663fda1d4767d113583a9121eaf4bc7801897cd731e6d06a645469cebf90ba26d2ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4DA6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DF7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit