0d826920481658d3a563c778b85e0afa15be24db7f15bf20cd695ca23a18bb2e

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ed62af4ea87ef63b7f49aa8717e0885_JaffaCakes118.html
Size

204B
MD5

5ed62af4ea87ef63b7f49aa8717e0885
SHA1

efadfebab49c9b5e520bff09b0576b7e2ba9d798
SHA256

0d826920481658d3a563c778b85e0afa15be24db7f15bf20cd695ca23a18bb2e
SHA512

d25e529b238b14f1e652b6f0d562dcea6de866c6279a62995a06a588735c6eb8794d754c0efae0f2bbe080f943ce5fed6571f6688935d16fda2fe3fb5aa99001

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BEC9A01-169C-11EF-A4C2-6AD47596CE83} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c07e4d6fe2fac4687f6e61b4478ff3024c9ee449b5366445e18ebb677d754363000000000e80000000020000200000000d37121f3381b5b19b749c4c32b523de2bd7263c0ff95f9ff4d7686a3fb1174d200000007251d5863ec48e40883eeaf11eb7d6e81da7dcf75866e1c636b531e01f4b3179400000003bfeebcb8463674893c543ea711636449dee935ec26ede6f1c919266113ec103f0799819a5bfd918e2ac60514e25113bd4c9bc078dd938cb26606f2a6f7f1558	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000003f5ab010c17b49ab5d14fa6035358ab4b6fc84d1c0c0c19f9aab238f7e8c3e06000000000e80000000020000200000009e590cc5f4e738e68818c366874dbae6cfa4f7a8619157dccf97128010300407900000007f61666e6c6e4d4f4cac76acd9a722945eaa0354ba2d9edbb9d2071259fcab16af4ce3f76cfc8207979595ad6c0a4ffa69a1b5e1b6c1e234f579440f88e8e78dda85ff9715315118dbcf64937774d64a0abb8c5617cbbf4dc0645f3bce414e55eb55ce537cc4ebf01bf496c427445a76632f1a157fef9507ae11f38ae2ca50051be30617e4715d803242a97c0e257e8a4000000042a1c3baa9cf46af1edc60318c372619100e4358d634ef7c6c996d9c28ec7cf0c1104c8fd25e208ab7d589a333ee2b42bea10d7ba33b8eb2e0b42e8c3d9055a8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cd8240a9aada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422366522"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1240	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1240	iexplore.exe
1240	iexplore.exe
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 3016	1240	iexplore.exe	28
PID 1240 wrote to memory of 3016	1240	iexplore.exe	28
PID 1240 wrote to memory of 3016	1240	iexplore.exe	28
PID 1240 wrote to memory of 3016	1240	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5ed62af4ea87ef63b7f49aa8717e0885_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1bac36f8a36dd8b833c97eff21e8ee3

SHA1
2e1cd82227e30c43ac2524af5a421fa4c25be09a

SHA256
babbe8e504c2dd8fff3f7b668eec5e64e5499724881ce533eeb1a042dbe7d89a

SHA512
174a5e58b89875ddc9e014ea3a8c11be7fae6d93f14f5f77064cebc58e739a20d256243177a907061b00f2623129fd86350ff6d5b0af8e6d220b0ab54d5d13ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81fb8f14a7efbc1d57bdc7dba85a8727

SHA1
810b2e5468f485524e53ff685aa9eaca6d258ad4

SHA256
212a08075e0f521a199a7119bd195fe40597e97bf57fd66c822531333de9b4a5

SHA512
627541d73fb1f9b3240dc6d453e28a261675acb3324d3c976743c3dab1828aac717c9a9d7d2d53c54251319c630e942215ed87adf06255c46c57de3ca0fcd636

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc73f78b2b1c2ea52b33ffaf85087279

SHA1
f47ca82547f7aca53cd14b322b06ece8ad829ed0

SHA256
ef3d984b24b8b107dbde7272312ac1e457b0cfae78cdcf51d76e6bbfb27a7550

SHA512
65cc859c323ce4cc8c37128cc27cf23002f9d8a40436abe80fabd1dd230908e39084ccc11bec379f47ac62e2f101a2f03d1a5c480cd071c7ea1ab413f5630946

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9be367ad4964e034aa1c926e9326a954

SHA1
faeeb4f7474d9df3fad1d6034b9dfad0c2273933

SHA256
1b30d6c225baf602d25ba17e07cd4112746e9d64a5af956f06e066c0e8ec5034

SHA512
9dd0a80cf1196f7d880104952db2942646ee3f8ed50aec89b1923d3aa6dad3544317d43289dd698f6f5eee4387d8b8c668025480ef5e73289362799c4f125d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b864599491e6507505650b3340079913

SHA1
4027d3b42f663b3a80e36afa631fa8a7de3c4472

SHA256
180f3e8f39aa6aeb8ae59f39ed3fd23fbc7794995fa0c356a841fc06b75bca39

SHA512
cda0f00ea130e734f1334938871407ebf8b39802d36c44ac8869e484afadc6dbcd8bc530b2a4c309063263458e37d3dfdff9bbc4221242eaa6928f67b77709b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c6b5e0d1e73f089db761e606e0fe2bb

SHA1
a03876b924f79a1cee6a915b4b6f2c7687f8de4b

SHA256
9380ceb5a4cbc2d4e6bad50313935d2ddc0bb1d33421709f6e56da9edb4f2836

SHA512
31966d4f7fcd1ea12f53d4f7cf073ff44d9e5632ee41a1434fab67a4cad13bcca1a6e7e3f8cb67f3ec3b9d6f71f425c1874e07125f4a34a202539c6d049c1d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a41d465a2f9b254121a25d50153c514e

SHA1
42666162d395e29b7944117d1771b6a633a18d34

SHA256
2939904850a6612f258dd9e194bf413da760739f61127cdfd54f89d8ff05f98e

SHA512
71e43c97d214b2aad54113cea7956713f8054da78fea2f7776bec81535316f72e59e588584ab1f62493cf146fd7dceee2596729904dd07771e6763572ab09ba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
def89c8e3f408ced59149689bc49073f

SHA1
58bfcede92cb0f33c17434982f2b94d18a968dcd

SHA256
6e5f3bd84dfbb41d04725d3db5141f7e8d71fdedeb1766b940a24c22c8bd1940

SHA512
60632311413bd29c7522045562a9df6819e601e519fd6af6a7db12a4a2c469f63eb7fdc4c8abc4104305c3e6fab041a80f9518a37edd8d0ed5475689f852c23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71ca8c63995719ab4465c41b0084946c

SHA1
7967d7c6c0a0e9cdbaf61370cf964997bbe0b949

SHA256
8c855f875b7abc61316ee47574cb54ec7810928f40ce32d7a42c751ce5272e17

SHA512
534cfb89a601a7136b232042a4f00c7a0b78b84c8caee5c91bd508acd23c0a6eeba250fce4570447b68c43aea13e87b6553b85932af53994166cc015fd55105d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c131a3ace7aa569609d253ffc42c6ff

SHA1
4a32d77504c257cac24a6e2cc8d1c1d010c9ce52

SHA256
68b4dec5302dfc6bd03b3084dde103047145339ebf794d07535e3e48735695d4

SHA512
f477aa056340ff559b017748fd4b2504c256d0b01555fac9dbaf8a495b44f82c47848c45931267ce11a6a5dbdd764c3dc6028e8217b297e937866f0bccac837b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e10bff576b143b8289c7ac57aa848a10

SHA1
52d80c37937c51f805d067d1a617f97bfcbed065

SHA256
894f38acdbd8614a02adcde207a5e336f67201f846acee87669b42ae99fb452c

SHA512
9d58e2974a71fe91dd5cf319b866da69578906cc70917b03ed4427a9f6e3191001e9decaf1923859970de649270aa4f9c05df8bc0c934d75960cacaa847f3ce0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f181ca420c85c743573153723a8d1161

SHA1
af27396752a27d514e6c3188bc84820ccf2f913d

SHA256
6c5949f44ee56159d01bc0674545b978fb34e215f44d3ff0ebba762cfc79953b

SHA512
59db5d927d5a6cf1f6e73579ab0f52ce1c7dd00a57b81352fbbab13c50497ed394ef5bf11f2f8fa70c13d8fef1eaa31c2aacffdee24e851937b8826e46dc162b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e0f4ab31208945c619ccba6d795e4eb

SHA1
ced6ed5c93505d6527a37540630c078fd5c1006b

SHA256
8ca5445dc159d8c552ea9df7e26145ab189b434c210df3be95bb009f8a504808

SHA512
137934b6d71eb6a0a088870d784d7673ef19172c9eab95e745460eb92b087f9c0ae1192f603e23b551eeffc5760c93b77c31261f7c961a4098c3ec86289ad511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0227d842146867cefe631f6ec8e8489

SHA1
51a7c88ee05e48d4abb621567126ca9ca4ac208c

SHA256
07c8c53bf273a85c24b6f5116174e8fbb69632a266e85a67adc3e308e9297313

SHA512
3a967a09d9b8e2aef0e6a647c115753e6255a7c152290a0917dacfd6d1f2761578d9f56cdd78854fc6b2b4260492c6a17b6dcfde96bacd6cba5803ee723dd7e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
123c6ca32885456484e3a28532458d6d

SHA1
39c2435de7b4a5650e1b44d1bab89ed21f0b17d3

SHA256
e79fa0ac9891e010436904f136f57e0cb9372bceb4f84c90c5c61832a3465ac5

SHA512
d4fdcbcf4217c3dd4748b7aabaa3966c0a2d9c182f6d3adbb23a578e0a6c13ab587bd5f34bec1f20613e5432bf9b95dca053dd0f781e99cf3d6bd9adef9ca619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a339d39aa72865fbf50375e45773af3d

SHA1
f5b6d86361a90e990fbc406eda7c9c491057eba7

SHA256
046ec10f24671daaa19d574be7bf88e7ee87eeb5f25fd62d4eaa49295b87db66

SHA512
c62fc4b21483c720014b3807823076de65209a5f50c9b85a8c39209becc2328a7846858bcb03238766f1169c2994148694c1fca01cf135e7a48e0e13a0b314b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95349816c95e748c9a6cd3b334262146

SHA1
3322f5592c44e7b3114e1c740b00e2ede845c910

SHA256
b810ebe822fa0a8a8d08b028f69ddf69c361e2084696a3f332035f7714bfcc47

SHA512
8a2685522eda4338379f5d7eb41c94b7b844d4cb5205c68a5a3d7ead1459317738f7a3d765e05a7ddf901a437f562247369f57fc9169bc4962e88929dadbd5d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d172a121236096b8b26bfb7fbd4ca3a

SHA1
ca1013b744346be99b6b9a237c7a87462eb2d5e9

SHA256
64f31ea897acdc8de5ce8581b33aa24e26ac80e85e153854651e358606e14b50

SHA512
977ae4159e02f8004f0c4c8a20d853376685e68541d5d5cf757d2f322bf4a145b295c13732c64becad82133b24e18222c0c132eea3fb1d89cbebba34c266a719

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3131.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3192.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit