499f7f7bf1f99bc9eec1b5eb7f50f94f46410067a0e67a9bece91dc426b470ee

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f477c2022a76de4826f391959d35513_JaffaCakes118.html
Size

823B
MD5

5f477c2022a76de4826f391959d35513
SHA1

2767e7677a3f8319f77c194cbc509e3c08e760e9
SHA256

499f7f7bf1f99bc9eec1b5eb7f50f94f46410067a0e67a9bece91dc426b470ee
SHA512

2f45598126774bd141193826c676fb9860c0e7dec74f521630b0a179347f01a0dbf2799563948851279f703cc9315a56ff7b6ec50b02901e3b7ea9e527a76bbf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000008b12ca5679662a511ae019e5b4fc9b73651ce59e1b7ad7f250edcefdc598c3b0000000000e8000000002000020000000ac2bcfe3458cac19555247df99490d58ae2e2904ab583590e57167f87d0bcdda900000005854c4e5ec489de2dfc0af297db6d63f07882045c5f2f66a36c15457461da681e73430fecd3b2b8400721e5817235e565bdb7dbe527ce5b29a46179efba4a1f55b2f62112b14fb21565823e5237ac679dc3231abaec8073ac89a607624b28f0b71caf4d9b3c59dde7b88b406f041ab7d941124eb7f5c7df0beacd46e5ca02ba52f4dafa3cca7a55e89ac4df3895711fa400000002ed5b35e8cb67b12ace90c5bbef7e1a5a243c07df0d80c6bcd26b94c63724271cd5e212dbbe1f42fa0f28529e76e0c71466a5a1083aeffd0aaa220305b76111f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000002db730cadcada1ed837274f38596b93c9bbf3e4162c35b6e2be8e698b657732000000000e800000000200002000000011b38b00261f39bec406d9e4ad636c42a99cf3ecb72b58973a6874243880af46200000000fbd98e9d84d87c3915a068ad8cb0a19b542bb91761c7d1f8878f4ba9c34bc0e40000000d93148a5522ea262aaf26040bd10ca7d38a86f9a1fc42de5000e6dde2a551605bd66f675cc09074c79ede889fdf24db0b18299da155281d355f73a8237008313	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422372980"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7497B221-16AB-11EF-91CF-DEECE6B0C1A4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ee1238b8aada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1424	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1424	iexplore.exe
1424	iexplore.exe
2020	IEXPLORE.EXE
2020	IEXPLORE.EXE
2020	IEXPLORE.EXE
2020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2020	1424	iexplore.exe	28
PID 1424 wrote to memory of 2020	1424	iexplore.exe	28
PID 1424 wrote to memory of 2020	1424	iexplore.exe	28
PID 1424 wrote to memory of 2020	1424	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5f477c2022a76de4826f391959d35513_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bae1054ea4c70c9e425d4be15d51f0a

SHA1
37433cc9bfb5cfcaa237341fffe80ec12b0173df

SHA256
8d4c2acac776c8f2af03bcb173471a46a64300bed015588ae9ea2efa8922b9c0

SHA512
7917d6ed49c2c18cf64ea4a10e14ad8aa01db65e15cbfe6a1a67c9edfedbf6c7e347517e0a0027335206cd01c6383dfed7f4ead9c7a07c6facde8859385e2229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d46093db6a7b199d9abc30e1f7e20fca

SHA1
ef4ef8a26391e2651e65d52ece81a38a8cbc1a31

SHA256
9280a2155341139d23c14891054f32f666def0cc7aa81e71b72ffc3d39b920c8

SHA512
ed9b4411dd3e7ae8cc35bc49fc263601d741b6d0e95302ef67b5be5f443e7143c501a3e135b08b80e75cf6b77f6728e4096078fb1936d472f5b78884cdaf154c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ab421a449cbf5f1dfa614c2b2d6275d

SHA1
3e1d1e4d592ae04b2fa7d5894d40333a63aa38d5

SHA256
f6f9dc74cde7c76bb931d73166b8c274d6d08e3d0144ee8d5a07b1a655645cf4

SHA512
8ec55f210a531f63e1d87d4ab8b160e22b150d90f839827180d8c397e5fbc5e9ae5ed469ca330b08b40cfeeb3c154a767c0af6bf48da39e19faba041045cfe39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
372e4ddca0cf4b2a4efd7792532b845e

SHA1
2311f0d12fd3e21881b9a0d57f91aa74e1faac65

SHA256
a37487c17da7ce6b59b165c69c0c308fd1743ab4e7234bf03efecf937932fc09

SHA512
d1fa22c0fc59c42a0a950471bb7b464cb9bff32e82f05e8e6c03aae3ef113e3334ed0cac289c4450f25bb1b0dec0be896af9bdfc8a2efad766a41cd18e067334

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df725ec1b85b1a79990acc864373b807

SHA1
bb503027a6d89cf620fe61a18397c19b28faf533

SHA256
29028f5aa42850de9df09998e279dedd3705b7bb98da55670e4f464355877218

SHA512
257a89582a1f24ca14e5754ecf3be295843ef1d149d2e1dcce6a06eab6e0119b49db99ca372df357aa103d5c27fb2cfd7d38bfe6b339b092851b6f449df81473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac78df2250422ef2593461e6e8bacd7e

SHA1
574c9b14ac1f20feb9379c4d6a00404cf49c93cd

SHA256
af29a5ec30a452b15abf40e3c7095d032776778a33ea5c6bd3a224f97956223d

SHA512
b6d7a41356c9dc189ed04a6c6cd7576b843f3476b22b01d332f339d6dcc969f73af4fd158bb41cfde99da75b27b0ec68dd91c9fd63ba55ba8fd190f3c6ac67ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
488831f32f504b542104ff9fd0b03e4a

SHA1
b1a6494477dd183df194ba935a81bd1ef7d4524c

SHA256
6985cdb0a2f6cd0d87db5a61500cb81280381ffaac3fe2216594e7f9a49c4e72

SHA512
7481695c00367ddcc2317645066225cd44209dc4faf70984959718b20785e71419192822ae9d4375b1c97ee930cb0f416c432b047a401c907896809a3a31bcc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f6ff490195bca17ae518c5376e4a973

SHA1
f72c9bccd8293ff019f91142e2aeed6fdba61af3

SHA256
af47195dbcaec92ceea1a9c0f6f9875d142f6bbe4763b12f925d2ae34fd46c3c

SHA512
6f66dab5ce8da1b0654c616b26d987084c622bb8142e70caa1fd4a0e70150c3e0abfe5ed252b8dcb29a37bed5dc7fba6e9280f2c4bef2afdf9605de3b3676cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcb7268e1db06d769ffffd46d678932c

SHA1
2dac7bf6751faa7b27a001cdb9ff684a51d38605

SHA256
7b3bc7bd3bc80f1ca871cada1f141db54dac425219e31f94f41884a7bc80b8b4

SHA512
8c67ab3ad6033ce4e3123f604b8d6e07cb8bd55ed29fc90eb77c7bee03ef2a1fe88f54798d593a4884bb5994079fcf768212b1760630ea55f0ae238bdde5340b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7ae2f1857a663c5adce6cc17f9d9e97

SHA1
3b3850c77ab1995debf8fa109db607260d34428b

SHA256
5bcc4d62e1b5968f8716cc49def0a0963b933e8aadc3b68dc80641c443988ece

SHA512
cd4ff135f2f9032a70a15b8b62b6c8d19046a1a6caab376f4ae13d7bbc96b89bde8e538f238a5b5b075a944f70686ed7f869d676713c05371ad8c8776313c5ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85ca41ca571174ffa11e5bc587f878a8

SHA1
4be7d29ce2512be1e5775d0b7cb73db18104f3b0

SHA256
1362145ed111b56117380b7d958dec92da71869ce067f1a917294641ef69eff2

SHA512
880b71c68e49b864bbfd427865a4060fe92ffd6fbd2382b803f41f8037fb5081da2b011aa6334476bc41fdbb604fe7abe578a558f05ae18824692b5c1700dced

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
511892024f1aab3820aa74745437c7b7

SHA1
a718f7784af9b009a5f6b4e043facc680c8235af

SHA256
d9ecb142f58a50459159b2ee0bb1f9fa44a4e80b9c754749064e1bb0443ee4dd

SHA512
f1b207d606cb193811c8472a9dfa43372ef949c646ad0f889c78f17134c63b85f3dd5bcff23378edc047b3e2fd9c17c3612c67ebbc5b850148cf56ff53edbc3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de3ac83e4e0bee580fefbb68f06d0f45

SHA1
dfba277fd96ceca27fc7c58b85ce39266c05ed3c

SHA256
5119a766a5000db6c4f13449b0abbe241eb620efabf9a7c26f52b46947d5c4f2

SHA512
7920eeba5738d4b705cbf282bfa20f10db3211d80884dad9713e3ecea5bc85528eca664e5c4ef331e4993df984f43d418f20e225a1372d7591de71a00ed9c711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e751a412ab9361c2051f8e3e5ca634c

SHA1
703a74d59e641d4803af2172891beb2d30ecaf90

SHA256
7e162a9b6787fecab3a18f7c6b82fd6f451ebbb657d8105f3ef2831f176b80cd

SHA512
423fcf74bdc04ff05910e2c2f4ef67cff812200ac380f9cba5f1ac381bfdcd12534f550fe925ca7afb0232f6046f0284920e76eac27433e15be57982829a42e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7158c6b65b0a1f149b34e308573fcd05

SHA1
a501ab1bcac10a6e9a3005979d86566231dc1205

SHA256
997b89e81da92bf1f54c19513904e9d29a7df2670033ad86d75366f8315ac5fc

SHA512
a31b0c6f4b5b1f3d23ed0c3a5344387a09c82ed708faaf312f6df9e1480d312dc57b1f654d60a52881140c31d1713ff700cef515150d1970507de6a416bf5aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59b10f29c5b45acfcd71b17bcb4109e2

SHA1
b9d59f87d6f6d6157be7555f75b7cb6a342804db

SHA256
9a6af7c153dd1d8eb4b992c4355a8aac321072d36327610d869e75135933861d

SHA512
b9cfa83faf7cebf03cb13266fc5ca2e4a7fce08ceae700e52abc66a4d5c3489dcfec077d17f81ba5e75be9bdba722477bd5f82236fb2f166ea78a113b01ba2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C41.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C92.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit