4418f819928874726f5ab964de024e09651bb68d450c89598e9d74236093c124

Analysis

max time kernel
137s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60160ce6609a1f231fe0fb100ac4aa72_JaffaCakes118.html
Size

68KB
MD5

60160ce6609a1f231fe0fb100ac4aa72
SHA1

393cd20eb8fae9d8edad6da9ff1bb89e6d4357a9
SHA256

4418f819928874726f5ab964de024e09651bb68d450c89598e9d74236093c124
SHA512

c25827243d370c8fcaaf4e6124c06b15d5c3ff461d87de4739b32c28995bde2ae9193b97e08d51425c82aad7ba94d17e3a915beba6ea4ae83c478e85f6381f50
SSDEEP

768:Ji+gcMiR3sI2PDDnX0g6tS8CLAgA7LASoTyv1wCZkofyMdtbBnfBgN8/lboi2hcc:J8GCM+TcNeD0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8FA6501-16C6-11EF-9F3E-D2EFD46A7D0E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422384694"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a2608ed3aada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000804c22adb0e5dac31b9466607fe892d572c9c3ff4dc1a7654c8c3f35e6eb36b0000000000e800000000200002000000020640760b50454466f84324088a5a03cf215e98d6a5dbd700cd2fcdfc3562e6a900000001cd4ff5dafed7b94bfa68dd3377eb4e6e1d76f1f19f770b6e215b882e6f71ffc95b5470082f174a849a9eaf38a7c50f648ff41764fd4202f694b69d2828ab6a5b7d05e481c9b8b37e444ca5de19a600d99bd05273f0c9f542498e8624b8b6d5447ee461f8b1004fcda3f4d9845aec7c2b0972508e7dae264cfcf34bfc9241a69b865b9d55c93d25a26a405e557b0a06440000000611095e78f2cb09ada2d763b0972d1e4f7e4fbfe3b34d01c7d80444c80c2734630fd5fc2ebfb3c89058085dc653ed19ea6745c9bcb609dea9aedc920ee0381a5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000009b8e5f99c11d01b33f36a9c5b8c447eb1c04bbd3b3769d933ea1738114ebd3e2000000000e80000000020000200000002e2c876a657dde43e54b9c922b4066c3100f19b6df1bd7f93d8bf474b72836a6200000002ca6bf40bd395bf2c9083b66e0e48f70c7f55a1157e957339978041f4965a738400000007e6d398f1c15f91dc89923ffabc3719519767aa33e0efdbb0e083df9cb6e327aa345223e6ff520baac2f18b34b9d59acf9b23652220094ae7301114c079fa138	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1688	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1688	iexplore.exe
1688	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2856	1688	iexplore.exe	28
PID 1688 wrote to memory of 2856	1688	iexplore.exe	28
PID 1688 wrote to memory of 2856	1688	iexplore.exe	28
PID 1688 wrote to memory of 2856	1688	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\60160ce6609a1f231fe0fb100ac4aa72_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0c2a4b76a3c23db3d62166b34b84722

SHA1
f57878fca87360ea51b7d3925e96b79f252addc7

SHA256
8493c80297b00e9122381c42c0cd189723bbd6d30b0b0938cdb3f966699367ad

SHA512
d68eea523ab7da5cf6d8cca5fe888c17449ed9d704e44fe6dd9124727e73fe87670b42ea3af32e8c3fb750b9e1622bf61afe96ec39bbe052b6f4b520fe7a8600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16324120d1393fbdb51c6516e63c6e41

SHA1
b4ecdc8e6d589084b35709cd83e5eb6e47b44a96

SHA256
79da1743cb57b5ad61f6164639a2c3e827e48fa54971052a2847d8a1a3605d7f

SHA512
7cf0747d477ec45c71f0d025a1edf7bedc11da077d1f37780c52914058adcf4857346ce312c9ff3247d3d8b4fb24ca2ae8b023f8644a0a56181a35d73d46c39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b752c33cda84258c8d70e9e6dddd6ae

SHA1
edf3c2031c6b129158a4fac9af49ed7a68c73e10

SHA256
c944aaa36d61ee5c4fa7a6ee4e4f416d94a8912728080a9c291266b1709e8f4b

SHA512
10267c43e94c0988005b87c5104ddab37a4fcdbd1abfdd1a76cf3e5622f05cac8168712acfa82571ded2e62d9bbbb43c4983f55d8de1d47e3385b4f1d35dee1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a64413a62720e94435791f9f566e4c2c

SHA1
2d55b45f68f4fc4e31cc450e42ea1a307e797ccc

SHA256
9cc48dadfc9b300c5f8a9b2876dab7b9150afe89af0c941cacaf6bab6d22b9b3

SHA512
bcf9e322fe932e2851cbcec17b271c696a39284692f8004058cebdfefed670610afdc4d34503e26eaa4d87f97fa2d197b0be61f45131a64607589cf7e640fae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5131bda346899c42f84743bd4c05544

SHA1
9eb7dad444387aa3a7163b5594433c6d10b81b1d

SHA256
60f3abb75f4f789df59e41c47655cfff72fb55ca0b54c9fa1f281e9e4fcbebe2

SHA512
101f7f8f723ece865e33456c4f39f05b41c5ee8161ce99210801d9b079250da902af5343445f202045cce47c6f04ab8b5532ba0f52cf7eddcffaab11484b3a22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0de0badaa02ea9066993d8401f71cf9a

SHA1
35035e019e823ddbd38593246ccb2dc3df163387

SHA256
367f44939dac7abef2755a04415ffea12b8ef6eb5774358d46e41c9f3798422a

SHA512
b78e07995edeb5fb08929460b8ff17eb4af12c4842b175e02e2c99ee9c751ea52a803305868401461c4172adcdb25e5f5ec3df9b1e157438435f05f359ea05ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b305bead5f5d52db162be17bb088cbe3

SHA1
49a534ea5afc226a42f71cc5ab84e99ede79751e

SHA256
ed3bc9aa9773a2023a2ead700be550720a47fde8c3003ead07f827c61479bc0f

SHA512
dc47386b46563d227b22b88a7fa6597b012042cc1726eb2b78b7a2fbd31336ea975bafc1f3252d804ca19820949e3a7a7133880be13c10c87b12eb41d3dd4d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cabf63c55f4959235e82344b44eccdf

SHA1
3c525fd50823e0f6b9a8959c384f2917039cf5f5

SHA256
9f11c04e6a240af0128525e9a26265d238e60488dbba36321d34a51b30ca344f

SHA512
efa30a59639a1633a76b7c4a203effcac410bc8d57c067b69d7d92d37d6dcb30114bdeda42990a418f7ae5b29b6c9fbce55751e8e07f41abcceb56cc98f73a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c5e0be71cf613cfc285034e764e46ee

SHA1
cf5b3c750f791aa067a58130d97dc1f5bc644bba

SHA256
16c8af7f611948436560e41bb88c68f2df7a1b36d07be01e0c3ab7b099e966dd

SHA512
a8ca011157fe24157e67c4bcec45535b3b64a047fba5fb761a9128fd4c23efa45b1b3ba8b60190ae94cebe5549082dd6fb48070e5f83c9186ffb2ba91cbd035a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7abaec93f4b62973edd02d76a265ef41

SHA1
3735d756998a92d4c80ed0cac047078d5d9dbc93

SHA256
b46c83b8b9cf6a9fd9d3a65aa05b9b3cec03cad0412332c7735a0ec54ff4e671

SHA512
f53cfcd8fb75fe8eae1f301f4b42d7470ce7f223d41c1596131e6ab14b5e35bf173559772b8a4c53a8581510cafd46c5e4284bf36ae0f74f5a367adc23ffb653

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
080c3fb73bc84f56062abc940f9a11d0

SHA1
9bb362c3fe0457791c817a2d7251af5447b3d058

SHA256
a89ce3392579df094271df96542ace351df70a312172c84b104b9a314b82afa5

SHA512
1e28dae3922b2b86dbd552d3530633c5da05138ca2dd431c1eda52fc0069bc5a82dd0090c0d2edda14922b0fda670f0c8ad1f9f719a8b697c57fbbff73536673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
312a18d3c4a57db064d8aeea5da709a5

SHA1
26dc3f46a4b0d558d61132641a457e1a2228c83b

SHA256
12ed8e98c8f4a4ce9e8cbb2d76bb038cf21e202c80f42cd341d6ccf8b1e94f1d

SHA512
2c6ad6027bbd26004f4c6a949fccd252ecbfe3d731f232144995d9d6c20beb6f723b292afb286186a4251bf855d7c8862fba80c7f9ec92db1b34e5d4cee0e214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da78c9931c6a10dcb1bcb77b353aac7f

SHA1
1d699f53ac3f174a2c9da017a3d22f49d763c2a7

SHA256
7c9d3de687db7c57fd7c4c758dbfdc19840b8c46e11c6ab8cf304ef5322cb66b

SHA512
6b56c149591d9dce5547fe29f0beac41448ec63a2239b9e152fd662ccedafdb901695003e75e4ac303d2d4e8f1769d5770dc5947704fba559278802244fb7d5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
965113d40cc5be709dc003e51188352d

SHA1
22a848867ca63312448c5742c8aa27f2eb5198a5

SHA256
e2356d1b88506f33fff3c2f6359060779e97ec9d5f9d4d9e1a97ca18eff1521d

SHA512
80a4fa9e8ce06a11a035e5a8cdd3873409d4e145d680d13816fb446d7d5d94b14f39e6f9e69852df0a1df7ac1bb355ae0bb7b9053d415aece2170b53d21bc717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e88d5995f636d70e51f00b55b07927af

SHA1
2e82b7b9172802882149869a28435bc5ec6d20ec

SHA256
0d945e869e7c6325bd5d29bcad5ec9c952968baf43a00936cac201074318793c

SHA512
2c9fdebe54b10303c89ca7006b31095b0b79c5cbb9eac8ac1e9158f0facb4ac2a6e959e77f9ec13673d717809ea3b484141c04c00f2a1c7276bc9544cdaebb20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82fee01c934a055c6b5f6de95668e387

SHA1
e2f024cb0531d33c562f680690025197ee4a7bfc

SHA256
ed666d66b77b47e39dcb9b84927b7ab8ffc0acd12b517873de695f6302d7d0da

SHA512
1fff1deee1bf322417cab1352faa650a8952675e402e6411f4e47afec33eee3bca92885b7db4238ffaf52e31bef5ca011a729dce65621be4a2e0bd176b66e1ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA67E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA81C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit