3715333325d5c3a6164c1666df627315cd6dec2abc281e28397f3e5d03159517

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6516a995736bf4c9f9aad2c6dc14411b_JaffaCakes118.html
Size

287B
MD5

6516a995736bf4c9f9aad2c6dc14411b
SHA1

5dc1851464d08082d90c9b63a621f1baa9ae117d
SHA256

3715333325d5c3a6164c1666df627315cd6dec2abc281e28397f3e5d03159517
SHA512

288bbafa95da8f072357c239b93aa3d7ec8c8963f0b9a23eab8a29f37a87f54f49f9736125ff5a5e4d2632e81f1f5d18ae54a2888045fa48b0b41fed27606a41

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b5a67db4eff474f95340e8c2305c6da00000000020000000000106600000001000020000000edced9bc5a6cd80820d2aebbd4fe2157ff57c2380b8bedcb4990dc1619a6d81e000000000e8000000002000020000000a7bc308738be1e2f6bd7168bfbc83ecd59403f7e889f0c48133927f63c1c89fc90000000cbbbc210b0d1c030f9bcfea75e45e80e01d17efc9e5565cb8a9f4791ccb6030203cd79c24208fe7c5c67f695c3d0712e88cb363b4d113334dde56137a0d6c7535ef9f423a4bfa53698c0bc32f405a0e6bce69fbf79d8b65af86795786b1edf43d8134e74b2ac158ec6227fb43cf53024341e1ae65d598f4e788e774816b80fdedf3fdbf0050197983f54245e721a276b4000000049c35f1854b4fa4f9887a3651cb2e5d458a668ce601dda5632c836365e8239b37044e08d36c78b5451dea1a427b543b5b8137d65c8723bbdc8f9ffed9a6e76cf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0403c9bd2abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422494235"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b5a67db4eff474f95340e8c2305c6da000000000200000000001066000000010000200000005d1c3831ab2d20613438897e47d8b1d401834856ecd2c5c33a03f10377fa798e000000000e800000000200002000000004ac97ce930a8f334e444ce85df3f6a546c7248d5deb2ca9bc66cd52c761889a20000000e92ee9fe848b4698bfe0cea2f73fddbf8a50e70f8a6b9243a3c580eb3305c40b40000000fc4d6455288ca3e1837991b91dd39ba01d696d13f744efcd52764a849f08957e0b058dbf29f1158d23f1f3a3ece786a1d6f0a5f031865c9182cd5b2415f62e8a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6C79721-17C5-11EF-9680-DA96D1126947} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28
PID 2872 wrote to memory of 2520	2872	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6516a995736bf4c9f9aad2c6dc14411b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9de4008e50c156d236857ce26d168894

SHA1
7098476e4dc85d547c208e72931347d451a96f87

SHA256
a29cd79f0fa2a0c4c7d235268df923e89049fbd45b58b960a33e50bafa0a9ad6

SHA512
bb8f566d48ca1ff78500260226830e4d14964b775b1c1b4a5bb074e5777dd14c9b85cca6d6d4c65b746d93a6309e015bf60eac767b9c3b4618c1d578795c6db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de1eace2f216a9012c114f4879a5ba83

SHA1
707949b4ed7d258b923e3d03da0895db970ab43a

SHA256
37e0d60b195de6db1d2d6bb3b82b59bbe7f778fd13bba8bb62ba4a40d95efd77

SHA512
166a75788b28364f3451cfe3ea690afae87e9bb7fb96a5120ffe48b337bcb289dda33e0a964a890f7fd612d5198710985401e74181ff34457a10714d1b65b2b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5b3964bf03705def995c4aae1bea907

SHA1
ee95ff048376683acec1ebe199115a13738603ef

SHA256
37a7292747ded5852ebe669941aca07f7f24f88e9525b4ccdda4969c6521e8fc

SHA512
0316cf566b4659510b0e9022a05d7c66901f2b6f9ce9b246be04d51623d598efb4ec8c68e30094c861234e4ab1f6e115dc142b3713974c05baf97a55b5acf790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24329c60942d2ebdf0ffebd83d94a44a

SHA1
6d99b1c30c8e8e8bf27de86dcc2c046cce46629f

SHA256
a962217f10b7e1af87174fc052018cd414058c3b60f81195d7c4b522f056a4ff

SHA512
c48e933c32fded81b5568b43ad0b5780b8e6edcd9ebdedee425e01be7ca1c0d00b845ef90fec29b428fe1dfe65e9db3f0f9076fd62904d93865d9361eb3e863e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f6e78d8ec86a4c6b6dbd0482d5ae81e

SHA1
835d0496b61080d747fe00f4dc209ab85356a7c0

SHA256
f28abed1bf5e79f637be6a03fdb29bbc67163ab3e43a82d9d064a6dcc94ed5a5

SHA512
376f3aafbd112b00e899e4bcc5888a63c03b39aa0d95dd6eac73d50a13f905a7dc9e8f0d73200fe6eec2ff7c9027fd9756e8d80369a75ab7744f72b4410a8d3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdc9d0c08a38c734c25d31bbd00289ae

SHA1
2678fffb3a8d472737d3450255cbd18d3f26e087

SHA256
56e71c2a51914a17c096c1d42edb8090489b07cd9b5578b603c407af10f9f247

SHA512
bd954265547b0c01718790b7ba31182ff19c4f0d157f744354e8c1585f8f835ddece9fa3b2a67f69217edd9408e9fdac68181f0efa484fb0a56770a233b75e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b09667ddab2d0fa5c0ca2cbac96964e4

SHA1
88f1e929058608c49a3c29a810a49c6917c4d12f

SHA256
f3b06601bc9e309e050955ee15ccf9804a0abf39da3b5de4abeb7815868c75d7

SHA512
8e307d304623f0afa1f4fc53e11a8fbf27ef6ba8d2acc956979151b5294c188416b31e437345701a6f39d62667cd28de5c2a7f74459820ab61ce7455f4cc8834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e35a9b76a02ab9df589e766627f8604

SHA1
034787c12c2ce97cbc925a74a015f12465e6f051

SHA256
a7474b191ac17573052998d09e2f6941188b0cab79838c616b62da16c7967385

SHA512
a571cbacd5ac9ed2c5fdc4210b1669ad1d2a6fb2243adddf396a59eb23eb01028a99e1f84bd68973e90723f0aa86079d4f2d2477ffa387adc505d6420260d1bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b211e2ebde4cdf73194d7935e79e49e

SHA1
da21f5be08509e3a3325ce0883a85c108703d0a3

SHA256
87aaf90ec4081bc2db69cd21c5e4c4cad0b71e29c79b53ae770901a324c252b5

SHA512
1429b16f680d62132798d12fb406e1a6ef80223a7a40d11993c83dc0ab989514be14f5276388e2cd4f23d9e6f64bfa746c3214d9328f7354569686477cb8601f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71f6b6b46ef1c42f96513baad5b5ff7e

SHA1
6f54653321cd84cb56e7361deeb4d508433312cd

SHA256
ae20f59e270a6f415633205f833a24ab525c2d9a28324d8354af6e91e382716d

SHA512
04d3f83baa31e5a1277dd56d2532587c953c5abcd4a70fa49411f61266251aa81a91448953d28d3f43d2b1df035b45ccec0c836db5552d9b40394971ceef1a49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12a37283d07e2df59c090398a51e6ee1

SHA1
849a4266a597b11eed108b97694d417501d96ffa

SHA256
6562d0b494f35f1517c38b045fa096c9b2ad1c81f3fa4fe982dcc2f0bd8b4e00

SHA512
db7127387228c6a4ba4f9e54472494315ec0b8a3369f35cc76b0918896c8aa0deb58739ff9cf54da6be7207adbf1c510e20196bea87b5900c6ac9e1f3ea8e8f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb20d77248e457abccb985fb53fc4b70

SHA1
84eb795bcc3cb42313c5b7ae6c4e943365e24660

SHA256
fd55e052cf6b753c993c489613ab816940385ddbc7b5495e4fb42b55008a7316

SHA512
c5bae9008ad92aab79c15ab70dccbcc6ed973a7fbd45f79aa5c28f99f7d80ca9dca34f8c91bc959aa67f462b006bcd282a392ccf87527be4d6c9f9a1bc37d04f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ea788891ffe5adf6a4d5245dcb4664d

SHA1
79e22cdf7e92c923d0f2959c7cedc51de4e6a2bd

SHA256
d77611f910f1399dfcbc4f44fcb8c9c8f1d55f9a25f428fe9fe9ba7404954d04

SHA512
360dcfbed8088d2cf4a1c0552e7f0c0ae2586884421d7f7ae277e2faecf4dafd754f66d3e75f5a4dd46e45c3ae6d0e6e162eb9f560ebc7cb78562da7b71b7ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9d579e80872d555e47ceb496281c05e

SHA1
e789619291c3ae4f01b8d320fb7ee785daeaf7b7

SHA256
d574575c033fa53f8eda6551fc09a18679b2f3360a610608e25accddc01c8f81

SHA512
b5d6677fd3b4ee72b9042daa2ef58e27af0e939c2b69c48b672fe463332ca4e0285189130f00966653cbc5bc0f7eef3c627ade065c47be16d38c8b010c1ad5d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8872cc2db9a70e2abc0b9a0d1cace9d0

SHA1
fbec9859b1c43371559cd29825e2284fd504b5d9

SHA256
f4e6ae3f79731aa41bc075d986878cc513f7710cbdfccb477a4b452da4f2d6e3

SHA512
c4ac7e2b4e2c164ba2585fff37ff91fbac838d506b9d44afc5c045f86cdb5812faacdf759b8ecae5261e475325d71f64d1ea97dd60b613f03c3d0fa0e7a1c38e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44742a87d8153703dfa63433ed964638

SHA1
a05b37d9c2e434c772d94b9fc34a06e04491fa70

SHA256
ae12eb0a6718d2cd40f1dbc26e754df9d2692a3e82f69b4156fb2bc83cc14fd2

SHA512
7213d5131d8d14b3d973a5f76939ff6ea2dcf0dc82628cdaa07e06e4c022b74db6bff213208eb690a452ec3d0637958cbfb5e5ee8c4a685512f2383079ea1df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E0D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3EEE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit