29f975ba72147050da446873b1f846a738991ccf96cd920d0bf3b936852769e2

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63d22d4fecc267fcc8383702e4cfaf44_JaffaCakes118.html
Size

345KB
MD5

63d22d4fecc267fcc8383702e4cfaf44
SHA1

725864b1c476c03a2568adf86441e05c0554b71f
SHA256

29f975ba72147050da446873b1f846a738991ccf96cd920d0bf3b936852769e2
SHA512

3fcbdedd32e9b3b446b75b97a2168113511ed5bde14577545ac3b26dfb65a2fc55a1f52203c7a0ff988b14dd169a4b012cca4ae0a52634b095f17405e94a00bd
SSDEEP

6144:AsMYod+X3oI+YxFssMYod+X3oI+Y6sMYod+X3oI+YQ:u5d+X37Fa5d+X3u5d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{610E87A1-1788-11EF-917A-EA263619F6CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc96f36e49a7b84ca5376f9d46d3ae8d00000000020000000000106600000001000020000000e1ca80ce4570e17e22e2d6f1efb84e48d5441529969f5eb1d782549289db4672000000000e8000000002000020000000bd271098da8c8813b6a8102e6b7682737a260e3c8009341fb34e0463ffae4014200000008c7e60e36c8661162cc9f529476f619558516158b5ba9cd05001582c214fc733400000008ac176ca0b9f016606aecefc7288a17d6b561cf442f40099557cbf69d18ae842b44952e637414a95aadc45d133fbc37d258401fb50435d7d9b33a9f429d237be	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422467865"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc96f36e49a7b84ca5376f9d46d3ae8d00000000020000000000106600000001000020000000f1e3397123f7ffd5fc5306d880093e0f81d717fe24ef0b3326c10d619b7b7d16000000000e80000000020000200000005300cb391b0cdb1cc19f9068863c09ca0272d5df149272d13ed62bb1b923f7e290000000f12fff1cc01c0cf38e5201d32c9d96bdbcf587a22e245dee1086ce008a3769308fe3b51315dfddd54d9b4221fc8b4cb0aa0f20d4225903820dab729bd713031a48c2e85fe2b87654845b8df97c23fd74228bee554b6467c9ad49e7b8fdf8978369a2231e232d78da03044f850c5b34eb8686bfe1e88335de1770c0424745a703083b80a48ce744cbd360c8d0d77f6daf40000000546c6b3154ab7f19ded8f7af5572fb5e2b9fb6cdc001ecf3a6eb4a8a29a3d7e88f8abb89e46855156e620eccfa7587cf631b65d40bd4539e7d07989df88c2a6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00df913595abda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2884 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2884 iexplore.exe
2884 iexplore.exe
2908 IEXPLORE.EXE
2908 IEXPLORE.EXE
2908 IEXPLORE.EXE
2908 IEXPLORE.EXE

pid	process
2884	iexplore.exe

pid	process
2884	iexplore.exe
2884	iexplore.exe
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2884 wrote to memory of 2908	2884	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 2908	2884	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 2908	2884	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 2908	2884	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63d22d4fecc267fcc8383702e4cfaf44_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
978cb9d11db24f5c92b2e1d88bb2f327

SHA1
8b792f49453d2c7e5495ce411ec725e071c72de1

SHA256
8fa5e8d8b39ee8cfe1d5a07506be066447757d87a5198402612196992b4c86ee

SHA512
2132d97020dadc438046e778c736e7d40dea8face557fd889a10650bc4ef85e86831960418c4699b8fc7ed2c753b3a30cbaf9b40d3036aa96d17f8a8f5b4bb83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9761474f4ecc2574b697b521b742fbe

SHA1
45185358b55209c2918bb1651efe8adb4f532edf

SHA256
6208bf53723e224786b31fe17e29220dcafdaf933e685ebbe9136e4291c16406

SHA512
cbcd832009ba07c07ba276ddf274bcdd678e3dc7ebba901cb3488460ed7e0a184edd23263b9b3a2a62fdbc0879acc178824b56dee895b5eb797f9ffa2acee7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
600bf4fe14f3ded77bd49bc4ca18787d

SHA1
5f1892eb4b2e17ed61be6d39d557450df3ed3814

SHA256
db56da89b9ed4427ce73d045cf14655f53920337d1029d18d47a17317ff8c179

SHA512
0d516949eb71e9b1c2afde1d7f0724a8d5aba813aef4548d6bc0f01d9548916eb96055712f129d741e17d2762b56acfe711069c0ca9f73f4744130516216bb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e1e5b71f3b84d57f9910ab731cc0776

SHA1
02a6fd512852654c1a6bae86f16ec65eb808c5cf

SHA256
dca3fe60872c7c7f3b7e9b39b1c106572e09085a2112ab29b48c6e3a682e398e

SHA512
426726ffa51457a7244477b66d89d9e27e72772943b18a6e9e981aa2aae6d9c2ebb8467d96e7970f074f719613c5b509eb71d923a951b2dc5e6c9d26e60b474d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d89c02f21415e0961b591f11f18827

SHA1
9e0d9502578147ffb72c15c24d2a20cf3d02e128

SHA256
3b907a0ad92a47256c3ddb2b0b21e75b4ef62cb54abeccf0ef4b6be4b37b859d

SHA512
4552c807af369c07b2ee2ad403b7cb7b16ea03bfd332255e1a77a961f9afac72de6114f1f6825e2f46767bd76cd958032bebb4fe98b2fb76f887760273bd3fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12a8a23d2cbaf89f103ee9ef7089e3b9

SHA1
c3b74e9b8eba1da92aa0630c328ac015dd3bdf80

SHA256
f3d610dcf7b6ccc8aa796f99aa575115e2ea790c67bdd4f034cbe7c2a61f5914

SHA512
a1d3db244ad0800261f144821a370c45548a7e1ef1b490a0aa3a9f5dbca6b9fa46b18491e2037f99f20c21befbef3e894950ad71a5c56919debddea43d84a95d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab863e6b5a00f29c8a2e6d78721eeed

SHA1
c3377adc8088366a97d740dfdf9028755cce0476

SHA256
55efc25ff410f6a1ef0fdcbb0ff3a9b4eba1b91b66fca6d87046162ca01d947f

SHA512
06e47b32b69757215287d1075b809715431f6933f7c1c507e1cafb406d169546018e907abb070247686e4b8dface9b55b70c1d23ea64ee746bdc9665463f45a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aee4063b5442248806a9cbf35d4a8c4d

SHA1
14ea66c4b4863f9c605a134f6325924abb17ab5f

SHA256
71fe097a175635adfe6478681b26f333e3bdca1338e3b264e9833cbc652cf2e0

SHA512
ae61fb511672341147113550b8ba477710371b00b64607b7d84f78d1b50d0ef0e0ddfb16b260772a748c5956607d4217a8c29b21d3cb72f98f9f16c13e91e8b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f14088b88fc587eb0f74693c716847e6

SHA1
9b63a740f91aeb7267cd6cf009c3cc31e9118047

SHA256
dae249be892372ffe62d2a94ec70aedfd13a5a43e307efd089fa382421460171

SHA512
1da1be92474ee467c09c4d8fa39f0e2f88e9dfc8d91018646a9ec9c5777d52e11746151b5af3732d020d6140ab38c34bf4f10b4f7a105252688d5bbedb9a46bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18e297f9a0db9007729aa433908d9bb6

SHA1
b1eba3435bda1cae9db16becbb473234c9aa1825

SHA256
280887314eda394874dfe9716d2a7d507aec0d037d670a9d3b2e4c9bb6b54b98

SHA512
57aa6b4784fffeef6f07363dca4448eaa5972667aa4ca159bf71227d81c615bba183b46242e3daa56a6d7272e46fb7c4ed5446d5c6357ce41b4a9e12d72679aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2619.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar273A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit