9bb255e6cec25a6fef70ef8c9346ccbe47ceb2371b1e82969157d96c3acf4a80

Analysis

max time kernel
133s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f823791be75de5decd0b4079b79ebb_JaffaCakes118.html
Size

2KB
MD5

63f823791be75de5decd0b4079b79ebb
SHA1

e67db6876b1b89e0f0217bf9edc48f91b79f4dca
SHA256

9bb255e6cec25a6fef70ef8c9346ccbe47ceb2371b1e82969157d96c3acf4a80
SHA512

5272519d644b0c82962d6eb5fd9cf2028bfdb72c4563b38eb722a4b5c210464a4266e664b9323638156e328e6cebf1c7680d38934559ef29bc4b649199715071

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007301191158d097cc55084d056a63a349816a96394e81d16c9a458d3c4b941ad7000000000e80000000020000200000002efa66532c157eaea3bb68400cb0456cdea97d25709b09511d0774ff4cfb6ae490000000d1d031ac94211fae8b256dda684ea385f3e8798136cd26d58b8223e5a1ab239e0e9438939ec5ece350fb7132feaf023bdc31db7c427bc452630258ed7135f80022acbf751acc194ddc8ccf45d23cca8bd1d6bf1a5bdcef343d68232d9008178a708020900f502da61ca9e9e5a3d317bc1a4e9e9bcf45a8bc57d48522dd799648af27741381ea06166dce6a9ca1cab79740000000f1b11a4aac0a05c4598ceeab3295692cc132997b0fd5db9159596b35d4496b2363db6e75e3e0e5614b22929a30a8fd0238c6f8d560af9601a9d492c5ca027ec7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422470941"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e097fa5e9cabda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A7D4391-178F-11EF-B195-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e9f4550614e013368ee99da9e2bc9d6abf987a48cc532152e2cee9b05b76f0e0000000000e800000000200002000000081faf2354371ac4bbb78c7238a8051e391cd7f3ee7dc801032ee2fd4cb071fe720000000066a5ed08726345fb837604203e81a5329fb55eb821da96a4dc99be62dc755c940000000ad6c8f09b9d365240b6918295f5956e51a0cd1720469dafcea270556e7d1c2ef5b551846bbca04b81627fd52b8a6eac9d445d9efa573ae9920567cc4cf5ac45b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1692 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1692 iexplore.exe
1692 iexplore.exe
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE

pid	process
1692	iexplore.exe

pid	process
1692	iexplore.exe
1692	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1692 wrote to memory of 3032	1692	iexplore.exe	IEXPLORE.EXE
PID 1692 wrote to memory of 3032	1692	iexplore.exe	IEXPLORE.EXE
PID 1692 wrote to memory of 3032	1692	iexplore.exe	IEXPLORE.EXE
PID 1692 wrote to memory of 3032	1692	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63f823791be75de5decd0b4079b79ebb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1692

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0526dfa48cfee2aa6618c33edd2885b5

SHA1
0b378a2600c97f61d236e9cec9301647c1e5a87a

SHA256
6c6f1dd51acb60620340bc802d06bdbd10fea5ed5c57c282759a4f40c03da05d

SHA512
6a4d94e9fb4ab3927748eb32bb9c606955520a2e70b26c85307aab364e50c9cc45172afba280f5bbfe7a3f6b8e7a175322c7671e53dba2efdbac082538d1f1f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
348206689a7a7c97f1b0e40ec6f59415

SHA1
89882211d90302455185ede6c3f7ec329c64e6bb

SHA256
090083686fc9df6d270ce9d9f1e4bc35a13911bb86f2617e7bca285a7ae5a85d

SHA512
96b588bded986cc29fe9981679c4ff5cff0f4ad76e5204a4b4e6be1baffcb5efd463793fc652d4638d7d37596bf09bb4988f6bd62bef14f046115a566316afdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d559ec72a1157891dc6c69613a2ce7b

SHA1
08b4160b0468762a523a43b8f673e7356723b6d0

SHA256
810a4db669f0accd9548d2608a17ee4b772d57f2658475531022a6c327b511c9

SHA512
4c6fedbd6e97e8cc434cbd076192ef146443b131eb3917ce12d7b56e6193ed97c4e77a5d7cb1e9988c18da756b744b13364341aba63470331e8d8ae12a50efd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37b26fec8aef464dae92b88ba7b11dee

SHA1
166b904d6e7f9d9782b8dcb94b69a011d9efce33

SHA256
0e141e87f4d49111497d8e6ea4b82e0be863d88af241037e9f2c255b1da1a50b

SHA512
6b2d1b8690a56578eef927e24730e4fcb96346e95ff55c36fbbf3e2fd724cd9ab442f8fbf53e476df881313dde710c6c67978714efb106819c257772f1179a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49b1dded3d2675b66d74775a87dcb8ad

SHA1
aff4f2b2c4f5623f662d07e00ca0d36e69d75381

SHA256
abdf25ae3423ea974bd1cf9e41befe8d36d9236a18063269f9add6f389d6d74e

SHA512
25bcf462b3387715c58ee351f92237571fff34cfba2f8b5de9fb4bbc925b4ab3420c3119b5eb9fca91f31058e9d6646934ca8c82554a42f67fda89b4e46e7e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
682f399de783ea961ec529afadbbab58

SHA1
c814469e99a6bdf946bb89c0ad91d0eacadfdd39

SHA256
d49ec81398b5eea9bc77acbd9c88052e63831b48228f56ea25157f33b03bfc1b

SHA512
bbbf97cb338c1c5d6c86e1233ab40cc0ca5175a047030e8fb6b942e5a3c0c3d48b87249325d7a610e78278caea9c30ee0f0fbf0dccbab3f7c649e9269ac3adcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
054a29dd59b60e76037c1fd8b2406007

SHA1
a2a9c544080df53bd6f4ec0211d882caa41a3f48

SHA256
eb6531b3d38a065706a5e3528ea848dab6f266062c55b5108fba8833d0094ec2

SHA512
c752191a46e668fcbf2cf5665eb9fe0edd83128b394d0b0d024e843ea6cd027376439e7e504e786f0018a091b067748816406ff35aa3b8e299afdb39bed0a484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
874f3c9099cc121380539af61165330d

SHA1
70e20e1564223ca9eb0635c79a40fcf92edf883d

SHA256
9421c85250b5b443d30ca2ef2adee9511a049d74bf371ee88bd3ebdbd14e1963

SHA512
c88975591d30af432dc3f3343e48d9134335ce481951ff5081c46fdd2ecf4937f87ea1770609c7f63d2aed614c6237f29db5ea568ddf7c2ac75300180aacc45b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9e2c698ffbc6949a28b5fa5e12c3e26

SHA1
c2fe09841db5c5d16a45ba42c1441698c05a17d4

SHA256
cd975412dff6ace2badabaac851dd892904f63c14966eea787a4a9d6a102a270

SHA512
cc11775b6b1b402e40e35f8abf90997815d5290af7ce7251272c62215191e20b8c128dcebc474486b88faf53633a6bb2dea208cad5f2538f2f22098149af62fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6b5dea775338d753d477a357f3f2f35

SHA1
8e20e5d4e54d03306d34906c4878f9e57fc866ad

SHA256
449e9dee2c72f820b22f179bba6b3bcb4b21b5c6f3e4b4fa7d0934fac4326ed4

SHA512
e3faa01b82069062ee4c77ff0e0af7b5d089482410069ea39a8f8703c6511c268998895edb7f005b4676006e11f11a3408ecf8532626fcbe6fc730bd017a69b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7ff21fd9949dd4f7cd38cd4a0cc7da4

SHA1
a0e169a5b6226ad738db6f265051ee9392aba67a

SHA256
115e86e12dfa84eda50972a94801dabc4c6647c088b44113f1da1ec1278d04cb

SHA512
78e021783685cb2b6b9af04592252d8adde802cc3d2eee05f8edf720913861be332c241275b343ec4b858bbee3d7d27b46d176978a620b517039b734d4aaae31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cb47896e00a6b48d7a2ba31845f4ba6

SHA1
a73b42c5377bcfd307551007c8bdd25b08b89893

SHA256
fc52c8c8e234fa8d7b37b4b35195025cf553078df9a0175e8bd5fc39fe57a92c

SHA512
b0ec937149906f23492cf858754b1af26858749ade25eebf32ac09cca97c0c2578a4dac456e93e687abdb79d107080dd03c1f989c815e4aba3687187b410839b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c7d40297906eb5bbc3d6f4be15b947f

SHA1
d59e8512c50af45ff0f42a060fb29681e0a687a8

SHA256
6679392dfcc4bf9d6b1066aaccd0e872bdf8cb3f9ad45e24b60e7c733617fc58

SHA512
aae30ca101b01acb90b58945baf1861fb68771e4c13f1c5a55c2a093b13f6af339c0066127b77327d3fa99daa4b0cb3c51bde69cd3e15adbd1dbe9f5a22f39f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c140026351caa6d64d950b51bfd9b70

SHA1
8d6663632cf7c483de7af8a9c3596b90cf98cde4

SHA256
2043bbecd0351c7977b6755208358f989f14c6514db80193ddec754e829772e2

SHA512
901caecd85c46856dab4c5c74dcbeb518acb746021bc73fe2beeda73a66ef78349d3bf51d1ede66e03f5790721f3112410c64baedf8ddf095a46758528393124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8a5dd705dde4aae7636b89751ebee79

SHA1
29bfa7d533de20b81dfaeba2a4c271748dd6f7a0

SHA256
419cb2f0ef1b53d7dd76be1174425993900eaa807c9fb37a59624d86df7ddc9f

SHA512
78ad773abc07dfd9e6f254a3923109941bee568e75cd5019d7d856f06acc274a4555b8d23028fe3f1ca7575176a56822e10ed0cef53ef79e90a59df57b1ac82a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87c6a7b90bc09550944c25917f2d2be1

SHA1
13bec0232083724c5a6539241456b7fd1df8b0d9

SHA256
b20c4a7c5e5cf37468cc99af9b6981bddb16a0a2ec5172e0f067a9cb25f41e65

SHA512
f0e545c625b631fd8e127b4f1baf7776452bd50cfeb8c7fe441de3e1527f706b674412aba863d39a0929e955e62a94aede929964be5b197a2ff3ce62296f573c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
104ca630b0e7a313f2efe49966841224

SHA1
cb084ed51472e866a8a5dda40c2e8a2b68682411

SHA256
127326f0a2967598c96e609afa50308b3166730254eb76746f30b63d2726286f

SHA512
712720f75c7321e90ca612127479844ce55ded7ead52a7d426308293332b0700c5d17ff1526d964a7e62f67ee8a559ab80e06aec854617efc50ded322895d6eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E2A.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E8C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit