609c7b77fb31494900c7b7faccbcf9b4c117b97b50c670717cbd5e47ec2e0356

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63ddf7166e3ad3ceb560436ee2529c84_JaffaCakes118.html
Size

461KB
MD5

63ddf7166e3ad3ceb560436ee2529c84
SHA1

f81cbf98051e38e922ec43fdafdcae48a9949f98
SHA256

609c7b77fb31494900c7b7faccbcf9b4c117b97b50c670717cbd5e47ec2e0356
SHA512

17ac4d2aca63225aa159264d92ea6794e8e1a8baa41f1772bbb4cfffb52945a84788d00ab831f6c03617696f601c82ef197ad07c1ead2001542bf7487facecb4
SSDEEP

6144:SrsMYod+X3oI+YAsMYod+X3oI+YrsMYod+X3oI+YLsMYod+X3oI+YQ:25d+X345d+X315d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a8c88bfc9e70f046ba7950c02125274e00000000020000000000106600000001000020000000fae6ab55541d18638359ad720a877a9ec07da241fbfa8938fc6da7f5ad8acf4c000000000e80000000020000200000003b9b3724b615ca9ac1189c53c9fb154f4f45feebd270c4fbca41339507eb14b590000000a5f8dca070d503fee368d77b618f3eaeeaa490be609e200c249f607138153fe2bcf258fe17dd139d89a0d2487883a390ffa632e90a140c15423062d9d390e782734338389671e8f6d6827d6686b97977605cfea472cfd2ccc1e4e394761e42ce892908db599413e7fc8b569fc9c6ac9d07eb340b66786e5a4feae431fd0ca8d1432503a27d248162fb9abfcfca7d6f3940000000f5e2b16d716d3b51082ef94169185db5766258710c05ac11f8cf706901c625285f9be4e411758c488b525af6922a25754f152ae65b40c76b6e9710ac16ae1218	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a8c88bfc9e70f046ba7950c02125274e000000000200000000001066000000010000200000000eac1400f1ef57b7dc407198392ab8433cb659c93c9daa8b8bcf871a4ecdd4b1000000000e800000000200002000000061a7a134b6c1bf7d1620898cc859da536a52a108076ba663427b2ac8557da394200000009f0b34a93a60e049375ba1102a0515f05c7424cfed558a7fb27af17671f8efe340000000cbe10b8550b646b49dc390932b0caf144866ce7339ef01bed4100e959b08333a4b0567d9a104d59be4ffc945dec2e1eaf2fa37f656a45d23a1d296c5e0482f27	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422468792"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10097a6197abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88FBB651-178A-11EF-86DB-FA8378BF1C4A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1724 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1724 iexplore.exe
1724 iexplore.exe
2592 IEXPLORE.EXE
2592 IEXPLORE.EXE
2592 IEXPLORE.EXE
2592 IEXPLORE.EXE

pid	process
1724	iexplore.exe

pid	process
1724	iexplore.exe
1724	iexplore.exe
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1724 wrote to memory of 2592	1724	iexplore.exe	IEXPLORE.EXE
PID 1724 wrote to memory of 2592	1724	iexplore.exe	IEXPLORE.EXE
PID 1724 wrote to memory of 2592	1724	iexplore.exe	IEXPLORE.EXE
PID 1724 wrote to memory of 2592	1724	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63ddf7166e3ad3ceb560436ee2529c84_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60f55d608fedb7968c4029b71633742b

SHA1
22354091dedcb9f7e4d594528bad001e09a1091c

SHA256
0ffbfea4c01f9f7571fd6bfb23e93e24e624f4a9459014d5b5e2108a3c290395

SHA512
2a28b15d32a97ef934dbb5bc7f6392989a65126755c29b12ceea07c27af33a8d6a6f3ad56c947067d1fcdf1793987bb823fe0948a6a6c94bd8a05eea125a8e98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54e61c6edefc39ce6ea9fbe6b902dd2e

SHA1
9041fa096f8fd139f299ac15fb552d5bbee8672d

SHA256
8d95e961b5e6cf4914dbeff39b3ec42b5335c670334d6aa1c01eb6ae9b1480d0

SHA512
5888790f10967e2a5350403123881396291038113fbe0efd7b9d58038ecb08d0465df886e5b74e12a382e13cb826bd367b89a094053b63603fc49f3c69c5833b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa6052f5601e5418aa99b09c6e31967c

SHA1
2e3fb10339eab599c26af52dd5deee1e271a42fc

SHA256
767f0e521e7fde29726a2d176995c3d78c3302ae431fbc97e1ee1a1f39f43a16

SHA512
df3dc46b19b0c4cefc56a9343756acebd339d2d948b407e16e42db570ef8ce6b1536816c63ad568e6be8e2cdf0e99bb9f5e4d21538871c522ccd892a53a68125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc4726d3c305fb178fbeca6cb5c4570f

SHA1
2e4b394f49cb3b9f64759d2a09e9fa0aa78dd559

SHA256
273cc76f28ebcf162b08097231bd331e81c24676a8bb404b4541d6469e7d0e6f

SHA512
58800b8e1f017047be5e8068ce8aa1c210e3af3785f126760871f941c81aa20e314a2f97f73d77a65f3eaaf9fb8a16625b72f2d9dbe552f6d7dd9b127a641e99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7937d804d1e7a25aebc22be415e3d654

SHA1
f9124b5fa42084823226ccbbb170017ea6594166

SHA256
a0f4f39a87c8f516b0586a3b92ab2340b6092acb902f42d4e1b235ca5fd3e613

SHA512
47876504f2230d84a2379da757083fa73eaa84d8a6fb51b911c4617c35e264715a3c01bcb001f17aaf851ffc4e0881685289edd3b5e6a26ff4e67f26ab2d55b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae614c1a25bf73abf35fa5c398e27c74

SHA1
6c48550f2a3a0bdeb7f0d93f23b62c752b6b6a20

SHA256
04f8d7f1844de915bfa53f7a66d38fad2ccef0e5e51c02b3a8dc89aeb4658576

SHA512
0ef41684cae9dd62c307c0f87e1316a017aa26f34d8d69b9ddec85698ccaf8e250630abe60a567a35d23f0bf7ad6cddf206d64639c83f551ad947c794ec08b65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54965089c3c21a4c65ab4486188dce60

SHA1
a35b7f8c257001caaf9f3123f63044960b78f6e0

SHA256
dfe0de5d405982a270b94c08286d8d3e01f4916b39adb8ff3a5b45f9d1364cd2

SHA512
de3ca6e2a31512856d0956995b1db95126ffb9cb56b0d2a9d6559c861085de98bcc2feaabc1c5d915e669085989cb1e2bb1a0978608c2c66b25e75b5cc06afbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd2dbe9cb6fdf28bc99e9a77e68ee650

SHA1
8de94d41809b59a8c127108c9fd752da829f4bf0

SHA256
a6cf66d8824095ea63f236adbbcb48d218d9037da570a226f7bd9aaffed63f51

SHA512
6c5b0869981934070d07b49ec9c59177258bc1a961d61204065d615aad78d3ddbc3b871e459a7fa886ff29b98ad71e9778cc5375a4723f5ce6bd7ab12d7ca3b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dad3c1af001895db646c7b5a77c5e4c

SHA1
47b0f9391efb0209c19eb6140bca78521085be04

SHA256
6b49c1abcc59bf590533920cba9476bc65c62e65d60edc1c2b7304e0d730600f

SHA512
fdd9ec3bfb010c4ea36d1424968036edb92dfcd55e183b08f7f444c8460889b2bafc92ef90c92963bdd96e9ff7d3968ab12c34239f2763542cfd770f165b4d5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cf944e592885a3ad13236d5e5adc37f

SHA1
d8cad3850f836332d9ca4fff25cc41b66b5ce05c

SHA256
6ede00f28f4cfb535c2efca62e066b71686d6d2896852aa5c342e7e09a4bcd77

SHA512
b4acce334533f1d3d4c8fd8469d8dbdc8e956f88187fe70a9fd17550c01e5a5d1feeec2f4f9045ba635883f0241049234699a60fc76206906fb52ca93b5d61bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab9a422bbaef5a0ecd224f2420c5081e

SHA1
d3d1a9f61005a8368fd01bf02ba9881c5a1710f0

SHA256
ce0bfa56cc3e0ef23dfd7b8b82a480b3bfa381eb92ead01d20e023146945e57f

SHA512
3f594d10eae361beb69806b5852e6da69ee60ea3796dde0ebed722dfde238d756451f10d805749edd2d3168b9209b6329f565e41fbc87832039d9731a261e80d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4c9060827e1121a0dc5381b8ce04320

SHA1
ca56c9364d7d9f7e1cd4afbe8b9470721e2a114a

SHA256
28e328ba0ebe268ff15e229c54a2c297f6a0dad0c88f04a487a685d9af7d7f85

SHA512
b7911a4f613eb148266fad36717f3faad9b0e4da098e9be7aa3f0a3589b511fb5337368f9e10220c49a45f78a9e9f3570304a2f0ee315b1b5e4e99d5724dfa23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abfb2355f192441b0021e04eac72bc21

SHA1
c71206cbee966e048252aafb7d08acc3a3f069de

SHA256
f01a716c05e2db5ea96300f1c172169b20d8458c99b99102f7a12843bae96d69

SHA512
42e2b87557dc07ba21ae88639ee5b5ec2f2dd351f5d15f4da3c22ae98e372248eb9ef208140305b8d2892dcf75c9cdf4cc92831ef3f53c0f3e5bf50d31b4f54d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4878adb1da8b9ef2aa4dca319a742333

SHA1
cd6d705b2082a012acabf10156e67805a245af1a

SHA256
6f985145cc915850b07efca6c849592430745fd2f4c85f27a80bc33c6eef6fb8

SHA512
284c7dd6b39d23455665c82ca232c45082407f6ad25c13d9674ed4293a628fed8a7e6963362594c8f1bc22f54c4fd56afe3b474a8ddbe3c35fe940e3221e43e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
001dbb75c2d60362c37eba3bd46ba016

SHA1
4250f4c99e10b12236b5a79c8b207b7e4324de57

SHA256
77816d0f7abdabee52d05bd273001418ba0236e80a94080ddf41a45dfa8c0323

SHA512
1ce0389a8c05e99f0b815105b36aea9ee78b310508762320526d4d09847b876e0a914af8025e97510a362443a202248a65219c38d5596421a10724529966eb34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab47DA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar48BE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit