a906237d79cff450c595d6ed299ca595514ed8ee5fc8f7f62ab950846466a6f7

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f2154cc829ff8bb2b905cfc1607acc_JaffaCakes118.html
Size

2KB
MD5

63f2154cc829ff8bb2b905cfc1607acc
SHA1

071b965a6b34e9917e5d82da7fc551784377ca26
SHA256

a906237d79cff450c595d6ed299ca595514ed8ee5fc8f7f62ab950846466a6f7
SHA512

92b5c59510c82bdea584e47702c3d84bee285d2b3d908f7f3f7ea1a370e0c29c389bf3366759bee5e509a1e992fbf592e36341a307d8ab82c5f3540d16f3935b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ca702fd17211704396e3e767e15054290000000002000000000010660000000100002000000097f575fcf53efb065b2d3f2b4b42f1f4f7f006ca5811517473374e2437bb6e93000000000e8000000002000020000000a24b6e61781bcf27ba87bccdff3b0ea919e1712a02b248d631b0280d8deb05ab90000000036b511d4cfd0c3cf936886a05fecf31f67eba1da79374dc308e4b9efd1b9a555b967b0aa104494471680142ffc37ca6a437727a1fc372ddc754eb052a79183447c71d582659f0c22f1bf9d0ba6b205a90b72e8e845b343d7cb207b6e5dac338e76a8c3cd62ffad8c20de7a606ed201ab3c6c988d71cd8ee7a02914a5ee1add3e4e6b4fedb0c4877727e4f577cd8384d400000004f107fc9b5e9d8824f32c73c15d56179806c8d831be5726de4ce4712ba816f6ad97b8c4e956d86d6f244616bbdd68175c84d6999a0c695842b83e3e69dd9e94c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D086601-178E-11EF-8D50-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905b8e539babda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ca702fd17211704396e3e767e1505429000000000200000000001066000000010000200000002ef65f6400f61ad1a215177eaccca09a0b70d7a081d658ce0955c160ebad7853000000000e8000000002000020000000cc2dc3ab7ab20ebb415153f84411c57c78a58e6574ced1122ba96b45948de430200000001c3ee8f47bd183ccb75d5ea848c9c9104c2164ff8a6d2c8b610a70a81ff9cac840000000a4fd82c66dfdbf1c876d314b648faf86915954b6f5393c7c60bd02dd9646a6ae2f5653ef65986b5be12f1f9162d38359fd6cc79601c1cf44ac40e4c3bc13365d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422470493"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2220 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2220 iexplore.exe
2220 iexplore.exe
2360 IEXPLORE.EXE
2360 IEXPLORE.EXE
2360 IEXPLORE.EXE
2360 IEXPLORE.EXE

pid	process
2220	iexplore.exe

pid	process
2220	iexplore.exe
2220	iexplore.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2220 wrote to memory of 2360	2220	iexplore.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2360	2220	iexplore.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2360	2220	iexplore.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2360	2220	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63f2154cc829ff8bb2b905cfc1607acc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bac7d3089ef53f7befad7c1d0a5cc20

SHA1
2aa9d300a07d6b6832c08a8d6611a327ecd8c103

SHA256
e3fd98a3fd5dbfd0d025fa0e1b6905725b8ec708acee879373966254048b7d8d

SHA512
a2c73ee7c2823afda56068a5e27ad15b002019e2629157683a9376d06f2d3c62d8d831bc97c4be214befcd9b48b400a9f63ceb557d071633bc1d72a8a9e578ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93a11dddbb0b9e9963a2ea761f1be5ca

SHA1
ef6340bdf6ce3d1228af0ba5cbb14943a5902f2b

SHA256
ead365682b8b9ea536b7973673901b1c1272a008be399eaf76396284be07b380

SHA512
f4029ead33632eb63e0f5f3847e528e1616a0b4891c76710e9f3122d62514b35be673db0ca14fa3b3fae6584a51190715056cf807389cd2774ba1d7288799bd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b41fb736279fced9150882196d1b237

SHA1
2f0ae5039bedf044961a826ac05905cf56118ed1

SHA256
e978b475972dd0b797174680f705d9cca35bbdc058c9db7b7a87c58de992a9de

SHA512
d061db37ba154f36a1f1e74e7d1d726cda070a7b4566e602becd5fee021b709643b2e0f3546387f0883215742d24ba8b03201384ad47cd08b126f583194e0add

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86b5ef96960df90d8603c8f871c799e0

SHA1
83243a575279a471ab20a286469c9d0f01b63413

SHA256
14ae83820158bffb1e01b8e863743741446b6fcbfddcb560add0317e545c3baa

SHA512
784533f65266fa930760c1272d35b5a6ba29a005d03f3e45557db869a76086ba3398f5eb64bd1be21fce19c871511d29e345d7d929c7351bc12f89c7e82895e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85d12f5cfc4f6d8dd70e3dd0a7a45249

SHA1
305dd8b200507993ca3b013a0893e2a0f0f51830

SHA256
ab4c0ec09ddedad823b620cde68daf8801f87dddcc4386b660d1c37985d9b77d

SHA512
e427171343ca39ea3dc0c9e53f321bf2dac2ea3ee048fb1dea6a6d08b061e0c9c1691e3f34345528b5be5c7f612ba398ac08e64bfd45df2adf2cc4749d633765

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b9335ccef424b4b9e95ef796579eb94

SHA1
71af9261cceafb9b8b5c25baa0b42ec7c0249d58

SHA256
569894ae90405e280744b96d4ff1b200fc17ab2c3daf80ad9f9382e39992766f

SHA512
c908965805ca275bc7914dbf06906ec5cdb2b3326f87a3468ec50866a36fd4751350f3af1b531615013dcba84b3b8f9d4b9fbf6888e9096ae5e0144c2f9ff379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bedd2f67199ddff2611ca0ed8aa990fc

SHA1
51e243899a247364780af2613bb10b6a6f1ff3f8

SHA256
e48cdbf2b72a8eeb1cc9a5d08fda1354b1ccd544ed4b3938bac5d3ec6ff979a8

SHA512
92de61eb85ee43261810068f81e8c51c4fd286854aaba1835eb727974d40bdfa6bff66b45ca052875e50b0b1312adebb796bd0417f648b58f8087d7af436e745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a42658717aa7764f684bfe7e93ee5d22

SHA1
1bcc1930a79ee6957e3d9de724a36a6243a0712a

SHA256
d3d111395e9fdf7a6320dfc07dcecbbcada1c9ad98bcf9644a2274fd74b5351c

SHA512
6698f4307e21b0b1c5f8b1a6bbf761f1dce2c6b96bbdd7f39872dda566e06d76734e757bbacb808f70615db660bed5c5b66f649cacecbcc1e4de27d3cc9c8cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14a1f6d60e0492c5536b0bd57d376f61

SHA1
c817638b263b16a7f078a6a46453cd58ad011799

SHA256
7bd0610050cb129a49bfcef2924b29fcbca6ed9441661a0180b8c3d329187d94

SHA512
447cd2d8dee673b8a21f7050a0a4de3246e6bdb60bcb77ba23b5bf1dc8f42902a204ea21d0ce80e664a57d544a61fdba73274a0d9d18fa18355f4132d6d150bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
888a2cafaf77af6c6f2cc5db059ec620

SHA1
0561adf25fdb57cd3a86a6c058bddf07305cf2c9

SHA256
ad81fc80734384b0f35c3659263f9f3c1ae937fe96e9b37b85cfaa606e18c53a

SHA512
164f54aec0cd9694619fabc086ea53ef2a5c5f26739ef84726b83c2f8cb1439d3ade79c4bac8d67ac7d8423dbe13d3b33721be5a1eaa9bf796dca14c8f0430df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2eae15090daabc1c8674dbe6add88824

SHA1
303d7641a62f56e86c9e5a6cd2e674392d0dbde9

SHA256
fd5baa57d899849d466b009ef4229ac12bd4fd05f24ca19509be1a093169f260

SHA512
1fb61e422466c3839c2359f4aed3e649cab41f0d93f20fb222eb3fbb9e4ed8cec7bc35c226f7429ec88dc8e133277c12954a23dfec7bc5088aeb463b2cb86f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad531ead48f5415ddfcff16cf66ab304

SHA1
077c970ac6f9da5611d5182ed709f26a2ce4076c

SHA256
3f7c7af5ac8a6e55ba9d2e8b0c10c53bdc409239fa76e06c202ddb14b368f20d

SHA512
283d5d863877f33ba08e1c65dd1061a7a069148fb8d98117fec4574c764a079e599311f5894b08fea667d0119dbcd1f7c68c65fe7b2d8d3fe5644b2d0e139973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af10337e89f223ddf7010788b4e42aaa

SHA1
750f975d5bfacfdaa24e2db3786b0d8d88eacf09

SHA256
e67f412b436fa3b64808d7c3c815ab189a40f215ce41a6dcce2d300eaceee3e5

SHA512
d669a54142126ee66058a68b71fdfa112e0d2e675785b9ecaf929bad93bf3883a3a525d377f2ee2cffe3432bf1628b1f1bacfacee13f30ef1162161ef3e7e18a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df7d89185141105681289a966b6807f1

SHA1
839174f0b8067b12c71a1ab6f3c266543f4a0aaf

SHA256
8dc848bb02726b40a811733f51d8866625725ee7d64958878c1ca5ff76868f50

SHA512
a37ce415ba8209dad6759f40066875f0bb3f4325e64b54da266ecb58ca4368ee7a2d58a8408d79fd681a77fc7673b863634ad8cf638e52d0310a102bee88ea1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dcd29f33ee1ea78c7d4c0ba63a1d681

SHA1
fbc7fbdb75775809cc64ce6fd83b5be52836a977

SHA256
7e2733fd5789d958a2f7d3ef94e534fe04b27c341ec2b1e68b167a3cf4a20243

SHA512
233a237e0d3787c7430f7c4fa2578029cf8da66540714a7fd535ef50d5ce9d45e3f8013bd799f10eb430ad202f73871a44a6dcbc86627c55fa9b24b3a9b9776e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71B8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7318.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit