5ef8a5ed0126e419446b2f494b9c70901e2755a39ee915985ad16205abce59eb

Analysis

max time kernel
118s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f43868e62ba2a1e6e2b22b7ec9b874_JaffaCakes118.html
Size

4KB
MD5

63f43868e62ba2a1e6e2b22b7ec9b874
SHA1

5f60490ea8c27906f0844753e0a05286fa3482f6
SHA256

5ef8a5ed0126e419446b2f494b9c70901e2755a39ee915985ad16205abce59eb
SHA512

98adc5c0559ef17f2f56ae39dc0e4c6f7a168f01b840735391e89a46fa65e98c4355d6a0dbdec317abfda0704034b4be1d12b4c8c6ebb5052471e193b9ff9516
SSDEEP

96:zV3G63rNwJZM530QpLz01JZSldpnFxd3tnCuKkcaTL6i2:zZJ3BPR0QpLz01JZSldpnFxdtnCuKS6F

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043761f99fe5dcf4ba203148bee036abf000000000200000000001066000000010000200000003fac2303bd27f6c6f62242801e16e8cd47535b0d10e68fbe49b8e9548b65ade1000000000e8000000002000020000000c3dfa744f2cfae1b1f586edae864935f0b6aee6e4792ffc81a10f3e7d4c3ac5d9000000075f5611117c3c475f157a6a0258bcc04699c4c34aa9d6c949f2b2d17c494aa158d2862157a182a2093ce3ad86859fab995a91e3bec408582c608e369483414915ca1ee9b2e3af38de7c205fe44ef89c0ab0dcdd99afbf8c7f1e97554fa6bc6f6174d9701eb9d2bed187072f94ca341749848892ce64686cb218b5da947262c43046d84f6a37f314cc729aa1f81f9750a40000000addd80b520a7a95907ac5652ac2feaa8f0c87f9fdbd70386eb04f2cbb99f4b4de6169538c16ee96cd48446d6388b5a6234308e5d47d3aea4bc8bcdfc1a5f63c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0F4C601-178E-11EF-9CBB-52ADCDCA366E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422470632"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043761f99fe5dcf4ba203148bee036abf000000000200000000001066000000010000200000003a3940fcabde4404024c01933e387f58536c8ef5f6ec4aa0322b45fd7bcffb03000000000e800000000200002000000006e4e39144195fa99baa71d508af824b1bdac7dc9525520f0588fd054cbb034720000000b1613fdfc52597242fe82e8f3c801fb176f7c7066e6691e08a46b47fff57cea5400000003f9d2b01d6f98bb55941f4dd9aab6fd9eaf1065cf62a57e33fdc1ce586fd964c49e0145d2f824f459b314eb684a63d828dbbafd8f347702920e5f64226cff271	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70aa61a69babda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2020 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2020 iexplore.exe
2020 iexplore.exe
2032 IEXPLORE.EXE
2032 IEXPLORE.EXE
2032 IEXPLORE.EXE
2032 IEXPLORE.EXE

pid	process
2020	iexplore.exe

pid	process
2020	iexplore.exe
2020	iexplore.exe
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2020 wrote to memory of 2032	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2032	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2032	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2032	2020	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63f43868e62ba2a1e6e2b22b7ec9b874_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc0ab92882d198a1f0ac2d860c8a2c9d

SHA1
49c29709ed1c38093ee76ec8ce24d3e6afe7e0ad

SHA256
dc3532684e01be42e5bb7e1556cd7f62dd818630947bc60796642cf0cf9d2544

SHA512
e71f019d4880b9162ac5d6521ef1cc89bb3bac1a9b8d52b8c84f09d4feeb43bb596470895622ee62b5f83fe7c0e916050fcc8e4fb401b16f5069e92f24b085d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b62471639b17d9991202104ddda156c

SHA1
0c364e20156701c25d126b4ad8d6b557018be2ea

SHA256
2de274897f15949b44303caf016d961982b96311e5ee028b9f24ccab75148f98

SHA512
6b04903aa7bcea9a6e12b3979738cac186beb8f2920840280dc8a404bfe6823840c7f7f2a5274c92068b776c5a306790d31e8db2b1dfb33675fabb3a248da4b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7e9d8d55bedd6b8cd8217deba9e55f6

SHA1
01ae57dd810d9637c3e6047556a7027f3c1596b9

SHA256
515e0c552492de66797a1c125535af963dced3bf6fa918c31a62f48150d02a7f

SHA512
cf86e31224e8595ecc018f3525791e0cd021a772eb0caf2ab4fb99a3fdc56fb6c81e6679658a716cfe72b5e89d90818766ec01b5f326c080b1c1bc9a84e3cbe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5019ad4e57607ead053810cc404cc3ff

SHA1
d6b3811700398b6ed7deabd995c894bedf2b9d2e

SHA256
324aca49443656bb2dac48d0b5e5695fb5f76a1dd281d03c5e1eced52bded49b

SHA512
884b34ee7b62fb325d2233484137503116505bb766e5dd5df5cc4a6c64c3a9b01e425b6546eb703c44be938b17c6f02716910fb3c430484ffa50cf93b1bc3832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22e1f741fea15c6f24e1e9ed65786b39

SHA1
0ab34d350ab6a89b98de5bb423d3cca1fbd9ca7d

SHA256
8fdd3049edb015e2e6b3b05c3931ffd58542feaa0df60ef12b2c07bc05845f59

SHA512
9442d06d786412f958c1cc2cab40f491e3aa4736c12fe04d68bb90a95170100b20b135120edf261f7b28834b20d12c9c17b6de85ccf84ab54392bbd8cebf68e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14d50ff8d50ef96d77c14f31adb60102

SHA1
cbd82f1068948aa48f00d7aab23bbf813dbb92b6

SHA256
680025f7d8935f3e24b45cdb71a4074a83eb28946d0d8cc23515ba1b2cd68b3d

SHA512
390c491f6a36e05a7c319e012afa4c6fbd644e01e03110d2949f7bd42d5d1f11b6b0add048e0d5b85f31db2cb9f1a45cee8fea760c533d4203e6ddaa316c249d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15e12ee5978aca535423229496ba386b

SHA1
564d918c2759388e4229e921fda277f4e15fc1a7

SHA256
1a06990509708b0a6ce94a632909604a14e0420f9c9a42f2b26cff9597cac491

SHA512
d3a9e7bfe4885d14e2bf870c5fb38d598509d82142541ef52848eb8913ca1d8871b7139c12eb0af7feaf51e48a4607d3f58ed234eb0a981c3027a0bcc5bb0268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f4cfc836df7f0b2f3336e7b8080e90d

SHA1
84d5c73c287a81681633709b522a35a44b5a5b6f

SHA256
5f794638b308c8a9c6f7fe8e8477a8235cfe207401d474c43ac80ef84dadb945

SHA512
7e05b47bc3fba9661e528a44079666ec3f1855b7b93c096e564a6e5444c5d5a571ca2aa16d7a8c04026824db5cf20a4b43ff7b568375776529ef566baee374f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b96be0b18cc9e08a1723399d7307b2e

SHA1
0539885b2e3e4d2ebbbf979686a4469b0c653114

SHA256
0bd7f52660d73f9c5e2d122d5efd82b710c2014efd4e08869b8e9ab93fedac23

SHA512
f2b2231bfb89c757dcf4b09cb805f5f64c6497bd38db7f82e0cca471ae6417d52269a328303515dc4f981cd82488390410636745d875663f525c0341cad33aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cef3baa4c885ac7884761780a37cf6ca

SHA1
df72896205df8fe640595467da233dd4b67b5097

SHA256
27c93b2525986cacfc45d0e92310971f553a3d78569c5ac098871d22ccf9d2dc

SHA512
4a482ffb5255e0cb03725b36f75ce25c470cfade007abafc3324d1a1ee00639ff90654fcd2af4150554c40e253eb513579660f8de709dedbf7c3b88fec3a2746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54f69f7d99c11ff8a3fbe43367c4ce21

SHA1
e1ba107d66522a7e30de0c322335b77b65790ced

SHA256
400d1a1cd79a89f0a0e89407b0bb3ebd2b8469a909512f91224ea79ee83f9d61

SHA512
a54c59ea7cc5d8f6d85feecac432d3fa65fd9de03c8b41e1da1076e7d04ab5727fa0ea67b8556f93875d5e285efd75362ab23bb2d6997171afd54b9cc5369eb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4032ec6ca7b7bb45cfaa69e4997ee56

SHA1
3a0f149c267c8a4e91de2de708b85bb7924bf099

SHA256
3a6bf80ac414f3dad76d8185044d1185fc337eb4e6628fd54eda8b73dbba6c2c

SHA512
de3a6891830e49cc75c978b1ccb175b2ca67d2cd79a299f363ebc9976472678c763dd70d77641bd874fbb8a6c70724100652f423d9432a1f7c8b80b1cef26265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff720df3c2a44aa5072e60bc6bf2e6af

SHA1
1fed73a30a907afb79e2a6daf31b9efd3b5a607d

SHA256
0d9fb29fe4a41a5bff8605ebf744a41cbaf2419ec988581eb15f95916153ed23

SHA512
8449a1e679ea8ddc17a618d9dda21b8bbd31d4597574fcf1e3bedb077cbd9f664c580aec393469353d41da4e76f85969a771c9dc7aa68a5ed917dffb4599a206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed3c7e6ece06d683a40a70aa8e30f405

SHA1
7004c561b9d25392190d01a73d8abfe8472e50d5

SHA256
73d2f27f93091528fdaea9005c93a0ca678165cab2907c2ee65deb24d534fc41

SHA512
1c097d16a0432461f2e8d7e81c61dc11c28e6d709b31fdfd93d67e254b689ea99d23cad7c58bcb4fae028d0f815ba401fff54b0524732da6c6573d42dd41c4a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
534a657eeb59304e7b66dc75a3e63887

SHA1
a94431b6bdf9d6edcc209a4ebd96ff7c78f36bd8

SHA256
e6cac8b47b78d6748a41a4e6fac23b39a2242929032c193209d50e024d784077

SHA512
8951d44c44f8f12f1cac9b2523425d272178834c0f27951e8b9cd398bf0347f012af1fb84f6c9107c3cf0bfb3f6312f5179a48a50e205ecba87c27fd79441d40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ba09c67d50878f824ca0f02c07e64c5

SHA1
ca254453926410dc72ab30c66e05ebada1d750d4

SHA256
54a5ff0166b5fe10b1290a1fbd1a950a22dc80c07e7a75804e9d06e9efe03dd6

SHA512
e8d024cf5bf30857a742f2d11369e9b504231f777ce62005f7a48e9a0186092355d82529c9bb7191d9047b22ceaff99b5d81eb7baaaff86fe0310853d839148f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F7C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA02B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA04F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit