f7ec4a18ea3552d98afdff9a3f4c772db5b1f46f46f36efe3ff15eb74c949fb2

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64059358686a00d56f44c370a8d552ea_JaffaCakes118.html
Size

3KB
MD5

64059358686a00d56f44c370a8d552ea
SHA1

f6964a62863bec9d6e16bca062523ff59ca9f038
SHA256

f7ec4a18ea3552d98afdff9a3f4c772db5b1f46f46f36efe3ff15eb74c949fb2
SHA512

be1b9df4d1be688b323cc88fad5128b65573fa9e7ba52931c8a8761b93116aa9417995b403d4ef2b855cfcfe81f45e41b139d24e429d1057b87911d04fe5c08c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000fc8b71bae2b61686edddf9614d896425049abc4853b8f3c83ac8938ce7663a6a000000000e80000000020000200000003c0a906dbe13aebcef1dc1ce3262e9bb676c7ad4b7ae8d550d351d62d59f05c490000000ae3f5aacf6186ece38ec701355581746f3e7536c3d440c45a2e56ae22ada1de10ef25e7107a1b610fb544e403bd47424c3091cc3566bd1d945a9df9d5f1e44a88a3df87d3db5fc155533f207e38da1a7a3f480c7c722c5ee6a0d0e8adf227bf12bfba659706f51bba1bb141889e138b149f24da3e1f6bb7b830cadce2b1dd288305453a42b931681e60cfe3282a6cf4c40000000e92606b2da1f5d25dd7c5033f25637a194845c2fc0772dcd72107868af45daffeaa8a710601558c591306a0fc5664cb539e0e6efaa3486f82319a8668311ebf9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D92E1761-1791-11EF-9BF1-5630532AF2EE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000a334c7ee7d0258d1b1e5eac3c00a37f52a522af92a14bd19c906732c25a19e1b000000000e800000000200002000000081d49f46991f616c3195adf473e362a40c32684702a61648d532efc0dd06b676200000000bc15cd98eb56c416330cdd8f36dd4eea933a754a7f512a5e85dbb0bc9ab3816400000006d18866df35baf36a91f16af6725b5e4ebcb64f5a8f93f96b18d3ec6dba7b6b093336c7d07af5e5a35bdf66b5db8aef2cc47314c1f9a43de4a917bc6e1f876f3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422471933"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0fbcbad9eabda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1616 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1616 iexplore.exe
1616 iexplore.exe
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE

pid	process
1616	iexplore.exe

pid	process
1616	iexplore.exe
1616	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1616 wrote to memory of 2856	1616	iexplore.exe	IEXPLORE.EXE
PID 1616 wrote to memory of 2856	1616	iexplore.exe	IEXPLORE.EXE
PID 1616 wrote to memory of 2856	1616	iexplore.exe	IEXPLORE.EXE
PID 1616 wrote to memory of 2856	1616	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\64059358686a00d56f44c370a8d552ea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1616

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
24b994401e8ad6bb6b2de9233169b9ea

SHA1
bba3161cd2bf667f2e52cd60fa76ac33881038c0

SHA256
2ea651ea9e0503ec21925be66fde3934bce189c0fa4c5d307eadd2f697c77822

SHA512
ed790ee0928047baad7b512e9a662990ee831bb7a6caeea79d1c48bc9af7d3121f517e206fbc3d3d921788abe52bbbac0651f520b0b3a6c6dcde234bea369532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b4dfaa576228c5568359200cd8f9183c

SHA1
3ae87d2794b3f3a910ecdf9e31cc1285b3af5be7

SHA256
0b2707358d6a5cfa0135ddadaff3ca0089238fe364cba9d8027bb45fb64af91c

SHA512
e4280d21cf085f23a8edf48543757b97e0e90e4fe865b06ebf5e97f5764e3064dfb2bce20f9bd54cf7d422282cdcf43c03067e1507ee23e497fe122adeeea4b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
553ec3041f918bcb44ccc656d18bc101

SHA1
bf0466c31eb2d5033f1e95801fa0694562e9baf4

SHA256
2fb5359792ac96bbc4746eebb508424e7829d8275165c223d871342bbae9d3ca

SHA512
4953017b290d7a5d3b04a369203ec3db3ccadf39b46c3a93353097823451ec6dc047abd4cf87b7be89c8ffd7a15502b1827d0824355cba51363926057c235bc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c452883754029b9eb810b927a648e331

SHA1
05c35f9b454387874973e5b5f789fd0e5ec55cba

SHA256
37aee5ea54d1de3cf974013c625a9b50f8fa9c66e5610b6e0ea94425179c3ede

SHA512
51be0e8d260ed5c9040ddeb8398c5ace30f94a20e2533a5df56133be143204bd246c04b3c4988071c09c24fee679ad43f1af44ab65130513077b41cf20a89341

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6ade716fe91ad6804f371a8d418eda2f

SHA1
bd8eba80076f4461e2de1f2aae768f968b66613b

SHA256
e64cb436069ae9862e55c1a99fbdc8db0ed7a08d3e3df5555a3ab724a23f6cc0

SHA512
d96de290354e30dd0f14e62c0e5b40c3a4fc6dec94d50c49a748eb3bcf5fe3169e92d5a3f24dea25afa9d37fbf3fc8f401d013557ca7b2b4ae1073718b76a131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4b5c86a1ff944b4a5a4316b50f6af91c

SHA1
ddc7540e995b66cd4bba88c48a48948d1a3c63a2

SHA256
3d563fe5bf88e8d3983b321ffee882fede770ee80a4f8bdee8ffe93763fe8968

SHA512
d5c19f1129beac092d9cbf9f6562d12a2593b6681e68fb898e01ec1261650f00fbe204f4a443f1a4b2ca52ecfe7e1e36fe343d24a3413f63381acee7a9b8c9df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
324a01143e4a22295853dd8c816f831e

SHA1
4bd83b4b019691a8b3be515e0c2d36dbde2db5b5

SHA256
d90e42b2d0fe036f5f021b4c58d0d635600bb8e79db2eca5034e5574da136b80

SHA512
b35023efa9b229f2f0dc3d74c939ecd5d932e43e07e43e0576a8189b2f2480f827bd34db47b010da28e6574020dc5255f31a36c0144ed444c4214778170ede46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
157796934d9dd189ee3fef1ce542288e

SHA1
bff96a18c5c55c53ed2a910277918032d36d9b03

SHA256
09736a477ecb4737aebb72ee61fc1e72e605cd206fe1137f2593ee37310feb7c

SHA512
8e60c59e6dc1b5a96c56419a97e975bb1d48df9b7e9ba3ae2159aba5acb9748fe547b33b62ee15b3fca31fae17b6157af78417188f1cc1b12c5dd9c0b747a0b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5fa5ca562f634d6882b13e2112bc1794

SHA1
e1e7c118f75c28b8e2f432d4cbf7a1dad08d46fe

SHA256
b301a22ce6430729c7f62ebc2d3abc8b5d979a8992b6afff8b9b511735738b9e

SHA512
5c9c65622c95eacb8af776abf20497218c8c08cdbd75a7d6f76fbf5b19a51d28e8af353d2fa6d1876aed5809831659712c129e4961d491768a8545f32d15ba5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
041f3fc5a2717cdb1e805dcd2567453b

SHA1
ca9c6e46c7fc139b91df748c7b82085b5803ec2f

SHA256
636003e9d333ddf85828bf579f9e6b56c1bc32c5198789aa30964a9f74bb9187

SHA512
aaa8eeceb12982dffefa561fd85a061720409ad06aaaa3e7c2be27ac6ca9556497ddcb81cac21a4e5530fe522fb22a09852d09566a7a4e36afb3015359bb6747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
66c9f3d5b4ba5ad6427f76116ec016a1

SHA1
472a154ca1d818366ecda479a53078e8e6911e13

SHA256
6cc830040e559d65af264b6695a21719e7704f824f83743a5dae2705b203c96a

SHA512
dde9a41e76b33ba76b49d09af8e8521f1106520fdbb9e4fe36bcfb77095ffa84f2ab90e026c43110953a1c8ec818b545308b5999974cb7163d659d76189a1c73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9fd8e33b1755101df36abd6ae49c64eb

SHA1
540775ed688cd001868643a0906e087d53d1bcea

SHA256
b7966cfc0692539ec64cd6061e19fc47b1b55a1d57cfd461dbd7129a26126a0f

SHA512
531dda9c0e6929030fe7c9def66fed0c302e498e6ee8cbc09c1d458d34b0dabfcfd1231fa8e9012ed6867c3e7164810107849473b55a3a08729bf74daff239da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6ce44533c6577be30799d9c6694a0a78

SHA1
abaf5749297a081677dd6d643c19ee58ea50400d

SHA256
ca75bd73085fae73989e4a4dd93973ecc1ed1000d00e92069cabbdb9ab5a2de9

SHA512
2d57b38230cc2733b37d930c8f4b411912bb05d2646321dd35a5757a958c5a79971f051c46ab7f082fc2122f53fa7c1256699e4011c49625716e68eb49951c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ad57bfa92307c1a52a44ffda72ee391f

SHA1
b2ae8630f2cc118ef31f7fbe045f24e99f45964a

SHA256
250fdee580d01c5a6be2ae9349a6e908b31933212c52f618b41663518f7ba273

SHA512
2d17cc8636ac92ceb74973608d6fd120499b237b4926bdcad1437ca86ee505942a06aa5cdaefc9c7ed9ae91d22ea260a41d47139b918ebf6cd0fd1e0067f0638

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6225e8f8bcf2d350f749fdfa068ad791

SHA1
3636dfa86944141c83d3dc0f6abec25ea68ec09b

SHA256
3fe325051efa3261438d311c4828e0c23a1e921a0022a43309646ffd47aae1bc

SHA512
8cc5625a1b1ed744298be194b93d31bda2c4fe8be2ac9f73e982e3797cd1d16bfad3cc5fc5fc6066ea1afe76e583b53bfdcb980550a0858120f8c9d91a809ee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
78ccf7b3b2c389c31948a02453958ce2

SHA1
760b4409022c73bd9c5db0e1055824967d7b9d48

SHA256
4568ef1722716bc836b8b3aa2a3f8489a57b888d9055b93b5efbefde20553c69

SHA512
20fb6dca6be18b0b2a13fdb88baca0cb7036f6ee927dd619e4e6d72ed470251734fdff3a87f53126a5b72f6b9ab50680779d9fe224e8d46fc1362c622131b925

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C32.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C83.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit