d38e540fe69e436bc673c81cfae04e849dc3c72b131d7b07d9d81059a41bc299

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

647cf26c79b9bf85b72d75b6956e4036_JaffaCakes118.html
Size

907B
MD5

647cf26c79b9bf85b72d75b6956e4036
SHA1

6e4436142bdfb9c612abc2e387bcf64b578d6489
SHA256

d38e540fe69e436bc673c81cfae04e849dc3c72b131d7b07d9d81059a41bc299
SHA512

40a87836093cb54eee117eff8fa2732cb890c9efde8d579fa99e99ebefc9ec65dcccc6003f21cc1b0051edb7ee78cf64cd995f952bc9c697c3d45f5251fe595c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ebe5dbaed1dfe449222700e5322641c000000000200000000001066000000010000200000004caac898823d4f3426e190ae814d374b69713f5bf1e15927c1f4d942b248d62d000000000e800000000200002000000053187385164d3fe854d3fa5d428c56e3425647d47f956be331bb3832a4d111d390000000eba3bfecca9cc9d2be339043c8dd02d343743d26b7b43d51e9d9f2edb4930452a1053fb194600c19261e28d0a9d4debbba0cddb96b0a96409d5dadc25b6559e9219e0ef76494223d725c591b21ce1b9b17bcb3466298a80625e43f753de54bff773d5cf5a4e4825bad28a5b9a5b58a258a1579ff1f924fa9002d981ec2e3a8add3b57f8a98905fa60f954e3e081a99bb4000000043010c88cec87322e915d1da61e2758f270fe6b98eb6a921fc12a7ee9cdcd87bb0c55b268b0585f657261bfa608191c3c2a7a25b4d00d268a9218809e0937cb5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ebe5dbaed1dfe449222700e5322641c0000000002000000000010660000000100002000000085eb9157e6ef98814a0a5926910ec72e659113ea2a7d694dfd926dd409b26770000000000e8000000002000020000000288471d5bbdc5320835301d88ff5d71e1b0ea437ed44e4a9bdad81f89e1e4272200000003aa6e6529e7849f5f3eee4773c13c366eb897d8973bb9898e18e178778dc9bcf400000000d06b75516db8e54d5c3d1b6cf87138a94d760f93cc066a8f79921b4d9964db21079b990f0cce008717393dca59d385a066dcf6243436f1c1a54773eff8657d8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422481656"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D1C25E1-17A8-11EF-9591-6A83D32C515E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a0ae51b5abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2324 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2324 iexplore.exe
2324 iexplore.exe
2528 IEXPLORE.EXE
2528 IEXPLORE.EXE
2528 IEXPLORE.EXE
2528 IEXPLORE.EXE

pid	process
2324	iexplore.exe

pid	process
2324	iexplore.exe
2324	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2324 wrote to memory of 2528	2324	iexplore.exe	IEXPLORE.EXE
PID 2324 wrote to memory of 2528	2324	iexplore.exe	IEXPLORE.EXE
PID 2324 wrote to memory of 2528	2324	iexplore.exe	IEXPLORE.EXE
PID 2324 wrote to memory of 2528	2324	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\647cf26c79b9bf85b72d75b6956e4036_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a04654524733baef50f74c60dec58c2

SHA1
7c4f243104230dda6c83bfdfe6eda247823f68fa

SHA256
076ce6fc507900056b33fecfa62585f23d5720c167cfcab15e033734601cca70

SHA512
d049b3df0a3eef746af2ec414cc9f615b4844fb85dfe2e0ac369153b76d8ec9ce3a5a19a0ec8d50336bf5966b43fd41b3655204bbfc60b338884bb864a7d5ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb21cb55bcf9d507460d3b16d5c84062

SHA1
da9bcdd1e39eefdf247bd4c3a184456247f498cf

SHA256
6d02ed590985a0c9bdea782645dcf9da8d3ae45eef976c33978fcb956da4b849

SHA512
65a46378d6129f0d2c46927591c0da0c24fe150471288a882365607a34b2298ce313bf97576b3e95688d84ba73f4160a120e052dcfd602791f8c7b0787ca365e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96a9416c351d067466d036bbbebca374

SHA1
357d4011da99652e93b6cf3fc522be9e2bd72775

SHA256
93c3149425d866a2cd1c459f8bafe4ac5588aa2c891784f09b31c14ae933b841

SHA512
92226dc78f344fbe4b0b73c3ff10ef630c8892f082313faea0b082a7794dbcae71450824bc5ce52aa56b0a6bc4bd9b7a4b407489f13da32c79bbb9be0a91a34c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee5bc26c0b08de1dded3f59216d327a2

SHA1
e827cebe419c6d093e8fd69958b53d18675c262a

SHA256
e8cd2a867f67e113f3c63f4d7cf7180e7369b3f5a8dbe4c427fc9e642f650933

SHA512
2091a50dc4eb655f7a14a1c02baa6a8d9059c1d9dd45227bc412f1dd0f16051d65d0e4080d41d6f07d83a16190ca5a53508df23223a0e3a26727badcf18de091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9600e600c2873864ab2b391a807f961

SHA1
f541a1e046913b84caf9145c5d4aeefc87521a97

SHA256
9d10a6bd1b89fb05928e399a35755635d5885f5799855c7102ef379813e97235

SHA512
0f425caf86f14c28bd4f0b9e572e5a405b89be0142755d8f094dd2bbdbcd19222ff5b9605abef77d6d35e43d38ee5b4fb0271d533c36262de112dc1b0fa1d2a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9c578023e1ad7b28575028412fda55a

SHA1
166724acb078066c9b38e0eee1d1c76a8a852dcd

SHA256
7f74d75000f8167fa6b34283c6a80a8027e9ef7fcf7dc4210ea7b4b43fc2eaf0

SHA512
fb187865b30fa2e9465b65a59cedaea328da50a8d3b53f176e05efa35ffd86dedf607b7cbdefda2926350b49a2aa786f6535053b90d44bc1171bbc1e5f1430f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89e3e4e8fb400ea33d08c4a0ec4d74bc

SHA1
9b7ca4e1a7c0ef58da767fa40b8745ecdb36acbb

SHA256
e49db3b41f5114cecd0054f6fe4338ce4e8b0186e521954bc5ae1f67042221c8

SHA512
ab6e8bf3672fa9815a551780c01e7ad4b23f0f1d03c2f9b656c2990cb4b7d0e57c2d3067a517695933ce4518f71fac30bb1745a9a5c2305bd8bd0796eacb1977

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
635ddf0769b716c7f4ecd4a072fcb39b

SHA1
545a7bebb31f56ce6d9b49abe80c31d81ac86fac

SHA256
58daae405b5f4bf938efe65a8f0f5b1a8cc073d55c7222fcfc038289cb7b5a42

SHA512
ea50cf8dc279f62d5213f81fe164226a0180de538aab3fef1781faf07a5bd17f05635b133463e07bcdc870fb30953e3df75df8ef1aa4c9bbb1abac6e1eb0ebb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97991c83d67ab9a98bcafdb372830d30

SHA1
d0c5ad607fe49c67d4f740b61a80e04cff80bb4e

SHA256
c73a9808011f7e20e18607757c56451f7c121cb46449fd805f75746fbfda409a

SHA512
5208cd307113eda1633224ad1757550330d7cb14e8723bd6096ff161e7423b27d92712dbd94fd06bc6454a7d804176ab978ee50ecb81b219829d7ec2b2ffc155

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26b37da7f560351477d9caa80ab270cf

SHA1
dd78a9617fc9728eff0ee14fa71378c36df40e23

SHA256
a961a394e0f5851c3ef62651a14bdcb9b22f08f11adaa948e41fd448b2d9d6f7

SHA512
49f35647cb71b24df2dfc9decdbf8eac3c0e45f40b78f6c7876bd089235aa1ab2045bae4746afb559ea0ac4c968718b62e4da67bc2e535887acbcc9265adb5dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee45353e8e1acf92bda41313bc00db81

SHA1
0eb689a58f3ad0593816612a61010eff27dd3407

SHA256
6e45944a5a0790f7ecb475ff33a3d64d96eaf0716e645e26bdac53969e6f225c

SHA512
68607b7d7c53c64aaa424be945d6c652cb540189d2e23f0390b1874d14ab6e42519b37ac832e2e2355b28a79464e7c4a81f47d94eb8677b34ec47ffece75ae18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
468aba601518ea624b2a2e93a9f261ba

SHA1
3ae8362c9e50b4051a00e37c1a6029e10144f6cd

SHA256
147647e22bfd50a08d631611a417a5f71f00a8d47eef80855ce565411719be66

SHA512
3d5ecca28234ddb37c644880d5548294952f1f5552eacc4139b870c8bb12e497f80692b1b989b0ced38c16583ccc392c5e62f6969429cc33a0940f73424047a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e280af91e32d18dd327f16869066a0c9

SHA1
7d1d9537fc36dd1df0b2c2e3960be342475029ff

SHA256
b79d142d87a9dd04ca2ebeb60fffdb6dde1a59ad2e3b40bf1abba1b219d618a8

SHA512
ec5eace48a2a9e9ea2bb116c2457ca6c7cfba58278977dbcf37eab71762d3f6dac7c6fb15614c429047666e65bd2f1e3824c8a61f29cb59ad5e4dc24607a7ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7009632727d61f784e9e545757d4f50

SHA1
4bcf17e21e45005e7e3ad976da937acf16a7d5a6

SHA256
2b850b6d7cd24a51a067e812d3e46cd8976e059e72f56b21ad17e5f33644565c

SHA512
7163d8baa6f286378fe43d1fb76b9b193684934c215ab9030837c8493af91741ed80ad6f1a136df58df4399ac72ae55a0e000fc51650e9feac0b72d7b93a3b3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0d03a2502e47d51b945d0bad89670d

SHA1
ce9e975da8071cbc9f598c63428362afab70d476

SHA256
8d7dc50b41f98c102af89adc9998210011a25e1cdec4861e891615a0cc2d9008

SHA512
cb669c467d1dc0dba95329365444aadd2d095e2dd65c53458ab0c1fe433a16ff982ae0f4d93df6c79af245a52f207ad81d644eb307a785b644fb22f3442a558c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcfec0d2053cbb5d4d2c4cf5dd916701

SHA1
92f0762a40e23f37151744ce3ecc1e85a723d4f7

SHA256
b256e60df2e44a23e1a19dc0ba3524a151fabcd088e82e0fd706dd136b14e506

SHA512
91ae41c779269b4ba2b588100833c08d1e2a2439b7e5f074f764f2c8fde179ca9c362feb91402c30e87391e73bd2ea868675745363dc46e749407521e87a91c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A6D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B5E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit