a0bc54c403b38bd55fdf7c534b51da89f2fd63dbd5f0018cbf763b4760d157cb

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68cb6a0d4d71766347489c6562f3ffe8_JaffaCakes118.html
Size

2KB
MD5

68cb6a0d4d71766347489c6562f3ffe8
SHA1

3c8ee5dc7a447acb33559d98587804e84837263c
SHA256

a0bc54c403b38bd55fdf7c534b51da89f2fd63dbd5f0018cbf763b4760d157cb
SHA512

e100612051d3662ef545686223b018f08f73723e4bbbe930fd17efc441910ab6c0e672b9ff84ce0848e8d140accd91e409e13641f40b55fa6ef839ce492a2413

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5DA10521-1887-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081671399189218458e5335654f72681300000000020000000000106600000001000020000000dc6d2986826da5636c6fa89462587816f891ffb469810390b2d53c5cab3e7636000000000e80000000020000200000002fe45eb27b9798bcc83ea5a1afd984e60eeda65fb366ccc180f18a3b8cd76f8d200000004e6cc7565e0249e8044dd2fcdc4e4b2e9aee251ecdc59dfe0c9894f2ab0c64fe40000000040f0e607d78d0388f1b054b6e2393ff30862bc7fee0dbf3621a598d7b1f209c984d24852c59dbc6d11177656bf7ba2df1e40bd0f98ddefb19e1597b666d50a5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06fa33294acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081671399189218458e5335654f72681300000000020000000000106600000001000020000000ea90619bcac38e78aa6cfca0f4bb3b5ed00ee7de5942832b63e54bc0be185640000000000e8000000002000020000000c8f99e81f1947502a6e4b07baa0a77f82c10ef4de1e3e223a42ccfea1ad69e59900000007b7524f7bc2811d5c61ee340f0e7c20f8d64ba8ed89d6a212e763ed194e091b7676f414486af85a3a3d86752536d5b8ab96760b5ccd1bf619ef4aa056f1775949715a30561a88c533aa8309a869841a38b9aebbbe5a8a05b516dfb9ef3bc719e0464767a3d96c4f37c69d57cbed27a1628dd5679e88fc936ae17ad0772dc3a238751847c7d1d0916b6252403bdb3202140000000a89067ebaf884f72bbc144a34670e1eff5a823a71002c86230fa0d0f9ba07749bbe0fd6991342b4b3812799acc1d43347c8d7f9ba503b376a7d0eb81622ce2a7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422577383"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2892 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2892 iexplore.exe
2892 iexplore.exe
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE

pid	process
2892	iexplore.exe

pid	process
2892	iexplore.exe
2892	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE
PID 2892 wrote to memory of 2456	2892	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68cb6a0d4d71766347489c6562f3ffe8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcee66b381a36dcd7ce06a78a193d113

SHA1
0627b327b000e622413c6e4f398fb8a41c49fc0f

SHA256
8fff8adc2cfad720df50d5c863beced688d8900a7a03d8d4788c80911ad378ec

SHA512
cf800f412e2122df134bcd3629e45264030dcd958e56a8018fcebc3122a67e55874f7b978fa1f88a6f7d059dfd06f11e19f7cb86fec515e9758c187e2772632f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
766ac5adf1ffb321323e073bfcc2b550

SHA1
59eab6daf47ef53eb0ab98e3f07ca6fc1b34cc34

SHA256
834cb599696044e8f660d9e85eaca06df76ec7c4102b6992f31ecc5864e76498

SHA512
dbe1f1e092697bac4d09a9cf420e31b0814ba111e137fbb378ffc09652dcd61aac80eb60d5ab5896ebca47b99c07ceaf3cf52008bd109caee4a75fb1303bc4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5442f986e5c5474880932b23b88d2d5

SHA1
b11ef79b687849ba08b1c9c39694bb3ba53b5fec

SHA256
c42a18762d9f39e6495d28d5500e85b26408d3e87333cdb4c101920ebb2ccafe

SHA512
ed7de4c23c0978cec6cc830a44be16280613365b6683c20c2c83d02e173278926ceb24fe416f009c501757cfd4149efa73816d7533b0b9a38735f93d40d987b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e0a7449647f44132bb5c76e8c1ffe69

SHA1
b45a7ead252141cbed745e8a4e69bbe8c48ca555

SHA256
5099965e51c21dca25ae0724595a89f3e5a0a88c6239063ed0d57d4806846d3c

SHA512
de1b59cba8aa1b28aa73e95e582e46a5d3dbd33bda7cc54f0b0df5d30a1b79a68f5d8042d4ce92a44d01a743bf41cb3094f1094b8b6dbdf4c4b989ae2b2cfcf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a597846991d0300c4902e345d5cbb15

SHA1
cc878d76d6fa244773dba3898234c261c31f6aeb

SHA256
8cf938e3de1faa3a6638acaf4980cd85db89cda2490fc6f319d8548749d37c88

SHA512
c1207b376ab2b6846affbc66bae4d8a9cff38c708fe88545ca04ddee117cb954b30ec80194c35cb43249dd34272f33a7bf7f89447bc1269338bdb61c8a0baef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73c5b575cd9499a85e572d0e513ed0de

SHA1
71f9afea0c011f2b71ac6c0a5ad4ee1026d65033

SHA256
9f238e5bfcb5de6e931947674e278b0ad02327c538364fab30c28057dcc725d4

SHA512
c803ece067339199c70e106c4cd8db341c17a4b500a94f455f17c5c69ecbd0e860f6c86937225871126b8f8c5e855c3a3318179152b371c0f7de44e590911d32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
912b10f75c1466395762ded73a675cf4

SHA1
d10dc48db0bcd02bf02c2828da4d9641d57e7e0c

SHA256
a5a1acc6dac7d841a2ece4f93283ac3a93cf791c9adfea8631c5287792553f43

SHA512
cee479789dce00e08d27c59589b595bab797de294213a1f482c82860f9ac21065e371079a09cbecb1fa2e73ceabbeac992055c2303faa0fb5a03fa0d7843e741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6b05a194eb80733cefe598044094115

SHA1
f003ce260745c10b19a9a5d7a2e58c4e662bcdc8

SHA256
9ce9d4d36672fc0c0bf19b9dd32274e473fa00a10d1e95325e68fe17bb5e237d

SHA512
b7d3a0afa6ca6b9c34ce089ba89924aa5b6dc5648fea6373f52e34d6eba60bec8592005c8ec50a54ca415576c1e0e59b6f57053c02925856ddc1a9b5509471a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c502868a2159d7e31abf68483c27f91b

SHA1
0c18fc9cfe49b10429b4974208154e459e0bf852

SHA256
aa4307e8da112adc942707792751f5f6b0069b3f48e4fb6a80b61f4a61388340

SHA512
65ed4669468fc2320413cfbbc71c618dab913fe3dd0ccc1afb2cd688b0b1495f6ff8ca727215d66bb4a22e9d5390a0bef41670ba628383ebe2f3bf06cad9649a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
accbf1eb4cdf1fcde2b3ff766dc423ff

SHA1
14474d2855e4332baff657e29de973f6d0e43007

SHA256
5d07fbe23a5914736e7f9e63d29e425de499fe482c21826a228a5b4b7e8e1d4b

SHA512
29c0e4fb346242dc8a95ded60f3c27e343248950631f3a054695d2fca6743c8c36787116751c8eface7449156a6c6605f1fb0fcf8dd4e9dbd457d0b2b7339e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
850837622690d31a165105357447eb38

SHA1
7d4ca9e4e1d2aca74ce40df6b01009a375c4ae06

SHA256
3d5f616860ba108c2b0949116998a20f44b99b41d67dccd0e490562a484cc8e2

SHA512
69ddbe5dd1a600d133d1ab66654ff3c97d51baa1e6d185df91917feb60a730ea7d58402af7d8a718f343c65d85a329e65cf3c7e8ec96cbcd194108dee7ca6442

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e056b9487c054a445028843cbb5d70df

SHA1
c339003a12682258881b27b972683e6aa28783b0

SHA256
4746e8a3aa04d3ec77f58f4abb4f8f16a9ef51a7b785852ac3a8aa417ba47789

SHA512
46428196ef0f1ec2dd68d829fddcd8e2117a4b93e79481a7a7f2e97f948bf4cd7a78526a74e838532277d0e7dff6aa5d57b54ef764e15126901ce4f164380d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e2c0541a0bdfa0bcaabdf33aac8ba53

SHA1
c5bb186630bfa49e3b317f4b455e334585cd60e3

SHA256
06a4b8ddc30289fc08b649d1fb82b518722cc785e9bf4ccd3648056ab38a79ce

SHA512
37de8f066b0f7c43bf70e753397f7beb7b882083ebdf1deba23963f2e2dc60a2632919f7f4df220d7fc502c0aa60a0239c05b05d48a403085ed56480a92fb895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cff2075f0772c9df9aa5edf4eb61fb89

SHA1
4bc00dca67c8f987fd3780f0e0c7b82c22040021

SHA256
70c02a71e96a7766f1551ee5c54326be8297cf1f4fad4ee3d86a106a91aabd27

SHA512
00a0208226d08e25257591c0f33aca629e997871ce48b5a74ce76ce5a36d8c8aa8ec43c3eda2445f0b5fb6ac885d79ad2d70681ccacd785185212dd6cda7d0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
997cee92df2ce087403139b5200dbd56

SHA1
6d5d44efbdf886cd89ab06b563efdd32ddd1da15

SHA256
14f287e6c7dbf14a5c37a305a5bb2feba9270a74f0ed133e823af81409511e9d

SHA512
57306a2a65e0da83297343a11e2f39aa853cdbde383473c19e8a66dd8e24a1f204ab4b008b50ea7a2d4a67f56241a70e59feb8e52b860f4b175a8ca65705497b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA6BD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA7AF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit