f777bbf908f195f8302d13d92b6b6800acda46a8cfbecb466c91fa6f13aaff11

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68e4ffc710554dff0d0a4012b4b56931_JaffaCakes118.html
Size

460KB
MD5

68e4ffc710554dff0d0a4012b4b56931
SHA1

2f5334e28049b9576027aac0d64a18d63833cd6d
SHA256

f777bbf908f195f8302d13d92b6b6800acda46a8cfbecb466c91fa6f13aaff11
SHA512

0e80a0c107393be0fc884291e51772873d4f2b3893d7857467fe7fb7793a6fa9ba7ae2f3648b47576084fc18d1b8697b631311eae51afda704938a86dc2bed47
SSDEEP

6144:SJsMYod+X3oI+YCsMYod+X3oI+Y1sMYod+X3oI+YLsMYod+X3oI+YQ:Q5d+X3q5d+X3f5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e1cc6ea5ae4b5e42adc33b877a353ddd000000000200000000001066000000010000200000008b08cc79d292b910c070d3458cd9b04ae7c76814c9b9a76693e43e45be91f947000000000e8000000002000020000000aab8824f2541b8c62577b8755d3619d515a7e7e8a7d01eed2471466390223eec90000000d0fd4f565455bda46b4a0f4fe075c147ddc5696fd96ee97ab2f3dbe8218dbcd5ec6026c5d683bd199f657b171316e0f3512868ed057bf88c9901ab5333d96c98f56347afe78e4b751947839cbc67b8c010f7b3a0330f1a9b2d6fa59ada88187b4e3e2166eaffeed51eaa9f151e5a6609fecb1f1825f6f5aa64509493157ecffdcf5955ffd0d6e8f2d5f1d25572703e9940000000afd888ab88c8193fec4258677066f0c832cfe733463c1e20abae22f36b22c7069089fafbf811bd4e6d9f33ad1e5e678956fe1801e77331c1e7c0c1c18aa399e8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e1cc6ea5ae4b5e42adc33b877a353ddd00000000020000000000106600000001000020000000bebd76fcf009d985fa3ad0ea95a5f4985eb721c0efaad6b8a32fa570055b1ce5000000000e8000000002000020000000a7cbbc11b9db8fc23262a087cd2a997b76a5273b6203e407e09de28f0fd68ab5200000005cdd211397347bda456a38e21db52f6cd3ac3fe6252841d03b91023f0276231340000000e68e174451a30c2b0e0cb716fd237e55c790a9173d9cb76e7b3f397c9e32a88eddb9f5a1d8615682deebe7ca7befb1f548521d2081297d7f4f5783349e958859	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4373B2F1-188D-11EF-995F-5A791E92BC44} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80baea1b9aacda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422579915"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2292 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2292 iexplore.exe
2292 iexplore.exe
2484 IEXPLORE.EXE
2484 IEXPLORE.EXE
2484 IEXPLORE.EXE
2484 IEXPLORE.EXE

pid	process
2292	iexplore.exe

pid	process
2292	iexplore.exe
2292	iexplore.exe
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2292 wrote to memory of 2484	2292	iexplore.exe	IEXPLORE.EXE
PID 2292 wrote to memory of 2484	2292	iexplore.exe	IEXPLORE.EXE
PID 2292 wrote to memory of 2484	2292	iexplore.exe	IEXPLORE.EXE
PID 2292 wrote to memory of 2484	2292	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68e4ffc710554dff0d0a4012b4b56931_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a17e2ca7b180b274a2dee1f941ed3c5d

SHA1
c35ed966ac9561e444166350beafa2693ec1db1c

SHA256
179fb8fdd3c765164959e8fc94a61beefc099e2ffd4092ba2e6eae9512a5fe97

SHA512
0a7fdb01baa668ec9270f03971d033b9512904ef5e457d8e0c290fec512b047c247cf7d034547ac57acece8ff8d1b830aa864624331306c98dff1d2456ad60f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1b884774b63ae48ae79d53479bdf013

SHA1
f3525c2870de93866ea55774b4d4c597b04feb50

SHA256
86eba51539d19d0b43496cf0a6858422373928a378ccbd60d20544a9e5276f69

SHA512
53c8e47a9c8fd35466719458ce5e6f401a59a6c616d4cae17e906348ac68fb871b6d0a07ff3752e6f5cc8d6853141e6ef8516e09bb9ee0aaabe8e6f618c6cfdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c650ee841d2c00ad1356bb8d189c4b1

SHA1
7898a02a661bc3344aec190a283727909421df53

SHA256
fc3ccbe4cdab59e5a4ef2e35689d729de9c3a80f0f0a5507c761477558f29d29

SHA512
d68b9bfd870894aa11a87f595120c9b3bfe94589196bbd52c6acf1c8fd0e0f8e2f63aa24201efdd222937caaf3e1692d8166a8a9705e3b3676722ae3cc30818a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
535a15087a9a90f0c27f1ab19c3e3dd1

SHA1
3b5487913a4ddc45e6c3b0c53361c912fdec7f9f

SHA256
20b84cb6c1e018874349f8b015f5dd91e6012f59692da9114091777cf732cf37

SHA512
102ed7bbd6000e503823da6dead0fd45461acb704ca8d2fd17affd3d756fbe3675a3b2c64b6c52531f90332a4fd0c2694a2c7a5e26caa3a3e04919aeeafd858f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19028c325f0630eab66d4cc6458c17f6

SHA1
33a627abf8fde646e5fda9f546e3a716e1984dc7

SHA256
98a6119e08285d66168bd3687af0c539da799de1a8c0d4a38abe326e63bc1564

SHA512
03e2864712bc3b3a0ee201e15b325c1680e0a113b2312e5424cabc266efbdea5ef6f498118b799c2f914d08492ef8cd5855908e76db4da4471e18d8e3e1e4dd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd38eb70dfed9817c56c202c88e815c0

SHA1
f8332bdfefbd21241ea11515156c631b7e9c99dc

SHA256
a1ba1368e5ac76cc01f20dd93c825d799dbb3437a2f58029cdd9f9b1259803bf

SHA512
8c4504dbb65d3a0873e49d156999b9c9c2d9b29c495df6f0ee3f53fc58b542f0aba4ea1cd99ffff8fc5d29e7a020da149ddd6ac5144cfdaf77dac4318b32e8c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
888575ff040dd6f7e5bdc5e94d99a984

SHA1
b181fdef6c7993b526e7de674a1285bd6ef1296e

SHA256
5572f11b3cc30f43ef3aa7617e331b082cdbd8dd205587f014405a73400a121a

SHA512
a478fb1c3af5b265005d843b05049ad2cea778cb0b79c4dfcf7f9c3081628205c46e99d4f1e2255f7f123a894a3a4fb7f17f7062fa43cff52dca38d50abc5b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f21c95ed03e774cb1207ffae21b623b1

SHA1
06a64306ca50267ca723881b0daa0d1af54bd5c4

SHA256
7ffdfd8dff38c86981053e6b71aa7aeed947087b1fff880d5a36d5a73dd54f1f

SHA512
075ec163925cf82a1b9b18114ddc9394ec28f1da1d10938405925dc3aa1e782c40f2ce5f3ca4953cf29df4805185419ea74fce0b8759391991a7daeacd5a64e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f4097a20fb1389b680cd32bc5260413

SHA1
bacd4651f52c000edadaf77a1b312e7bcaecbd63

SHA256
8fb4d9bd1ee241a6348d42f5476806a763d64e6b4dbee72e2b979183fbf5fd6a

SHA512
c76130a3cc3cf76ae06d8e8fe3da8a2a273c5161a1112006b6ac703b8bc5be649019309b502b8807480df63dc87d23bf775ef634adcd0f929607d614511b455e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c97512fba23a4c2f7899ec6eb67ebe3d

SHA1
c30fab609c3775a1cc95fda99ffebcaa72436161

SHA256
af18268414b79f89cf2ad0544635ad5dc05ef94827ede9b30962cab0d3858320

SHA512
c11458bdb0714ccb150d3421e03c8c516a018609b20db7ba0e51f3437673a5bd33d0dfcab1093f531c02c93dd03bff3924ba354fe60c0834d708257d5f0688ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0898c4f0928d32b6f7ab5ffc5dfa0428

SHA1
27e920299b208937c0aa54d3532fc6d186a282c0

SHA256
0dbe103a5f6c12bed1cd20c0c39a3306e8f82046beaab8c2c61d225cee514aad

SHA512
41032cc9386b904cb3619191911dfc6a54f27817a33b2c1078ea7d73ba574877f1748ff759422a052482f0e1c818b5e797c1a3eabc94958e842ee6347ace0990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d34af8de261dfb6f417c306003473402

SHA1
463fddf91b8ab128d323a1cc514330e33e1822db

SHA256
b1e903096b4d9fa28617e74fab188a926041be95b293edecb66d67cc3ea424c5

SHA512
0a7def3ded1be35d20139555646da03c7edabb57dcc2952a7432d9fbbbfb6f4ac1327f81e4f09d602eb000b3945e06538c5993f31bbc0287c29b2be8ecba8307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4981.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4AC0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit