cdbe3a4261e0b976c3cf7c38d514fd42bbaf825828e966ecdb93eb200a9bfb00

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

690a25d2f9e6fa67491970d93e07c04e_JaffaCakes118.html
Size

30KB
MD5

690a25d2f9e6fa67491970d93e07c04e
SHA1

5c8bd512831805f37403382fba04a5ad47df0cb5
SHA256

cdbe3a4261e0b976c3cf7c38d514fd42bbaf825828e966ecdb93eb200a9bfb00
SHA512

0303da79374bd89559e00ddf550cd804a5b414addb4aaac0d59cc204e331dbdef2ed3bc99181ecaf00be52cad753b0ac2bb3372a0353f920923cacbab5833794
SSDEEP

192:uwbCb5nQinQjxn5Q/KnQieBNnenQOkEnta8nQTbnlnQmSwxX9AWy1gaDv40ySdTP:NQ/RbxX9AxtAqCU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63AB57F1-1895-11EF-9F07-6E6327E9C5D7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000024fc0e4a9863d54288a663bcce48771900000000020000000000106600000001000020000000515868fc7136ddfbd39dccf9e88f48c8f7b9142e1c37a06ca14c020b2892b2f7000000000e80000000020000200000009e030b7a329e9992034f715b84e8bab5a12d908c7486a7c065eb6eb4a159ade6900000003181a0bfa0cf40eaa83ee49747b8023ffc0ebad8835f61d66ff2561f834b7eb675318446d4db4f87625bed836ee78be2f4b309ca5df122078d12a156bfa19458b021a8f4b047189dd0e35cb121370402f38c0543f5881f98e191e4129967cb55060d4d9d202c12ce8225c9137bb6a5a2412b9f30bfa20c3b94f8397a9c77aa6c75960e5dc8b1047855604662f1967a3440000000b0be1799bb863ae52b96351a34b4c32f51cc0d3e4b4c1c08877f7a975383560716074033301cd0e8b4418c6ead99d218e5696fd6332483d55eddec55704feb89	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583405"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000024fc0e4a9863d54288a663bcce487719000000000200000000001066000000010000200000005516eec713ad9d4fd591becfad55f9c4996f54623b2353337bdbefafe8b558d0000000000e80000000020000200000007313db2bd08774b87a749bb2c38e31f1e8aa06c16a9a676855025d9f8e522d1c20000000dbd12cea545f39b222449be3b0ca90777dccaa9f09e33c9c5fb115ebdfd8b34040000000578457e2987e326821fdc41669ff86282725e9b7ae793ad6336cd0a808af86b8a83295d3ed3f008d23848dfe084070de38817b66bdf318e640e64c4dbcf0a7e2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40ea7138a2acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2084 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2084 iexplore.exe
2084 iexplore.exe
1988 IEXPLORE.EXE
1988 IEXPLORE.EXE
1988 IEXPLORE.EXE
1988 IEXPLORE.EXE

pid	process
2084	iexplore.exe

pid	process
2084	iexplore.exe
2084	iexplore.exe
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2084 wrote to memory of 1988	2084	iexplore.exe	IEXPLORE.EXE
PID 2084 wrote to memory of 1988	2084	iexplore.exe	IEXPLORE.EXE
PID 2084 wrote to memory of 1988	2084	iexplore.exe	IEXPLORE.EXE
PID 2084 wrote to memory of 1988	2084	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\690a25d2f9e6fa67491970d93e07c04e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0097be78ea85470ef757a8aac8a5fd4

SHA1
29665909d89ec36679a32322b8d95c5b2d68d6cd

SHA256
f93ae5fe5bbbd03b8cb99bf089bd278d4e593661308745ca8c5302d308189f8b

SHA512
51697419b610e5d870c1d5ebda9e413d864eb57a394425bde893d03c65bcc0c2733e0d2cf294b191e5c78e0b378b5d6f60b8f6a22fb67fddd089cce0ac3a7aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
953178c2c12cb70db06aaeb58bd5234e

SHA1
7f22701a37293e861e11a7c2fc8a2ac9c6b7f124

SHA256
480046ec69f3a07ff18b6005e4fd056dee484eb41cd1515d46a56d76e4cdb470

SHA512
93444be33a8f719da01f3624b3937d9dd4802cccd408a97f8a4543a838dd85f5887171e8b082675571d64e58a387ee81ac22fc846c108508d965e5940647466a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e574a3fc512dedd7f4e2d241a1e77a61

SHA1
f74ce7ddea993a061d09535a18aec92924b2f395

SHA256
5a878611f2325b035080c91a5f71ce53450d4d233fe15fe669ccef373cf71475

SHA512
47ab1614299bd10ce94d0f7379dc6bb267ca7c16cd61a39d1d3103074a4520babfd9facfaa0b8db671be0af1e997e095ace5c969b74e2b23ae8abb8b41c39ea6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f441920b359ee082d466490d14fef12

SHA1
34b607f54aa6e5b54dcf9d4b81cfbdc5de71adba

SHA256
430938a9aef9ba5be8f441e68154d23b85313c4a4aa30443d1fb699f5d5bd2a0

SHA512
6f3f38f1bcc8defbbe82535b4670e054e74f9b462b0995ca1055c8a33377b1b40b49aed9d625c0ea967eeac8d28eaad60b5ff41549e4f04d1a1e0a92ef635c4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
583d41a0e2509f6fbe34b867ea9dc686

SHA1
3f5ddadaa206071aa5b1b3cdebfbe22da3f08c19

SHA256
bd68f18bc878d0683a0fd65cb1f3362440154001f476666aeb9dada327b2bd54

SHA512
6d77e077c67fe163ac575a878f8954d16790e6a6ebdf4a2026a86524058ae85e4f34e3160bd0afb59931952f62b876f1651fe034d705895ed95ead4d7d8cc412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
579af9d1305bacc9617001087fe345ca

SHA1
62b01ebda10fa27c2a080b0d10fdc30cc68e066b

SHA256
541c2621626fd44c42c8e0ff19e9c3341b45b0ae100a7b452eb0a43d57d12b27

SHA512
db3d06c595e866d87daa5592ed0f5b4e8c0193587c9b524ae058e88eac95c27b74890ed5debaf5ece6045e32a5bbe955056bf1a9bad1882edbc77dab8739c723

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9adc823c5e8ff1e5d9537cb253508df1

SHA1
86e02298baf8b5fc3267d8f4c7cc5b140cb77710

SHA256
23d28b8206383412008c1ca1760535d4695d99ac5768c65945dd73fc66c83789

SHA512
542c1bcae388141bf03691476503333d6c0b777148c7cf81a92aa2219da5bf2dd0d35e4282abc1684bcd8b5e2a2f9c5f7a43ffb7cb640f1a70da3c53a7105537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbd2e73b5f3ae85645d15147ccaeca24

SHA1
1693afffe90732b0f4eb65e3288f7000565a0943

SHA256
c0977fcdf62f187cdfb8d5386e1f211d2b7065bade96a775aadf54d44e1f1f7d

SHA512
47e2431dc13f8ea5ad16fd9ea15058b5c5ce5d3f49d0ac94c304e7049b85d8fe8e4d6d2df7074cfe2ad0b4a9198f367dfc854a64afc1f988a509c5790affbde5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24cecf270e725f6993af7f51e3ba292e

SHA1
a57ee0c776acd3194881eca150e9e6dc416628d4

SHA256
785225d0c47d28e05bb5725915d66cf11cf7a15f749369b4797ba7b1e90278dc

SHA512
a8c0f64f9ab82e408be32ba3f152983362c00f85fc0fce4f6e43817dfa5572a26de2e471ce1022e921589420fb35b58b611e08a926bc4929ad98c33b846a02a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8874e0b4f4898e262625f14c5382c03e

SHA1
4b249e35d2273f0d2296dd73f06967d0145c4597

SHA256
b6e2a6c62281873e7abb4741b96a9c8729431bae2f1a12fb1bd7403d4b4fd75f

SHA512
d4272f4a37ed1cb34f12baeb75301eb512ce8616e239af3d2ce89404940b59e9a3dce23c634e54d26dde4d962b5ec76e88f89d3d2c686baf36efc8fee570ec3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d342b8fd4ab7445ef9bfcd3979e4435

SHA1
aaec20ef82099701df986ab00675bb7738c03cce

SHA256
f294bc3b3c13ee10f1980bb6354db769fea9e8c0fe4e1f17375e0e0bb3815ce0

SHA512
d84a7237e24c5732fd79fbb8b2a38fed428f47a601629b71c2650050aad43c6377f1d5cd916ee42462b65514f732a8115c9aad98788eb55a28903d14ae62431b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cce91f0a0a5b4f920a4aa06773e77826

SHA1
d64f1e6c7012bb6305b86faef53030fbb1fccec9

SHA256
126208439527e85612c94c1ed2910817fa75dedb6680932d7ccbed78d4ccf81f

SHA512
5b67ddddf9ef73b537c6e735f9ec92d7c4d4e496de17946450316b02d44f6eae264da99bcfd79cc21edc9f4339099e1f0bbf923086591823a1fea31951d537ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2695.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2797.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit