32d21a4ab859722641b78d1d2fd00c0be0ae375e82bdeabbd4e0fca1ea4eb0a2

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

654ae588249f5c63d2b1642fc7170a27_JaffaCakes118.html
Size

64KB
MD5

654ae588249f5c63d2b1642fc7170a27
SHA1

e1a2674597d48b2a8308fd6f65ab5762b8197935
SHA256

32d21a4ab859722641b78d1d2fd00c0be0ae375e82bdeabbd4e0fca1ea4eb0a2
SHA512

9a526dad4ce7b4c2d764ddec243255803f64b5929a3b64b2a8e9e45ebc6812c7ed0abad5516f5b33f0f3bb0a1b86f9972c7a82b230152ff6e70528d933b04f68
SSDEEP

384:BQ/5xPPch4JlLDSpbiF1JvmP2DHIskDln+5udtaN7subADyfntwewX4cjfeKbWt:67LubiFPvmAeQD7ayfme5cZb2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000003fc8e7a3c01687e60dc9b58eb65969b12200b16c4d86b003ce0fd2c5f6b1b998000000000e80000000020000200000008fa2c71300c07a0053e06b549d8cfed5924fa6a38235c980f008aa9e3013869990000000939a69190d5aa67719d52754115ca7aabadb88ce19c8b07d58897c7692ad9064dfbf8e3088fc6022d2b01c967d0756d3c78f43bbadad2a29b76cef9a0cca7406fc372bf4dd89ecd7c432a88b1e208e6c65865ace33197d72d8dba4a9d7e249ba9bf32c346f4828680a69cadf5df77a65cca770cb1486a60524f0e2ca6b0fd95767125b79cd9be0137671900d09ef20cc4000000064543c318b4f0f76f7b44117820ee3757f582cc76487320faed33e3a1c3eeb7b4d644b549cf6bfd2dd4468c0508dde22a18f3ce8baba91231248df6ada66f49e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0dce30edcabda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000efc4356133f88051233c81c965d85bda7e4c624883c7014955ce1e06a7f8ef4000000000e8000000002000020000000ab3e50dad1da703253bfb25986bf39a528e33be4069ebd95fc0ed88b7b37c9722000000073978e8e99a0272ad508575b66f625cb78084df35b0b7b0070f5bbe7ac0d271e400000004308239439eec3310ccb4319ac011a5d204e68209b1786fafbf6de9ff975539187ac79d0957e8257421cad41fb5d1fa1763110129df3c23eb0497739970c4f97	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A2A6221-17CF-11EF-A5E3-DA219DA76A91} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422498294"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1644 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1644 iexplore.exe
1644 iexplore.exe
3028 IEXPLORE.EXE
3028 IEXPLORE.EXE
3028 IEXPLORE.EXE
3028 IEXPLORE.EXE

pid	process
1644	iexplore.exe

pid	process
1644	iexplore.exe
1644	iexplore.exe
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE
3028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1644 wrote to memory of 3028	1644	iexplore.exe	IEXPLORE.EXE
PID 1644 wrote to memory of 3028	1644	iexplore.exe	IEXPLORE.EXE
PID 1644 wrote to memory of 3028	1644	iexplore.exe	IEXPLORE.EXE
PID 1644 wrote to memory of 3028	1644	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\654ae588249f5c63d2b1642fc7170a27_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9865c834fda33cf24dab59c6469f046d

SHA1
f4a6c442ac6e33630a3e1d23de2e010b4bc9a4d6

SHA256
b59b260489d469e1ea5d5994a1e746406f27abb56a4355b39ae16ebc859ee659

SHA512
88411b92ffce3d1cab774581d822196e2bf66456b66b492dd3ecd438675e566976d393a9f16c7f828177afcca799d5af771c14691e3b89d5250ab67da000fe82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29d0f2df8efe5c90b42ee095db8a6a3a

SHA1
8e40db8e76e3bc1d914ab564e7a65be99a872ae0

SHA256
3198ac1cd8da3099b45d3c444a8c853b67ef423402e76e8013cb0676adef3d13

SHA512
6ad2153152e4259e82d416f5d1f787ba26c50526c208f25dd147895f77702339745075323ecf3770d8feb71c6287793def280749bcbd29c0c2d24df9a3630f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccb71533eadd8c7d1ac8d98da97f8f58

SHA1
5f94d20469ae912034855a5a1143b5a440101aff

SHA256
cf269d4e4dd8b75504de45726e8c7ae506b2a8ceb5ff0512275719423c31d215

SHA512
348f9fc0bfbe2b7c74f8a3c1ee4dbd088c134a738341674b3d3a12bafd3f85f6ed5e7f895c0972e6a28b6e4e6a5c2b654e4b3d78188c056379c62602e91dec88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3190dc68ecf2a316a43f7ea22fc0e37d

SHA1
8b0d89d974f6939293864d3e35f739c7b6220fcb

SHA256
e803a6e6dcbb7c3fcbe5251950f959a1fbcc2bf53c778ca6b3dec08d47a41808

SHA512
9e843ac99650cd7e2cc729df6894c06477b8ecbdbf699c67849b243dfc282fe2f603ff2cad1f7d651840cc3e07043ed9bfc5218441ab92ea5b5060c127060c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
895b182b29fcc38e3c3717a6d8094d56

SHA1
552b62790fa2c6b733679350bb45237e36a63969

SHA256
775eeb109d14f4f6480395dd3d84de2d04f7fd7a0d83e0b73746bd18011c9905

SHA512
4d97042a88e1e1f9a237fc8dbb0a6337bba57763111e70b5d0b6be61a43fbb9cbfd87875f5f3ee17324e66f52e3fb220b8b4ecd3662a7d800d2ca904e820e0ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85d4fec6b4c31588170af190d5c3b412

SHA1
976040021f727595de66ae28bae797342ce37835

SHA256
d420ad3dc1688b84770dcd24eb3ab6603b654d4fd57ee71d350010868b280431

SHA512
37e788e90b538b9192b310005ed5ae1ba2c8819b80ee2068d4006b29c68a523e50986baa3ad772969a09416a2a46ba171e8be95b6d9d4c20bcb36d167d33f133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4edb14c5d57e607abad2a04a231ce416

SHA1
6af0838d6bd80f983af4a6563ea7c988e30deac9

SHA256
5ed17903bd4cd559d4a09c9904b8cefdc4588f516083072c05ffea43d04c9a99

SHA512
335e4d2745fd94a90f5af90fc1355cc784d390666d1f2d8e17b3b0ef08dc46203618efce68997da3babd83c479f952ce1df70e11136851ac6ba507dbf16f3ae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1724336c091c8a6f16bd5b021949598

SHA1
710b662a14fb78a6b8137e8884c17cf96441e47b

SHA256
b8189d0a17b68fe36f27be5ee189e97f24247290e1e2ef12c96ff0667d62e248

SHA512
e26dd316583fb90295f75481c1d65959ded279e8763c1d90b27ee32150944f20afb3f114c241b16fd949139bdaa00d6f0c07ade97d5173ede8247fafc51feb0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba620b8ffcf97acab1e0984129d99914

SHA1
1439dd7bca69454afbe487632e0ea259406ff057

SHA256
42123e6782d38572c5665fd4b7ba0b9701e7c2cecd2996bd91ca27700431b7f2

SHA512
760831203f32fe9f70f0706eae80b6c4b3ca786dcc5fe649d13758e47ccfe1347ffb48b39e45061eac62acda900fe3e36a9012420ee66c5650416b1eff5401c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94ba2f8979c8559866d578bec0d1159d

SHA1
28a78bbc2bf25816e94e8ca7119d558e889a5c45

SHA256
e4d8a69d8970bc4210c00d25711b115b0a42a5523dadbc536b79dd31b9cb1693

SHA512
47d2609fb544771c9b7f9842bef53eb4210ea782d17613fb54aa26ce940a5ed8e33890358db80ae6b10244bf1c5e0ad12cfb1661a91877c1ccd170f86d91431f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8157022e1d68ff9a27711db1349e1ee3

SHA1
67042ea2e6eab7fba09018220906a50d01b6a941

SHA256
b2f2403b45fa7376124a41b4ec3c119a0f33575597b4d33b82bce0e978b7a9a6

SHA512
221b1a9f824519ba73bc70cccd95ba041f91eed95bbde3f36353dc7e5ceb96a88bf69133dc95e86746570bffe359bd0ebe628cda666d7692e6433b26e5661b09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab26A6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2726.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit