4e265add0c9614532a3aa2412ab3629be42f481f681130067a11a524cb7d15bf

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

654de4c619a6df8fd510892f76b77197_JaffaCakes118.html
Size

20KB
MD5

654de4c619a6df8fd510892f76b77197
SHA1

6f51bb5aba71e67fd471fb520183b45c13444c17
SHA256

4e265add0c9614532a3aa2412ab3629be42f481f681130067a11a524cb7d15bf
SHA512

ba099f2a39d24c2cc1d4eed92be4779cfb860c65c8d1eaafa0b469acdd85ca6ee0db0ea60efc91fa196c4d51924e4034f92d5c390a02c3786fa90920459521ce
SSDEEP

384:ziMK9XhVBD8c8Q3Re4pfuebYY3bYEimTD4QAmccfIk9xhe0zVc9za:zi3gcf3seHbYcbYEimTOOIk9eSqza

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a4363bea91790e8cb6d7c6bb9050167a21eeca567a49aa4577ba862631d1bcd5000000000e800000000200002000000084938933a1c9cef7a30f58206e216a496c0d1bf61c1ee03e5a5cdd047074c1f0900000005c9fb3d27e9417b16da99a941ad57c2f84dcdf5776ba307626b887d97af9defac4471d39a840a3fa4f275efad97489db594542b0620b65501fa53ee98170f375410740f7ac57d725e433396d66ec5f8de180c3dcf9193ee8fea168bf918262b3a72f560061bbd98bb35c48f230cb6780fdc65d9a8572cec32a1e0bce758d8bef1585fc75ad3d8196256fe2ba33dc1a9140000000e7db0fd3b894b55af26c0c96e1975916f137404bc15bc8c714b31d36a0d9d7d7fb12a2461deb15c07e3d159fdc6d935de9526f9745929d0119172d9cc4497cc9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08F70EA1-17D0-11EF-A5B4-4205ACB4EED4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905f8cdddcabda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000005a4d597342c8d9cf9b404ff28ff383c82c4813b7e5f5452962c4b7b697040e1f000000000e800000000200002000000077d3488dc3c62562b7c0aad7b9d02989a1eb495df442366cc473ab2ffbd1a03120000000963ff5dc88c2535a849c5734d269bdb14f779e350437be9d4b61156987a0cabc4000000025416934eba323e9153e555e1797336a4bd664a9c32b073a799f69b799cf91ab49b9d248ecc0713131069ac24ff88fd2087a4801ef04d8fd29d944c8d1eabe58	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422498642"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1792 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1792 iexplore.exe
1792 iexplore.exe
2108 IEXPLORE.EXE
2108 IEXPLORE.EXE
2108 IEXPLORE.EXE
2108 IEXPLORE.EXE

pid	process
1792	iexplore.exe

pid	process
1792	iexplore.exe
1792	iexplore.exe
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1792 wrote to memory of 2108	1792	iexplore.exe	IEXPLORE.EXE
PID 1792 wrote to memory of 2108	1792	iexplore.exe	IEXPLORE.EXE
PID 1792 wrote to memory of 2108	1792	iexplore.exe	IEXPLORE.EXE
PID 1792 wrote to memory of 2108	1792	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\654de4c619a6df8fd510892f76b77197_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01e5eb4a3dde2bac6b9afba0aa7d6ea4

SHA1
8239697d45b67eb6a7bbedd88d4ce69a8f29ec34

SHA256
807dcc42698c53709cdebe43353836de961a027d1dfd51a746b4f65b34289486

SHA512
00e92fc1029930e0f90d7f4998ee7f805eb1401067d3f2f3aafac60cbc58943cc691d2b2561157391b0ded20499abe68bd08aa2f77e502608eeff677f27853bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
016157ea279e88e3aa822d61b7f11d05

SHA1
dcae480e951214b56749fcea8d6d1ce48e5cc77f

SHA256
cd3f20ae27f54c7d30e7bdf7c61094bde578949839c755d479ef9c7aae339263

SHA512
85bafb9bd2c6e7e1245886af40d02fe5804b6d6fcd884540ca1ca1785510630610208887c977fd20da220d75d2472086ac83c618c51c2ed800e614ec2541997c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe5b70559b77fff7fafd5ff13fe4996d

SHA1
2d107d1690b2d65def7490d79332a47724d3bfce

SHA256
c432c1935e2551cd0adf082e16960f3f8480a74f00be48a890e9848544475f81

SHA512
abacd72e2ce34c13484e5408c971400a15683a03e993aa6fcdadb42b7c0a69643ff952fb4187f87b332882269f57bb0fbdae85ef2f16d53df7d7ed6abbee1fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63fbdb5829454e09f4e46e829c288357

SHA1
be2968d9e12639263ba7409b6122711bc3e71766

SHA256
7cc99b3703053cfd4c637e46421578d24c9028a06d241eee585d8645de7cb7d4

SHA512
b43af50b342fb41157ef5152f2e831ff33246716506fcc0b77daae0fbdeb284b4bcb273201c969a5e9dd751d7af8349efafec2f399d54efb4bd8ce4704c3c3af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9974e93a94b0638755800d944b39ea59

SHA1
b7041ffa653c447d16d6a89fe933e4108a960697

SHA256
72285a2c51e09030f8bfec7e05d5cfe4f7fe154fdf912d3709407969b056697d

SHA512
b89ed208821d5b76cf7a5e41a4ca895f1e5c995a72151a9378d3344a0e92c5b7e6bdad33848f901a6330449fd3de54a514ca2cc4a0e8928385c677ad43c0dba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eee9b8ab298cc60b3dc33adee9e239f

SHA1
c64e72ca7620cf44f3b4e20869bc35dbb569e89f

SHA256
2e8ab52928b44eb5bb58444530bda52d753bb6286d9c30b91b381f4e8059bc4b

SHA512
2420de0b3eac1a5585755e48d1860e2570cbdf26c475cd1aaf9c6cddb46028b90ebd2cc52b5fe6037611629b935bdd66292ec71927acfb24d18939709220303d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d92ec6a97212b6b3a7ceecc38e4ed8d2

SHA1
38ab1d989dad85cafe22f6c17a98fcf8d0d4e24f

SHA256
edf3edb7b73850181487b796e16f79496148d1b3bcc0a44ac04eebb6e1bb2c72

SHA512
e33a2ce231e389895a4cc977e50215c9f21d8d316a704242055694d42ba9f148ffecef4f7c4914b146caa91a89f044a561cfa8210be863b813b4b4fede2f04e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86c3fab02ed9ebbbceacae631bfafa1d

SHA1
5c7fd8fd958eb3147d70965c52d221da46c51083

SHA256
5e28c408c6e3bff575f57e3b578e188ce0a364a8025dba152430f59afe763622

SHA512
a0ea95374053649a7c11d46489ab3359886824775f97b2d077c49e4fe5f4ac3a3929ec70046e65c4773b634daa281132ced8e3d189a7efa329d6963388139f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f6e4ab2d4ce31b7ae343f5f0d78a1c7

SHA1
eba111466b14d0e8a1a6c5b1d72e3ba86882ee4f

SHA256
765b4d60becf3bf954b739a5d9e131caa468a0c693fb1470650b40799119a275

SHA512
ff927ae5e19fb0ccb38123e52c09701033863ae16cc77ff88a21ac50cdb80d336b85be8672c327b66ecfde0dbf9427a2ee9992d5dd846256afac2b7cdccf0ef6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e121acdec558af3f2306f68f37f0c42

SHA1
029d448a5f0169dfb2586347d6c321b587960f7b

SHA256
7b59cc2d6eafc31f3a20b314fb1e2873f25f42a97a8ede3768799e6ba2d121db

SHA512
36cbdcee710a90f741c6047210a7db3dcbb50e9180c405b35a1f475663ca103b8659ca52af0ad7dbe286e572cc5b65b83058b95c075407dde5721e2b3c2ffdc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b0c913d02f7fdfe83e4bfd30d05a85d

SHA1
678b72f7bdcd88b1c27937c1b38d2416cf85269f

SHA256
73d17c26500d415818a0b29c264379df77f99e221b10054ac91658631612f743

SHA512
f524fd8659e54b4a7c9a8bb02353d84b1e6aeb61e9f117c96533b39ba81416869b6ce86921ddba1ad5104727acf299a86bb7dc365a57b241698edb78a4870137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ad6e69720d1e63b79cf7d3f10082935

SHA1
8faea328049f0abd1cb92d7a6879cff98dd27e91

SHA256
3d855b8bbf87c782b11672f9a25a4a8c77269a52e57d9a771aa1a01a36e54273

SHA512
f634fc05b7d0ebbacc1d70dab35c9544056ea8ce85e7a8c446b93cd5304c6c8903c2b76f354d54fe420cc7f5c05027f6efa76d07acaebb15af942bebc4bc84f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b97fdd530a668b0a5583d8f39a6dc70

SHA1
2c640ce62f4f98a76964afb7a4c0999e1a9e170c

SHA256
3fdc9fcefa3bbae85dac4458377e6dc74dfd4f0d1c0bb9e54acc3d02a3dbe911

SHA512
7cc050a1df8d22213a1299f12a52c901d7aa2d87a73e8af322d222445a4424756c0de883ef9504f2178a317749e691500c54257d989fc39f318b70c759067152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb0b017864f7b0d9a136611f73207c22

SHA1
4824b97988f79caff356a499c5f78205a629727e

SHA256
02669e5283631a13b9643ee1b7fc89f93516cf9783ad6dd46074f0fd708dec99

SHA512
01220b856de48fd727e5d96aff42c3f0e8525359e440b4e4bdba636ffaf00434410893ce7a28860c65aecb215420e896ecf424d36bc1de0c4787914d7c1d6514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da00d7f9e79bd8893e5b23ef9e4a3cb0

SHA1
b03ca59bf86de4441cf4b62af0f5b9c137fab8bb

SHA256
6838528b092db5d1e24f8350b2b39edf9587f4f2bd1ed598c98aa344ab375fed

SHA512
adb63b441d67b8a71363593cf8767ffd066257613f4e2e3839e22e60e41fd851b09c3f18828798c6b478e97592ab3dfc63b74e95338abdfb4f2b1756ca3c3595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb186ac76b8abe6c35254f18fd38501a

SHA1
c032696bade0884f3192db7a21b3f8cc608e4586

SHA256
3f5416b7d04e53554c512439b7b83215a43db67b457b563703ded0b4852b7aac

SHA512
f9983db76f7bf7cb0ea1f25f2a527619e398eb1132b7337889a5d01b3215cbc060dc61087aba04d386082386adb6b75652f90ffc316f2afcfbb36c280cd0bd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2DF6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E57.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit