ab37c4e32c64bbad0333251bd0dba2a4bad8876fe9be3025c110d96a6b6038bb

Analysis

max time kernel
137s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65544a593bf5ccd223cdb04120211626_JaffaCakes118.html
Size

16KB
MD5

65544a593bf5ccd223cdb04120211626
SHA1

e7425f061858a6f4dc72c0e988a6bde3a761cc51
SHA256

ab37c4e32c64bbad0333251bd0dba2a4bad8876fe9be3025c110d96a6b6038bb
SHA512

eb3c57e47ed7ba71e4b16f8cb2eec030b652aea985145890f88262437d3b2aa6707d372a4775b1fd104d749661007144a74cf6f93d98f7bc9cf2432c00276a84
SSDEEP

192:XRFWrus7vFC7vG7vs7vXK7vDDHLL7ZjvX+mO+YBqH9YED0f+q5pia0N4lcTA7zdk:XREluc6PgrLVApBS9oo0cElJCJwE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d74fb30b5961214ca43017706119330b00000000020000000000106600000001000020000000cc43baee2eae9e219d32f7b469f3bbffb5180de8ff46cc1f006132a277afb8e2000000000e80000000020000200000009e58603d9e39dca38ef092c719d604c51428e8223c14a8295e7dc3dc19070c7420000000c387b2947826125262ce3f6a8228fcfd202b5f8bdaaf5a7f96c616236fac5e2440000000cefeb3f07d1db9dd6823dafb47bb8e58a539f5f5343c180c115d93279d131edb2745addd3f8b39dc5469cc10683d96c0cab19271c6fdedf579c451cf46b3e5d9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422499317"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70f03f6cdeabda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d74fb30b5961214ca43017706119330b00000000020000000000106600000001000020000000230ab432fbcd139f18161bcb7a013bb39020faaf2574a26abe1c022bfd80e236000000000e8000000002000020000000e5b037446fc53c686a4b49effeb21bda0c7222fa686e1ddcf765e340035c07759000000095bafc562b25225e7723b75a5b38c472db491eca9fd630d390a060abf99c9ecb7e845f995583e4d010228e78dfeca6f2944f4c36acccc52aa4d93c07ff6001b0f17da65c796f4ead0c652a5966a2099d2a41349373a712ed04b0dfa3667cb8311565407004e478985013bec2a1fa95941d757397409e0c6ac9d7341ebe168d87b965c294cfd220081a3607df512099684000000003b94cf03345f3e451de38dd72b76bc80479ef8f2be2969d773f44c0d27d3f07abb1890f493b41b001ded496644acff92458a6e433340d8fbabdf6d9487e8dfd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9671C1C1-17D1-11EF-BF06-56D57A935C49} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2020 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2020 iexplore.exe
2020 iexplore.exe
2060 IEXPLORE.EXE
2060 IEXPLORE.EXE
2060 IEXPLORE.EXE
2060 IEXPLORE.EXE

pid	process
2020	iexplore.exe

pid	process
2020	iexplore.exe
2020	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2020 wrote to memory of 2060	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2060	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2060	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2060	2020	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65544a593bf5ccd223cdb04120211626_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ec548d872b2a7333a9e55c592c7f41e7

SHA1
af2b1048b857290f119bdfd16aec0e29a962dfbb

SHA256
1464758e2813f863a49251ea216f88ac47be28185506d65a979d09dfaa4b2e58

SHA512
f42c177241737f60659d352e0e1944815b419aa76c9d874212e2bb1c79af72ec21e5db9e8af72edb6c8e968d295323ab6f4bac56b39948cd7bab0345ad04b16b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3a9076737c3a0be720c7b678cc267a8

SHA1
82052d14e992c35d1a4a5af4dfd91ab067b2736a

SHA256
c8bbb80130526f999e4841ab27394b950922954fdf0693e1bd1c84819ca5a136

SHA512
1759d3c4eee8aefaa112f4b73fe653579ce57b20bd28dec626dfafb3e8e4939b11dd85765db9d0deeb2f0fd2c7eca85d9eb42f5bd9a0f0a43f107e748f11dd06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68e95f3d6b996721a567dc4489ac26db

SHA1
30e6a571534ad4f108da2e72fdc1dd9af5bbeeb6

SHA256
70ed7fb3b6eb522c213892de14e723a529b12d80b9cfd56f3c58d527d7c391c8

SHA512
d06f69ae4d1d86adebb5622e93893a413debd4ba6b3d3875dfae1a9af4b9890132e49233abbf37e2d796622f647f30fafdd000f4f995c76b50e9f33e223d5ac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80a163951f6ee33e89d90098df7ae771

SHA1
e61a5c433bed16f5e7890d25580d5c190d5e1c79

SHA256
f58e9759041b73c1153f7c4e592fc0540bce05c822ad7c8b1cc64a54400b7813

SHA512
64a533472ac41df5e37161c857639ed2975508c5c107f910e5177dc15ebf8b2d8e459e4c2266b6bc81afbaff9059de88ebf03916be3bbaa2c3885c034edb44c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5cec68c55a55cc6e1eae4ca6f4967da

SHA1
76c4597d54f4023d2ed9cca993638132424db790

SHA256
70a375b1e181590209e91647e4188b1be1a4153fc35e36018ff1f721ff67c1f9

SHA512
5bb934dc3fa92f1347ac0cd42211c0b209fecc8372c63fdd215c07be99400a5e1c1e803d45a88b854612ca261b5683aa7d30a9660f19f1848be5480a7652099c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab311249bdbf3197a984d7ef986fe0f4

SHA1
12d001dcac846924c37a1cc86422f07b6317deb2

SHA256
06981a06b1572c5897e82b5e95669d41ed542d5425259194abc426c7cdeaa5f9

SHA512
d6887232d2aef7e419c86108c3ffbcefca36023a2f96b7480e93e5276ea7fcad98426f55c435eba3ca39e5b2d675806871d787a6ae04bf5ac5815214787b54a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ec21bb6c53248b3716ec84973a95805

SHA1
b30927c97dcb295125ad0f53ea33c8010b95d4b8

SHA256
5ce3c06e45f5c3e1eeeed6c09face0ec5a16d5f66245f37468e8a3348a952e91

SHA512
fc6d613f3815628dd80475590116bd1fcb1e61b67d05e07587424e9687692ba7fc703a6aa8d9e007071b1ebcbf01d74103d302f49926823753d34b3be034040a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0357317f9a4a52b4929bc91af2749e99

SHA1
3d171d0c9c6f6cca943b1055ba02003bec0698ee

SHA256
28f3f0800696e9792e35651045bea3105ac0ca2e4f6bd2d1ab426b8bbfe68655

SHA512
83543b4824fdb25c7008c79abc4e138617db1fab71be37793d1b0c8c4a8f8bc18f67b71438911e8337e95942c313e3f769d9a5adb42d79653dad722feb29a3e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c8798a1fcc9e50cb81e1cbba0834cc6

SHA1
ae26c1a387b40a14a8d6d8f0ef73a2f486d38b7b

SHA256
9e98ab939281fb91ceb7c29e4806e20bd4033920ee9d8a5bc8a378ddc7ddac66

SHA512
af7e6894d3ca785725de25e0ed36059e3c63109f899979745084cfb8d64e75ad189b7cb19a9f0c0db74acd1a8cfafc200d6154bab13ad205f91412648c778730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c15e354b62803d12b62b5352bae24b02

SHA1
56506fabd367f80d78078e311c1771d53dd71c3f

SHA256
6e169e04be5753057ab1df2f72276a44230431968138570d2bb2db0c7daa1130

SHA512
cc54b56574c4c628fd808c4bbb01fd39d20232e9a2cedb7f6505c7bd773ded759500be23b7c85ec3408895f3e04dde9db591f1ef78af95adf6a3177a322b9910

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
798be8999170e4f19f3fecfcda1473e7

SHA1
7be2553c120e7a92f38d2404852ec9c9e510a441

SHA256
dc9d20831110a00576fd83a792850b51babce3091a86c2b143955c250e7068d7

SHA512
6bd8a18dd2fd34fd3740ceccf611a91551b7e2ebec343d820e8853ef0d80ce715c5598e46ea471e29f11d1b97cf80479bf45a2166e721675be454e5a238fb349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1fc87c96ef979e9aee84d0fa946a3ab5

SHA1
23050b4521eb0ffbc67e070afad9d5c985e06f0c

SHA256
10f9c23804664f028a2b8fdac3b240f7687c14d8e534a37921b5c7dfe475c0a6

SHA512
c576457edfdb9abf12a913ca23d692909c9e342ce6faf57583579457135e5fc2ca4cca3b9e904beacba03fa815eacd01c251375b3ede235771e4f95137d5e2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9188.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9198.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9316.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit