e27f1a37db164a2039bfa49df5233390019a7d2e9962d5d913b6dced8d7d3e67

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

684d09d861c98fc5139069c6c690cf4c_JaffaCakes118.html
Size

3KB
MD5

684d09d861c98fc5139069c6c690cf4c
SHA1

942b9aa15c0697797420dd575c76f6513bd40c7e
SHA256

e27f1a37db164a2039bfa49df5233390019a7d2e9962d5d913b6dced8d7d3e67
SHA512

ca5346205e1324033182c02983c81d4b3c2c742752faaa53e7170f5659925ae20b2c1ccea95eb571dcadd155e15130f812fdbcfba16e7fb68c76b07e18296fc4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000062df5ac96d228e507ce1c194fc56c50c541cbead899ed9de39f7f7538244ccd5000000000e8000000002000020000000c155910b92521297741b4a87fb9b1a5aee1865abbcb2fba4563f9cdb05b2df9a20000000361dcda8b388ed7c2cf899869cb9ea8b8d05d87c9dfe32b2ead34bf87e2b00bd4000000021736ef5cb620dff62145fbcdb5f9ca9b8af1d471a4bf938b26cd3b46db313e6e64322faccedd791633ce1fcb3902270d1eef6fcc96f4c3e4428675f4c1daacf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006513ceb8462d0c238c6cd4ce9c4641ace6365e52e3ba67a9b940e13826748fdf000000000e800000000200002000000063c2431b6c1ad7f21ed4113088e2e6ce084cdd34dd26f085c2c940f7747ab68890000000f2a303abf7086e9fd24f4adf34b2749c01527189068258ff6069518e9077da56c24d67af2a3fc8e18fb5e343b2a62b217751d6a5f01d60b0310ae15a79e53c53e1f0f85af24bc1255175e57fb764e8ad547eb2b5d1ec2bd413c413a2a832e4f0d9361efd2427b1749cf20c7af67aa0fc3bd48b0956dacf0ad4ffd5bb70f7003b15da76c103a4d74cd5d3d7f96d110857400000006d4c5a915055b4913140aad40777b148fcdd6b49ff3444c363b2bd84b71b8765a1d0238e7eceda4ad1e0384e66c6a4e8a2f4958ba444a858253c3611e288c5e4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 302da8237bacda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422566620"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F082611-186E-11EF-8D12-66A5A0AB388F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

836 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

836 iexplore.exe
836 iexplore.exe
2372 IEXPLORE.EXE
2372 IEXPLORE.EXE
2372 IEXPLORE.EXE
2372 IEXPLORE.EXE

pid	process
836	iexplore.exe

pid	process
836	iexplore.exe
836	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 836 wrote to memory of 2372	836	iexplore.exe	IEXPLORE.EXE
PID 836 wrote to memory of 2372	836	iexplore.exe	IEXPLORE.EXE
PID 836 wrote to memory of 2372	836	iexplore.exe	IEXPLORE.EXE
PID 836 wrote to memory of 2372	836	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\684d09d861c98fc5139069c6c690cf4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a48e5e17b98d7a4d077dcf69ec31588f

SHA1
dd361ed2311b7a1bfb70be697b6b74c3391e712c

SHA256
2b475ec8f213964b8c0a126b931a92d877bdc60d4082fd61cf086d3ed2c80620

SHA512
c067a049cb75a74b43a182d95922bf9a68afb40204d39fd3939308f114c6afec61f213c7871cc1ce07b443578d44d9ab8a5ebc78d174229bcea32d42a1ee4779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9ad4c0d97ad81cc98975a365f081c6b

SHA1
2408050d6e972ee8a14f417b6decaf00992277f9

SHA256
4dc0925bfdd5e8fcb676beb8f2b154a7ff95b3c9a75b3f3bfb3caf7e58ab1329

SHA512
a8df6d7329b7bff160d8f0aa8f0516887e41351e17daf256bd8dde06d1c844465f4c209ec1c00a03220851d6c828e4b4223789b8434e65d6a67896a9fc33a296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2320ba2811fb1678baaf4c68a55240f

SHA1
6e026ff940b7443c88b84a44c66ec91ff44fd09a

SHA256
cfa6d5bd4d61fe7ad10048f3ee00bbfaf3973496fe0cea739ef53cedc7f5f6c3

SHA512
d1cb7ecfa8ad0fd950cc12b812e6dce68516d3d82cfe4548db99f694099d66b6074baae1d876b569a44a1743b57666af0b242a9be3fb2a8e9775ebfc84cef8d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2be5ea40f8bf5f56359c505e4ad02d91

SHA1
ee7c3ad5b291e34486ad5bd6e79a7fabc958c305

SHA256
be82b0170f3436795e45bd3a27e3ff2e4d9a37398307ca2d8d8661bf7abc902d

SHA512
731866144b52d527c097b004c0d43bc54d2d7b00fdedca407f234adb071febd292e4704ca7c7838e3151d9d167836264ac405f4c9c2a63dfbca0f8a7b7626d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d616a47e9a41a26947de20dadb586e3f

SHA1
8f735e261ea985b8262926bd9bcdbea6a4670b1c

SHA256
bb05650aae02004225e1a46ed567650b994e353fa34b38c1dc595a7eec771a01

SHA512
d88521b00f2b4b5dc02e7fc1575a09200f483f8d4ef6142ce50bfda592997afeedd370f416a2d471791440f7e21278e1264f60d07c035ffdf56053e0790b67a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c50a48e6cea14cf1db8c9f9c0fba39a1

SHA1
246b13b5cfbabb058157bd8f83eeb45bde292a4c

SHA256
7d82ad2bfb45c4be091ff9827605864bf7f9ae484d148fafd51ba7d682f7d6a8

SHA512
3ba7f4ebc9871a475fd776723d20b4b2eb3e787d32b513be6cdd7a679fc367997a47bc5ee75bc142f00e5b9b3e83e23eec94748300152f4b5262217d0755d4dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e82f5adb880c1cf0dab44df99ad9f914

SHA1
dc6c3fe7ae7cc57f57f2fdea00a4fa4b465622b3

SHA256
cb6d431c70bca26ecb83efaf99ff41a648bbc980b0e48ab5bbe05a1516df4986

SHA512
323a3f0c3df16c3f49fb2e096bd9d6c3654e2fe9acb9f745643754b455a16371fa4ab1abf8642f9f434a7c37b0f302c1c64ebab07856fe3e158a7f0fa28d31a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d576c883e8ca0a3cbee022318bafca2f

SHA1
d448c7b5aafd142fa7b4eb044543ba3dc503a600

SHA256
a014af6e2c288bc4e022fec5b93eaac58f3811e4b9ad1b9eccfeb4396a971de7

SHA512
de2624255e2b5c38ffd4c6e6170c257e15f835b77ecf630534502eff32eee35b91855c5af1e73f828a5d8e4cbe7aaf032f29d3f90b2b649ac96d6d8525ace720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a617ae296291851048fa8c2fbdefe1cf

SHA1
9cbde0e030c8884c8b3a1b2a54cec7f60e61471f

SHA256
364f3e4f3b334fe0eda2d462ce1f2f28bae427c3b969dde4b420a5742c7753cd

SHA512
1ad6b0e45d1eab8ad52985bdc4c2e0368e4a6054f64ef56e856359ddb464516c6402116b499729b5650a87ef7739c9f23ab1b423f0c0de7bace2e0bab0609d8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
910ae48bc32c565ea4d21f886c46459b

SHA1
c3824d82e2eb0df44a2c7527e08a6d65c6dd2b63

SHA256
e4611e12d092cf837ef2f5b3b93fa6ffcebc291beca9fe6596345eccbd2f32d8

SHA512
a841ec22c08252498d9d13b18868ec58f5088e79d8a8304a3d472aa73194c589912bd953602e3164ea6107895927918db9cf196dd00988825b8b1f6c4e2c40dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fefb8ed34c7b89a78d4e123e2fc8b942

SHA1
b45757bcc1e118bc8f3cbe6163cb94065919ea59

SHA256
08e63bc2bdeff53a635bb9203a139aacd998f9ff53e9c1b777c641fd7a76fc6c

SHA512
7d50d11386d76537a8da3da908902992154d4969221ff8ed006eb18ee01b9e298fbe00309b11ed549940a63d568cd43ab327125cd8857757c6fcc1f7e06e26e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
614d4ee58d9bbbb3a52fb9e3f0e46a89

SHA1
16c4c262f4489e7164aab52dfc571b152e497314

SHA256
e6437374302d6071e72236cbe2f9dadd3317a6c19f0c4c057bd7c03bcb45e059

SHA512
96e97b23066d043078ecf071eed3b2367306111d455412d3bac160db6937a600dcb2bdc92f3f37e4f43cac6f21e5e3db885fef9bf2e88c7e0d4460b3f5d19317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cb356920664c205bb1e6b9c49de0ad9

SHA1
d7e6d54c06062703b7b8395c3c6ed77893a25ff6

SHA256
74f8167db1ed4bfea20b93eb3b997badcde79f8d28b6902b05e1301efe651e23

SHA512
9792498e825ee496c822c3794d7c50d15f6b1e866379e84916b0b01594143a7e1bdb556760ec4b800964ae297ecf744465f268da0fba92eaf9ba8d088006ce4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9abfc26d330288c660ca0fd936aa369c

SHA1
376e0e7a1e92fba662a1bb74eb5ab1955b1216f6

SHA256
0d0faf6c984f298ed0225c6677831bc36b00892ba9252b7998a99c13115d0cc0

SHA512
ed8133af1bd3970b884478dcc6a675d88dc885fd3fea0f58361d8aa094496de8aae28724951b044adb481fabf2f3f0c3904c12abb6bc0313c5fdcdd763e76253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd9981563e02c6466c11093d36b2ce7e

SHA1
f2114ee952664a57da528c7fb28ebea41d38debd

SHA256
d9c69e94af71b070c7f1237aae06adfcf6a642cbbf027d227b8c994ba6a4d909

SHA512
41669a9d746e9e64d32f9d863df09bd0107bdd4d725ef5e09a1d84ac6ea6429529a352cd00e356b8db5a09fea4a1d153931e85ccf8d7854ab3568765749e0dc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fba17d8aadfc751cea282751fbb741af

SHA1
0763ba1fc6b5b4163603d9e940fbee22f464d3af

SHA256
8fd4a8235bac4c17ff854382f82adcbded4a2cd6b7a30cd6cba24d9c99572b67

SHA512
2894789e379a515b361174358a1390231206f6f6abfea4f0620007cb1266bb76afdfee89691388b3c810095a242838280ecc9461c738de7f4dd6b134244991a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab391D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar396E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit