b7367818366d0d8943bcd30745af4811dc275e37de8ceeb9f293e2245e9cca0a

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6852ad4c00dac2c1057665c617808672_JaffaCakes118.html
Size

2KB
MD5

6852ad4c00dac2c1057665c617808672
SHA1

bb01dd27557e787f7686227d336c2049e249dc94
SHA256

b7367818366d0d8943bcd30745af4811dc275e37de8ceeb9f293e2245e9cca0a
SHA512

75a5e01ae4887be2e4375fb6474703eb8a7770c256c3464257cd3cb64185e18a800f64e2ccb9493f61b1c8ba898b4f1883d43294ff2d2c2e7050f138c15552bb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005b8ade641b2914f9fb81a064ee1f5c300000000020000000000106600000001000020000000e173e0587afb8889e95a8c871953c346cb9c7a79c31213fc02d2a74b948875b3000000000e8000000002000020000000959a5dbaa8ffe70a0286a20a293785745cac28d323989e9a163ab109d3004da1900000001e2854a08e16183bbfdec3882a18d3edf92c41667c2816e2e30f3787c60b01a6ecf8ace2773b627d8daeb619b08566b7469ee1bda33c8f888ed5878fefc6a22f4413e989cca07d8f41509ab13432a7e3beab163ab1c4aadd4c4fc21d41242c22dca4690cdf6fea1fb330a4d2a9750ab5b6259810a6b4bf306527c21e72d32d5f5cc5fd53778f21cc6ff8ac5bd88795584000000027123311e09914591155565828c00b076a16474d128e2d227bbc17394278a77404caddf1b10a80aa2586ad236a17dc8d4cce44eab10ed70c6854a4b0e37eebe9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005b8ade641b2914f9fb81a064ee1f5c3000000000200000000001066000000010000200000009ff8de2ead7e1968bc4f622f7812178d0ce5045a13da0784d5927c585792fabc000000000e8000000002000020000000fe869f0f223029331f90e5456e4f63900a47392a20e69edce71d2b194dd5141a200000000bab931a2cdd4a2ba03bb372dd559256ab4941fdd5e5992a2f740e3a91f500c14000000096c5fdb8258ae6eaf1bb03f242b220f0a2dc0747666246f02b59f4b5aad0f906498633ab0a24fe379a8269c5a925ae26766c1c4805bad7e0a2c9dd4ef57632c3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5066816d7cacda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422567186"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98AF8961-186F-11EF-87C3-6E6327E9C5D7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2300 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2300 iexplore.exe
2300 iexplore.exe
1680 IEXPLORE.EXE
1680 IEXPLORE.EXE
1680 IEXPLORE.EXE
1680 IEXPLORE.EXE

pid	process
2300	iexplore.exe

pid	process
2300	iexplore.exe
2300	iexplore.exe
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2300 wrote to memory of 1680	2300	iexplore.exe	IEXPLORE.EXE
PID 2300 wrote to memory of 1680	2300	iexplore.exe	IEXPLORE.EXE
PID 2300 wrote to memory of 1680	2300	iexplore.exe	IEXPLORE.EXE
PID 2300 wrote to memory of 1680	2300	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6852ad4c00dac2c1057665c617808672_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cb8fa08e35e0c772e2ca1ed5db8562c

SHA1
88aaf847eabbe87584ccdf214e799688ead06af4

SHA256
6c1139e2855f0c25d641473a3555a8c1e9a6441b81b300e50f5ef0a3951c9fc6

SHA512
00b3959e70bba94ad97440dc7a49a3ff477e9c58d1f44e6bff8db257a500205f39df107db9b66d304e757e20910cf5084d2e906d085019e48249120ff1ecc9a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
138ca8b3475c6d1418b014d8b3867626

SHA1
c5b8d64893a12db2b4b9972e4cee3d529ecba454

SHA256
9cc5563db1a0b93e951c69fd71ef3a3c90585360a76e154578fd2937f144bedc

SHA512
f02ceffc285973ed1d4b470ba6cd0be9e1cc34b597ed9e3a7a35ce1b6d511b347bd8858bba5809309ff771c68955d04edda68fc208c7937dba1cfffcd865386f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afb92a025a342161ff2a67a488f0fcfd

SHA1
d54cd2dbf7d0a7d261b599f22fdcd982a415f955

SHA256
ed096373d68ad5b7bf06669eac1f3cb1dbe823933bece5181134da9ec25863e7

SHA512
938eed878be149aeeeda3729f355f70c3a2fad46683e45640928f158e738bee8625785d7bad46e0001f04ebc3b0269de604c64e08cb6eec960fb94b714056922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a533b63a65ab1f71443e63fbbedc0a7a

SHA1
dec975ccea66738b3453e3fcc52646f2d2126bdc

SHA256
6459cf8e6621ceb8d9161cf8f052c5ad6a2c7c87f034001af829ed8c3b955555

SHA512
7f0762dc98d50280bc8e924ef5446ba3a331666179d3797533ba7de642d78ed3529cabc0bc9aceb564de27a7c7b8eb79d6706b98591d5d3c5814a43c310348c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b69c671f621c659b44d7cc9d41ace36

SHA1
f4ed4c1450c5dc115b3d18d2914586fed7ba6d02

SHA256
8f31d5e693c456a5fab229724fa8e8dfbee13cef2ce8bdc445c8a08ad3640ff3

SHA512
d62a607be3510deb3eda1cb4146815ffdcdfb424c449618633b60fc1d1a7c04e13b41dba921751fd806a618607ac7be24aaa3f68b5acc8962085c99e0ba6bacc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6308447c8c4499c2227a2ead7f957b1e

SHA1
61d3a7c59dc180ef8b0e13da7ba27a111e93fed4

SHA256
c9df15b5228069355159f5397010dbdb4cdfc8cb9cc5bae1a6cef3035800346a

SHA512
8053b4381e8465036dc6cf0976b96faac4c5a154a8471e4a2a659877b9e06988b5ea612e4d3aa6a0e7c7b3428f21ca37335a2148f3b50243c9fba86257d5204c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f948aacc0be526b348f4e180dc8c5eb2

SHA1
bc3585841644f666293c1fa9e0a3318c24f93e32

SHA256
3b3267013671a9057ee2933623c4d379fe041b5d2680a2d19e81b9d71e670998

SHA512
741eaad2662279b0ea81148bdb7b84a5b67e5d55a6065438e4c0dbdde2785d53a51f036a2ff660460c9bb1eccb504eb3d345f41ae31762aba80197949dee619d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ad68665ec0784e8bac1e954a8c6caba

SHA1
b61f8e86ab3c4416b48850b65e12d063fbc4fda6

SHA256
43a230b6993d2d67355f879c8221a7e2ccb70974645a9c0f7082a7c6658d9d46

SHA512
6f5ec597dc7f4fcbe027d713d6b79c65882b20c5ebff571c82bd2d39685515d6c6fec66f8f2b45e2dc00f9c9c659cacfc738d6655deeac706ec7ddf6ffcb443c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3114c60efba4fb3835e18f41b985394

SHA1
e02f78e064d2a9bdf7a2763d88ad55f05407d614

SHA256
ae21b774f09241240debb3cc1efc5c8c6d618324ef4873d394dbb004294ee5e0

SHA512
bc59382a8f23390eea848a28d87d9fab42e4890a44545203688d7d28595ffaaf8746a04e3ac586aa0cbea674e235e3d58431bb247680da99055b20c9d3468dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b0926b35116dac86f8d36afad57bf7b

SHA1
3bfd54b2862a2410886d49ef889fe06dd6c08295

SHA256
20ef2e583ea64f46f480333c88f871cb0cb43ab01b14bc6aa9751e6fbbf65483

SHA512
39198900ae50c4e649421bc1f93d5e2ade1b79825519b815171913c5d55b490697b2a92ad3a72d1fcab05434524f0cb72d63de52152c4067740a35ae89964eea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
228258a7ebed177bd8de8c80640d69cc

SHA1
95c6fe6012f79fd60eabf8c2d8c41d03998aeded

SHA256
638acfec4b8d5e4f17a877bd3ef48d739af0356c7642c71cb372ca666a588df6

SHA512
13f074e443a17ee768e707faa913bbf497a8a111b2bd7c6887e1abe8e86bf41285829752eca7732c02bd7844f4009558c09679a62649899ec89edb76b4ef6ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3f0ffeb647b9135a57360965bf88f43

SHA1
eca6783cd74b73f1ea2a586e78a12a3ffe4f791b

SHA256
9825a145088d965d9eca1455deb048050f6a0067d807a33fc6eaf84dc7103f3b

SHA512
6609e574b589e265c4194ec704c781b2e5b24c45bbec2f9512d95d7ee2026591295bbfe180da3b57dfbc76b66ae3d62debca4799d70a129b7c3b8a156f5ebdc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87803194e5c5f2bc697bff9c064ef1fc

SHA1
abbe7436a6394e7e4153443cdd2a55b479891f5e

SHA256
2ffe564a0bb4ab53166f8c33da1adbe94fbe09919a4c9e55cbbdf7962e9e3346

SHA512
683f8f293cb432696c3a1cc366dee1a942dd8cec9b49f9a5a103ec687ddb97ac00323019fe18d4fee2e3578275623c876fde813446910c5a1a25a60e6f34142e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
589fd1eb18d48c0e3acd1139c4a2ee96

SHA1
fb9854f0df9472cc0a4b5520f638d3c112fd03f6

SHA256
8d97f2333e29901f8e2196edd95ddbd18ad6f55436026bf83db05807a567a1ad

SHA512
780e62f14ddb14e65a434bdd0f835b3c1f8259096cec57b699f4559673c5d6e3c9ed5fb1b9d073c186463d0b3c49e2a8f4811f7053eaabf0b7b88686132352c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6851da724754505a34e5a8a50278a40

SHA1
a7df5b6d2d95e73f2b152b7a68bcdd6b8fe83487

SHA256
f7fee91fc5ebd66f103c702d8d64eab2216118c3530f3cb83d079e406a2237aa

SHA512
01bbb9dfc76c40d575b0f80ff88abebae2d1ed9208ecb5b251fd2053fd0dee3dfde13fb73ae20d0b1cc66692477d57d38bc1adbdd1c3eba8a2af7b92d1f9a1d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86fc9dc952ea470bcd808ed9f879b583

SHA1
77bc22f5817e6875a6a69a41c7ca9cc8a40be29c

SHA256
5c1e8bc33199b3cd6679f6143f27ef55d82c82fd48bcc1776e809c47d1f86f8c

SHA512
978cdbc8c65e9ae9bd42175d2ca009b2fa961da3d582e273b9982fc2b20a724da8890abc3e8c4222a0b1c426ff96f17db4ad02304770e6529798b9a1e28ef6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab344D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar35CA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit