0ac08dbe7edbbaaee462a6cd7a013a8919cbe01bd386c9fedfa2912437425008

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68737ae30da2bb677c733e4211e35f49_JaffaCakes118.html
Size

23KB
MD5

68737ae30da2bb677c733e4211e35f49
SHA1

933b438287a5dd352ce8aceff5d49cd0233ebe51
SHA256

0ac08dbe7edbbaaee462a6cd7a013a8919cbe01bd386c9fedfa2912437425008
SHA512

8fa5ea614ef9378bb666ae0be8d4788f847275e930ba34650ca7ebb93a6c3d224867999f011cba702f830aafec22700cf6fa59f3c8399cc6b41095109228a23f
SSDEEP

192:uwrKb5nYGnQjxn5Q/znQie6Nn+nQOkEnt5FnQTbnxnQtGLnLnQt8qMBaqnYnQ7tt:DQ/UGJEs

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 801a394383acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d50cb945d309de49b279ec1d4de9b999000000000200000000001066000000010000200000002098b23114aef808d08039a388179a6a43fe403d7140580b729bfd946185d03b000000000e8000000002000020000000b4add4abb0d9ce770ae1ce227f0424292d80b472cfb51342819fb70fefa3ca4b20000000ba1530bc3a74bb8559c2a0c84df18259b6ee70afe8b6a409b1c5758e642654eb40000000e4cce313998544575c492403bb8120dbe139452f6a650c2cf36cc965c345e5f898d919c7a6799f7fef4d33b90ebf5eba7f7650f296573b1d167f2ca033304b53	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d50cb945d309de49b279ec1d4de9b999000000000200000000001066000000010000200000007222727c07be4ffdd4f1b44e6e2284ebbbe49ce744442a1b1109248bc17cfd99000000000e8000000002000020000000509a717f17399573b7e83ced484d3b60ae5dd05ff051d3954302f8cd4c8ed783900000003961476bb78b4f7a9d929c456dcf2f48becd9df6d5c7e999489c8dc816ad25c0dcb20c1f571cebc0a70557ff9d4ab699283f0de836b02ad667ad1d1c703d58f6c58e76410db4bca01a08d8a05d82ce1f07fdc719476ae4e6d17a756b531b5d885ca840fa7a8ce1700294cbf2f3daea92a85b767fe24f75561b52bc3790a3d1167cb35ab322e11a8c3c19c80fbbc55b4e40000000e38ffed3043131827c23723f4cd4a6eb52168d25b7da1225d601b59541a02cce1befb3116a0c72b8dacfc81302d4a155cf0f9f03ec966d692548d00e0fa2a0be	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422570111"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E99CEE1-1876-11EF-A4A3-CE86F81DDAFE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1540 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1540 iexplore.exe
1540 iexplore.exe
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE

pid	process
1540	iexplore.exe

pid	process
1540	iexplore.exe
1540	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1540 wrote to memory of 2884	1540	iexplore.exe	IEXPLORE.EXE
PID 1540 wrote to memory of 2884	1540	iexplore.exe	IEXPLORE.EXE
PID 1540 wrote to memory of 2884	1540	iexplore.exe	IEXPLORE.EXE
PID 1540 wrote to memory of 2884	1540	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68737ae30da2bb677c733e4211e35f49_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8d0df0ca1af437af9db37a1c7674718

SHA1
70c565dc47e20389b36abdd61ce6b86fd81994e5

SHA256
26fb9e233ef4f433cb56fa85996340cafc2c5260702786406568cf00b906771e

SHA512
0ce2b83b918ae5937140db818e610fa10937d9c92904b2138d2e7f7853ccf88db1a152d22d7490e7dcaf727407d3369b7e7e37e5d4d74a3324a4d0bff5216d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fb4e42cdf8b5c51443adb5b85797740

SHA1
f02e735c0f0e04df7588667e97cc08e10736444b

SHA256
bb7d43707d53200da4020fd6f2c2ee0a66486e918e280df2a9f9fe9e3fb892b3

SHA512
db1cffacc952d4a5942b78c308675a0a67313d0ca793a055cf805c81dc013371920a27d48fc533c23756354a4b664af9bfa9169cfb71f4771f61895e131dc1d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1737a2f2e6990f20ec372461ee76cbd3

SHA1
6a9e50c85ea9edd93ef5b15cfbcd706f1b78aa31

SHA256
79430683427822b8887ea2f3184c6683587d5dd854518460922a0f17450edadc

SHA512
d12d2ca45526845cd0e572311afe1acd1b53868077a2134eb2ba3f3502cfde3514941cbf13d7c929fce072c7b3bb351141b0ce67dbc025363c3cb6b1417b66be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
717d4c6e87e78e8376590ef04279578c

SHA1
adb0f1a11fc7d067d915c0ccbbfba47dc69cd5b4

SHA256
0ee71dabd0509063580baa6bfd7339ed25da75954e18790d842e4246f89b8113

SHA512
9399f0a415ca99f662cb8e264a6f23163acd1bdda851b7ed85d79471a4c92ce76dab0735140b91c07fc73eae2350b8b60023df037f2f091d8e62bc6298b442af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd0af099d6fd5f72cfb4e3e2870d186

SHA1
5f145df29972823f2723051b38dc8890577c253d

SHA256
a57fac87dc3a16cded45e9c77c1a36955a7649a6355cac549233359e02f7e8c3

SHA512
2b730a59208a00ff3a5a2b24348eb62dd0f4125c7366631d4293a992b200c1342676a38c3cb8c954f04dcc47ed8d04104e32eed9b4c85d29650cbdc6e02ef582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f94ed590dcb00402d60b5d158e4cd22

SHA1
21dbeb453d0a460f85bbec4fe17654ff2c74af59

SHA256
eddffeb22d06718852cae2c0f39fcf8326c6f35463a2e039e295e323214efcd5

SHA512
c217e6d0825bdcaf73d7d58dfde3005d5378cf36747ebc8cf13208840fc10dfd6b8027955a03fe3a7b396031eac9db269f6bd40edf6b93799a4f2b1cb58edd6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9deb64d2c2045496c13e9bc63f559016

SHA1
c1d84ced4cbc01fcfa1cc05c9f11e88972811114

SHA256
353c97ef6637498e042c8eac34c9159f3fffede057f3ac7960aa6457d9043118

SHA512
dad2003ee2a90eb973fcc01e234f0b7b2b0fe73f44a7945cf61a083109765a3b1d6c8294c2e6dc7800b6e14c0968d0d1d7bfcb08a9f52f07ddd1553dfb8fc06d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74edffa31817a4f29bcd487f980ff989

SHA1
65f74fac8c749a84a8a11197e521f0f17c8b5be3

SHA256
61658ef9b829953937d8030fbef77b07f1eacac440f899acff1b4b6ee363831d

SHA512
331fcc6e314295019fea9718d6687f52428934571d759d4f4c7b84452909dea6bf4ca7a86b5c57dddb51a93a0f019b0efa2c00646066710ebf7518580f08ec57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bae783c4c8b96b4c7b15730a31bb938c

SHA1
90e49c173fa2fe1f0adcfd9f64ac3e75831263f1

SHA256
21f6f156b17c99d70c8d84569884b30a8986f0bb2d8f2421deb32fed2a56de7b

SHA512
f9f0d77def1ed298c320af68e8ce39a1cd14195733eed7ead59533f19abcfcc108ca93bb1f90ca1f9bf10d71f8a6c1af7a14c9ac60cf1e71f1f42b070c875f1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a24be463506078a75c9fcaa8774b695

SHA1
0f8e344e6bdd5a8bcf4d345fe63133092ec37839

SHA256
3ac0b7f2ca6fefe1bd6b119e4d9031dcece2da2d8b558a003351b53369bf2ce3

SHA512
96d3dbc136a76ede1dd33d3d5dd1b5312bdb2e1a2aca5478a6712e52bc4c47a70867b196984ade1fe11a9126ef97a25c65de0210cbcf9ec9e43938a975d29479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab338F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4055.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit