9d7fade5c6bdf5c8bf10c4b883c248ac7f7536356ce058b9f301133ac3c73561

Analysis

max time kernel
121s
max time network
136s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6878464b9e9bacbab273e677cf1b5305_JaffaCakes118.html
Size

32KB
MD5

6878464b9e9bacbab273e677cf1b5305
SHA1

b80f9d91b01fcf0921f57525ab5b61d3954999e7
SHA256

9d7fade5c6bdf5c8bf10c4b883c248ac7f7536356ce058b9f301133ac3c73561
SHA512

0eb470b8f38f40418f39608886b61fbeaab0455a348528b3da6f71b8b0aaf822bd0b857562c5018fc03f1ed67f156a27fc75f8da113597d34df45a6a75b3b1bf
SSDEEP

192:uWzob5n8PSnnQjxn5Q/anQiepNnEnQOkEntCcnQTbn9nQVXC+4A83qRiv19UMs07:pQ/oN4z6RivUMNTeN/+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A993481-1877-11EF-B837-5AD7C7D11D06} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f6fb89c2e37ae826e6c54fb5b0bb15b3a719e92d33d7fea1aeeb00f8a4e2fc78000000000e8000000002000020000000fdf103ef95b33679c3571720066d5acc681494c11a339177e968c99f9ed0be9990000000b6ad53815200ae1590ae193eeefc450bf36e09ac8cfab474e8c95f3838b8fc224388b75c037f6e2ef49791c7a74591f681507b97ad55ae7bafa8975c2f9d023a335a276cfdbccec2aa2bce650465addf4694d64c746bddcefa59598c630c0a0b1167e3d89d27ebb81496ee42341994e945ef669c95f93fd8fb3bc83c8e12216915e77f2624ab2de08d7f7fa836043b0f400000004f698f45586200f66003c37867ec41976eeba74fce2935abfd68211694fb8abba5c89b4ee496c9e042e2982ea0f978776aa4b29e0ce1f84f32dc0daa964eefb0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422570485"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000005a874dcd9fd2f65339e2798a4895f5c59b5eff455d836a4ce2a56b6e021d34a8000000000e800000000200002000000026ee51656073a17973d5e847f5b89c883f4a34c8e7fdfee66e5ccf17eb713d30200000000514803c28cbe062085eece48923bbec3999c32bca6a1fa5e90b4834a248aa2740000000b8a7bd3005a7ab4a617a45f2dac03e489f7f06906cd1673bd5625912066190a724986146d7ca4c8c0ffee712d610902266dceda7377f4eecce356f844f722b31	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3025d02c84acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2436 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2436 iexplore.exe
2436 iexplore.exe
2712 IEXPLORE.EXE
2712 IEXPLORE.EXE
2712 IEXPLORE.EXE
2712 IEXPLORE.EXE

pid	process
2436	iexplore.exe

pid	process
2436	iexplore.exe
2436	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2436 wrote to memory of 2712	2436	iexplore.exe	IEXPLORE.EXE
PID 2436 wrote to memory of 2712	2436	iexplore.exe	IEXPLORE.EXE
PID 2436 wrote to memory of 2712	2436	iexplore.exe	IEXPLORE.EXE
PID 2436 wrote to memory of 2712	2436	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6878464b9e9bacbab273e677cf1b5305_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee1905d17dc2318a25dd7870517117e5

SHA1
690e7522d8e75a47650708d9ca0470c63f66b094

SHA256
208430289f5bb99655ca744ad65ab4165f5eebcbcc5e1b49730cac806fdc5e57

SHA512
6d3d10b8dbe7287d30103858de01bfdd148acdd039022eb98b4b4d661fe3b56723940bf98527727a3f752129d0b0e039ac502700b3829febb119cddac0f16ef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b659133bedca05b115cf24cda28256c1

SHA1
70a57b347e1a6a0d76e21c09e76fec506c3e2009

SHA256
07dbe5fedfb8d6ef2534c12ef994b20a9348556b6afec40f99c037e2952576f1

SHA512
f8c0fbc63a40b10ac08dcf58d70f9c87e8aab251d01b98ba5be73bbb4a7ccaf8e6943122b6e6c94b07cf00f2aebc9392341fa0842fbc2d40e8891a96575f8538

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dccc3ecd221aed132400133ea3e77c38

SHA1
c5be573a514fd09ea6f3a692089482d93bff28ce

SHA256
4a299d7c796d2a7f8f6338e0ab183d97994a7c47e47ca388dd8eda960d7c9604

SHA512
5b3bee7e35827c5feae5633405b5c9425bb1f6456e68a60ac65c208e599b2fa88330e15d9d08da6a3431a4e603c44080d7ecbf26f9dcc1bce81851e41d15fb7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
860c237f36bbecad314b5e87aa51d512

SHA1
21dfa5d73fc84c7c38340b089ddb077ff14ff569

SHA256
8d35ec870021958ee08f1d2e64dd51fb6ed686beafb11be36f835ee4c9ee3035

SHA512
dedc824c849e538df6755dc63490907c7cd946f1be3771aba160d06517b8d007dfea52e6a481a0f82455bc567826f5753202818a728573beabfac80adb660c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5f53ec54c052a15202d5d7c634d1b1c

SHA1
e2abedd0188a1599d74196ffa6938bbdce3605ba

SHA256
9b91212db6e26a8cc94364b13e1c041c00ea96ddd5ec8bce7c6508021cb87ba1

SHA512
9ec78bd08c907e804f14948f4e3758f2b2c5933d0aba786bb8a1dba0c502f0c80afd73a0a6c5d2f0d172a3691152bbf6614b74136f803a3f0d45bf1da69f860c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b39075b7640fdbf1feaa0deecf0e3fd

SHA1
2b77cdda405504bc941b779d06def59eac1b1615

SHA256
5698ed68a60461866d488eeaee22b41540d344f24b01f4e002494f79bf3a3fa9

SHA512
0bf33e7c69d9a0ce34462fd6a802b7cc6cb1d916083c4859b9a891f78b20b9e769608154ad62bbf8ec2c8551a1ee8ee8907039fb752af094b0e89bb53f5bc0da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97fce995777f8ca12510a042bf22170f

SHA1
f6832a4b02d1ba16b8becb4923a68ae2bbcbf89f

SHA256
1e1ccd4c44e19699b895bf6a5e87bb88987243f1dabbe1d2df230288e38f175d

SHA512
65bfc6f5148dbe5ed66a88ca55f1fe12511acf67521126896961cf4b4b250b6ba546e1ff9e4bf3c89d69e51150fb031680f83b5e404cc5be0a890eb753c55580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98cce0854c8b958d7e7ae847f65fa3db

SHA1
13012b2ba503e033f2ca66710e0c0601739bf30d

SHA256
7f39d48b805dbd29741496595dfd05dfb61d8530152f5a8fd83da03f406b8165

SHA512
d5cebb24a9bf3949c2052ef3c7801457ddff83899697a3591bbfd15f0966893f8a2df5278f10005e14b842368166ec124914f5ace8daec2242b80a4d98b179f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8de7e86fe43cce66e79028f588727428

SHA1
ae266be89d81b4c509f463af1f4e395d20bdc0ef

SHA256
43b63686aaecabdd02655bf20529b92fce71e5390095eabfb63918583ecf1e3d

SHA512
f1759877800fc2f3e36c32c6e5713f600137fa144552d2a028b86792396f03b4eb91c0e6adc9d2faa5e94fea42d7a4125c676d3dfed3add24a5435a74a908b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc26ae864134372f7d10a4afd89dbb43

SHA1
fc954a35e98b01208b474787c6dc2ada3ca4daaf

SHA256
f46955089e913179ca6fe5833d90b96dcf2815fc7031cdc0b200cdd03820d883

SHA512
ba2db2eade4811c38df3f4b563c8faeb41d902411cea368d16bb462c0e931b42117f9d53986552d6014f96f6d5d634e0bfbba5f23dca7c073d7a982f0569457e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8662.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94F5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit