8e2b3dcf9fde18658227d1f30e221c5ee24f983bd285347c88577dd34ef57dc1

Analysis

max time kernel
121s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

688d33e98843944ee7136065ea556a37_JaffaCakes118.html
Size

4KB
MD5

688d33e98843944ee7136065ea556a37
SHA1

5f8b5b0aff33d8e81de00abb96378d3eda980594
SHA256

8e2b3dcf9fde18658227d1f30e221c5ee24f983bd285347c88577dd34ef57dc1
SHA512

f4b0d9d93c211915637ffddd446e82fa58b6194eca22e6773ea662b6c9e89d69a037b4a7b0d20955e9f2cf7768a1f0f2e8b7ec4a18b9faa317ee042dab79927b
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oG9mUd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000da1972a7ffa3be4193db33cc4fbbe35b00000000020000000000106600000001000020000000a16df280a23392b613c72e695f3e771aefd7ff3508e53ffc0f2bd03f1abcab19000000000e8000000002000020000000c4da1d4e7e3a97ada8685b3f75b90571b5f2bdbb182fbacc28028e20750e8fd09000000072a35e40dfb5d74a34f77501a08d8dc3348a3ec3ec326415f3858136ed28b2d820edead0fbc1ae65e059e65629856efdc6c7407fe723cef8bde6b59c67b4b14fb42bf1210530adfc9ce9dc94d136e692caea69953a127304aaf6961559f8794f7ef45fa4c8986e5eadb07ee0bfbfc94dad94c1e2d06aa247df8e6deb4e233638fdb5b5ba75beb3e8608c81421a08362b400000002f01d90cacfd4b85ebe788d221996d509c6c4c04fd4520893b67cf88495ec53e5f5e0634d31b3af3b0c7db3fd869528c5b3fc40e4dc82ffa4962f5b5f7e9a121	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DA19D81-187B-11EF-BC57-569FD5A164C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000da1972a7ffa3be4193db33cc4fbbe35b00000000020000000000106600000001000020000000ee488e18e3c66d823ee1829d572cf50511c1f9e4d9fcd1966a5592d79ba623ee000000000e800000000200002000000053c9f02a12cb4bd2f64683bf9dd8021ec2f8f770e99eb24392c2a1582dd043bd20000000dd488d78bc3e1fe5a093d90a85921f27359a9f61c307b57e7ff7e52d1a7272d340000000f0172720dc7878419b221aba1e49967fcf0fb2161d89266b3805317bc37c5d796ac5ee0371088b2e98eb4a8de8dca7630abd81248df194b3f171b9f683bffb49	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70875c2288acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422572211"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1132 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1132 iexplore.exe
1132 iexplore.exe
3052 IEXPLORE.EXE
3052 IEXPLORE.EXE
3052 IEXPLORE.EXE
3052 IEXPLORE.EXE

pid	process
1132	iexplore.exe

pid	process
1132	iexplore.exe
1132	iexplore.exe
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1132 wrote to memory of 3052	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 3052	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 3052	1132	iexplore.exe	IEXPLORE.EXE
PID 1132 wrote to memory of 3052	1132	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\688d33e98843944ee7136065ea556a37_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20dd37cd6b47d6b480d1d6fec4533b14

SHA1
a9a3fc0e44c307e717781cce96f16ed6168c9200

SHA256
bc1724a00a49bd51eeca44c6daf594a1c942c2fa3740d4d9b3734cd87ea74fa1

SHA512
3e9800e9079f824fdc6c9ef4692681dd8eadffcb5964fd8cf21deebd326cd75f8eadd6246feb357a85d41fa43b878f61a3ae660514731e67b170ee0dc8a34193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dab1c99feac821a8ad602bbdaf9a45f

SHA1
47fe3061a31e50ef1f1061971ae5a8196c08ce22

SHA256
a7321119b4cce4fe657d3fee019051a47abec9bf819666926bd6f0c7c41f9955

SHA512
4cd72cb292cac354e6ed8ef0682daecba4a17637fa107acb41ce9143bf2663a490b6708bf7add9d1ded4d54900163bdf7ecae24d2ccc6f645932b6b70cef2954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5832d06fedd92b633abcf9a5bff6e69

SHA1
8932d06060bc9d0ee2050df5b42d05c8d8cdbe19

SHA256
8ed92297eff869dd6b3aa4ed631a8c74a2a9302a62e3b12f261d2b46b4491b91

SHA512
ae6102509926c15252e19550bf12b87eef7c751822aa646b43ef689f1122b50f02a6b972084d603064038d1d7996d9c695681cc0438e188c07aa6570aed988db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35a7692fadd1d30cf9b97ce8ad8e1618

SHA1
85a9ecac008467894d7adf53f36fda81fcf40a40

SHA256
4c40c8b9fc8d3a6964f856b4513b448f060b1af3b31c87f2058c7f35b7938678

SHA512
1c9bf4c7747bc803969101d5ce18c84a3d00b4d29c9e5fad57f1281cf5bdfaab038c3e07d77bdf690d190bb6af8f87d557dd0c0a04b04a837d34b7d351207c23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bc96a1b8db21866929cdd2dd60108f7

SHA1
97c9363125c0c6e21bf34234b0589377f84e72b3

SHA256
8e40f6645fd5b567313b78f23b189f6ce6986a0a3f3f2b8e81fffd66171693be

SHA512
d67588df211ccf411affb3e834edf45dec6a1c18eb6aa3a035e8e208d79a0ae655ece0746713ed361f9e356857a78df39e35b3633f0b305eb34f6cc5cef38e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a1c3e1227174798aac9818b605b84bf

SHA1
94ad5bb141158f40c5e7d4551eae2b2a4bdd97b2

SHA256
f38b987caca287b09cf16ae65ff10494b4ea3f437fb56b6c5841ba7e87c22653

SHA512
76160d1a356e16cedd410674f0b135ec309e4cf609ddf5705cdb3e7443e4fc4d045ade574496fa75b94af5cf61eb0d640d28480b3ccdf631b81ce97d21555a44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d508e20125558795d00e738d35c1a48c

SHA1
4589492488a748ac17dd2dd774f57c848edb121c

SHA256
4a0c9268c3c93b94fc3bb78431001c0a8f791ce89b0aaa3656153c014d5932a5

SHA512
6a48af7ee0bfbe67fe3f6196032a791ac63e3a9ed0020c49597857e7b16d16134089e1b7b17230a1fcf4735a4099558d37cb9461db425c5b88a80c1b0015cec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b426c661f5096778d4d1e1697c69fbff

SHA1
8b92967a1ca1b42d909a5c5d591062f67a919861

SHA256
e1a2f18754c81320c152dce5e210d595fa4553d2f479e94b2da4ee9d3c2801f5

SHA512
1e291ecdf68312e7b60b7c246ad881726e3907a84d82f7131d68f11c6ceb0dda011dfc7492b2fb686053996dbf3ca2948e0c70589ba9ed963540bfce47022724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a27da98d968aecbbcda25b0bd674235

SHA1
d85d5f6cd2099671794c29607b61397dcee792be

SHA256
5945950728e0d5edc479f4caa7523d0b6232da271d9276aa0a193dff0af58556

SHA512
a262c60c7c68aa779708cbda6289a500e82521aa354324894c4acbf340d3d7c78fc6677a751f1d2d27e986460882b5f3334a439cb42b1f85a16bb2a97cdba692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8aa6193c7cfa302da5afae57b77d9682

SHA1
6943a12d12f626b374246e64940fdf396254a6bb

SHA256
2d64aaf400dde1c3f77d17e8ce9d7dde876e9817371be75779a726f3235cc6fb

SHA512
e442f005ceebdb8d582f09a32c09e8b39ec47eb389b2424cf4be026d9d15759c91d8621a4a67be516b136324ed705e57c756a17ba5aba53ea935664d2f0b5dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94271d873ef01b9c51f9c06cbc67ceb5

SHA1
71e2ecf3e6f55a46c82aa48ccf9018c26fafa652

SHA256
ffe71bf257bd30b2e8ec374c42471193e045fe375c68e331f5eaec94e428f1ca

SHA512
860381167ccbaf65ff278e44806056a0eeb1338650a9c783fbc056b8f8c09cc49653ec6ac49fcd44e24b3ab8eb9a3c0bb6a6d40a6a95516217d0fb82083e57cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64c5d224923675925d6c073aae222a5a

SHA1
6fcec7dfb3fc9ac9dc0045534b87484b2e9a138a

SHA256
7853f509cf424a5a194e1f4c328d22a00c9d543c3d0c56cd30bbf27523fd4ee5

SHA512
bec1c2001237593a3bb0c214cb7d0fa8cce0c5c8a26f0b8899fd1e35a48f0979a8ac7a70f4165254b833190e8ca2af50fd95847739fdea1c9b7af52704a31019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9101b01edd6ab078450a3395f1e8fd2d

SHA1
93ed22f2e9a2159b7e93f7030957569b2df74346

SHA256
6c423e9609b0300d21ba44b2e6651899d45e0149aa3d96b0b1043630caaae495

SHA512
e5a8a3da6522e4567e53c27f6f9eeeb459993498d360c8ba9f8e5ac7b4e457a416141b2b6438183c79d4c8f857ab0003cb1d7a7541c5f377a3c139a086ecbba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1b914bf128c257dc412dd3bdd5a22dc

SHA1
730b558e329f23325b05d86f6b57831af8aa09f7

SHA256
c6fcb6de8b3dd2258c2da8f586cad264c4cd27aecf81453f7893b14a9824af8a

SHA512
a6ae8af607b96d4e6ea850a138a77c0237d6d9e998b72863c9c7955de02b23fca8f0ed40a1cbbb27f68c7e0c9644eb4e9146a786acdc6853ff441ba893ec78ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff3057878c20a8fc85ece0d4e5f57e05

SHA1
bf9b3af5f0d6d63b8f77ffbecfbc3dde8c5eef29

SHA256
4ea4c4915baa41639323732aefa6af111ec67ea85cdb2e011514aa863a270f94

SHA512
afe7d9e61d496086dfb10575cda3355ea1aad0ae555256abc6b4d518f0add3f195711a19f400da8a1398c6924e84d97b414c5d6fef1f00584c2792f2a12a58d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E4B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F0D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit