1d5b9eae4fde52f3acab50a87ec8a11bfad36d86ecf1a899369491034808e497

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6890ecb9f52cbb9362e184970de8e38d_JaffaCakes118.html
Size

1KB
MD5

6890ecb9f52cbb9362e184970de8e38d
SHA1

4a3e51131b5b449cafef78e081d4f957f6b8f147
SHA256

1d5b9eae4fde52f3acab50a87ec8a11bfad36d86ecf1a899369491034808e497
SHA512

d1dcc2aa8762cb2de463b2d6c3f3e339e28b21f0eaa3ca1e5d857856ccc1a2ce5d21a3e749237f60d220821ed41dbc8a98f21b5bf04c3ddf9e339e18517d7627

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007427efada894cd45a13bd64369c32db300000000020000000000106600000001000020000000e303d05dd05d9ddd75269d203dd311ae6fe1ec41c3cec580a803283245cd70d6000000000e800000000200002000000051a870e1ec33c30193d7b85206c1984d41d9c1e0f4618e94b234a991fa47719690000000c489e647ff82c1f1a6fcdfe0703f2502145d3144bfe6511ee334a5f51b9dc075e76997a5063fc10e84ffd8d89987eb218ef7a42825094e9b80e39dbbc885c21a793d28c9556faf7542ad27d449208f9ce404517b5b0242d4cda55c72500d3f905cb913ae5f5b76dbad0e1df50818f202522c85d4e90b1f02630e54d1c10d221cd763c5e360242c471cabba19ed1dfbc6400000002ec1150a5c472a477c15efb7d36c873ab5de590a3055161fa93e4936635ff4bc655609905f4b9a3ab3aed6ac310a392cbf17b07f638a586c70fc86a8d8df6076	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007427efada894cd45a13bd64369c32db300000000020000000000106600000001000020000000128c82eb45cab50b77c93db36d16ef237cd3ba4db65b22cd3c62ec925c06e92f000000000e800000000200002000000061b23fcb078dd784be138c17e06c7d6199638954a7d36df0882fe8080421237b20000000e1008fd5141e4537374558750cdc89cc8526633731ce15a684f9b483d2a68ab94000000025df4bb5aff17275974595b3b85cba6949c9dd3805e910a48469bf66885c2eadbea5a2ad03dfc25646ca14cd1acf9d404b53cda041ead71c20cc00fa59fea5f8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500dfbe088acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03FABCB1-187C-11EF-A3F8-62949D229D16} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422572509"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1976 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1976 iexplore.exe
1976 iexplore.exe
2948 IEXPLORE.EXE
2948 IEXPLORE.EXE
2948 IEXPLORE.EXE
2948 IEXPLORE.EXE

pid	process
1976	iexplore.exe

pid	process
1976	iexplore.exe
1976	iexplore.exe
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1976 wrote to memory of 2948	1976	iexplore.exe	IEXPLORE.EXE
PID 1976 wrote to memory of 2948	1976	iexplore.exe	IEXPLORE.EXE
PID 1976 wrote to memory of 2948	1976	iexplore.exe	IEXPLORE.EXE
PID 1976 wrote to memory of 2948	1976	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6890ecb9f52cbb9362e184970de8e38d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
810cab5cc37db39883acf3d068fa523c

SHA1
81920c566662a7562de1de830244e44b147bad93

SHA256
dceb6604c4ab5337aa343469e78f32a84383ba454f75dd650172a87bc7bbbb6c

SHA512
2002174ea7c43955e025ea9ad6cfce82fc1520e08a093833b609066b5c41df7dde37265135934912571f222a5c401ff44f06dbe35d11dd15edd9afbc981fe652

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4d989460c7b24918f76dd74a1e7b22c

SHA1
99fb6d9429509faafd3bf8338acd76417d95614b

SHA256
8c7ed996d36e9abfdb7cb4a63e8a6d2d5f578725e7ac587823a70b0f3a821cbf

SHA512
17852a9b6b8bc79635d2dd565cf3d2615f63b7982ecef8aa0b73ada1b77ee1ef97ebe3784c1daa5880187121d5c4e12de2c5bfb61c2db74ec341a75db35b90d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f80412860e2dbf2be5faa56df1eb8f2

SHA1
4296d45ed4f62ff8cd7ef0873b2bd79a1227d0b9

SHA256
6abfa29fcb5ab3ddf46f3a9315569282a9eb8e469237b1da5ace7d29e05f47e7

SHA512
a0008d73eb491982bd4362fc81063e480e4b8b1ebf7e6adc206eab5f67d43660e935e87613e625c696c5561d24bb367bb4c260161afbe149899906cf50838ce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8546966068a41eb28c4b804ea551558

SHA1
ee812047d28942701f1496fa34851ed3511a6632

SHA256
64bd854221e86c0ea998532a700bb198c64cdca2df25ede57fb7fd0466ede97e

SHA512
1757fadf9830d58bdc65a54fccf727603fee5c2e31750fbeb7e2a5f880db0738cbde7f7f11e8305f1b0dea775b6481d3234f0dc68e53808342b3db6bfb5c7106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2921ac82487626d1d9c2860ef0d26e89

SHA1
dd95bb75c75e2ae7839015b6d4c6118acccefec4

SHA256
5cfea4f02937e6da88b75fb2027515ada20e743d2bc454beeca65649dd1f4f21

SHA512
f9565bb2f9da0c7ffea8f94e9b08de130c8f13725710b7a2e6ee2c00ef3caeb6e9a6cb200a28aca370e0c9a448b0a0cacb3179498797e7ecae86d1a513cbdf6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e9a7d913a006d6f7f7cc5bbd847833d

SHA1
c16719213db85f2c44309c89c22d2267dfcbeb28

SHA256
74ae421f96cea378f30d1f9baf2db8d781e7450183b18c85d54a205b7c702f19

SHA512
df993fd03da0c41a24e67479fd19ff4b17c6c90df2c75112dae5b3ae8ca51f0f1010d927c35d1fe260f3013a6b6928b34df06d5d41cd2e9232e3c2db129b8b4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55d028e315928513bfdfece2489eae53

SHA1
26b7666ca11ecb5002787925fd9552ce97bc0a03

SHA256
e291b9a8655e1e76e59fcdf4123eef58940d29c76b7a038ef64bab3dfb08b688

SHA512
35041eec08ec0ce168f9dc47155b02c11aa328f9ba1f5cd8bfc597fb1698e8aac423800a3ce73eaacefe94f1eef4c32567139ef985e79c2b0fe5dcb957fca74e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1970fc5cae8636146bc209c49e64b070

SHA1
8ff85b829254a9891bc044b132957f591a0869aa

SHA256
d8e96bb16170ba657ff97152c31d42e725c5730e056c9c1f05e3dd3ba479b987

SHA512
011edbfc1cd6cb8a02340ff2be4ed81a0d238cc6692f508af710637a396856de9f04842bd949990658d7dfd49730ec2b2f755e47b127cc3dabe7c70e1e627062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f7c21c31682f600eca843572cc88086

SHA1
88ee3d3ddb6766558a5a9932a945cc1cff8b4c62

SHA256
519a790bff5ab9eefda0fa298eb20451bc3e86e23d8341a98e92e7c099b67a7c

SHA512
56eb8540b78c25eb9079f84105b9b6a0e37b4c82a81aea0be172bf7529e7e79290773eba2c3047bc7659b4d9658cb6876ac1a34cfa315add81f32399b3bb1ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a998d3d07710c479a88111292db0173

SHA1
fc43c98d88ea1422b5224b53f3811a865a4fcce8

SHA256
447c3413fae076666ae8d036958a4e4f9c61e1d3e553ccbc1c7551748f642b72

SHA512
c0514b5ea9f6e15089f353db6afec9112e0d31076c611965d53679a9b87fdeeb876ac0f0d1edc143b22d434892ed00c90c2c9c4c95a4d39824bbcae54db2349d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5a4cd71a5fc5ef9a3940bd018cd0d61

SHA1
98af54f59aac996c0864375d22ae59906f178a45

SHA256
aad9a2defa4bccf449ef211acd0d8d78a276d7e627eff41bbc3762b67b8034d6

SHA512
97a894d56c3205fad5cfda3d3d8074986396ddeb92f5c2f9c52738bd1f32aa7797f0c6ab27581b553682598cf9be73c9da4b95fdaa0439ec53a0879523de16e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30034345e868266197703ddbbf392098

SHA1
2ef6a5cf738c06694b4503432630d660c70fb4d6

SHA256
bd30fe34e62456a0c05d8802db3f18db2da9e5b13263eac585b4bff5883b8fdf

SHA512
6fce09c7cc6870a19ec0c60a54f864f76638ac588d2f553d3156267e63afe05f2733c457042689fec2fdca34d4ce11c0dee89c127c6c991bb07976a8c617b88d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfafd847b3dcd5955123b9bf6a3c6c7e

SHA1
68f2a1870b08378024e2aad36cbc753e90515d8c

SHA256
4287f60f7d76e98f3ac131061f11661dd11ed2e4024e45f4919d4a7046240b65

SHA512
ab1cdfae47b6b83dfdd65517ac15a1fe5f1d28d8a5ae79aadf59444f027558bf5aa84765a58223037adce9fdfd06d35061c09fa77aebcfdb0df5b1de4c1b5c89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e4963f7d5efcb14ebfc2840d3a8f8d1

SHA1
10105c0ec4f68869a5c35797955a5cc56839334b

SHA256
1f864adc5b6fedabeaa23b2e79f8a513c6a00000e38da66c0c41837ecd68bef4

SHA512
80bb0bda4504ef8e03ad27c77dc4fe29569f63bd8ce5fe72414e7e1023595e8495a9c99b74679f06eac02ca0ce9630349ff2a1fdb3a6a7530c611579f0941033

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4EDD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar51C2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit