b7e5132dae91f3f3b742e325e8a28c1e9ba2d9e21da1ec021a04de3c23b1b2ce

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cb6083959a7234db9da19e7a8bf7484_JaffaCakes118.html
Size

4KB
MD5

6cb6083959a7234db9da19e7a8bf7484
SHA1

3ee7f682db66e72150191a528ecf8ce8111598c6
SHA256

b7e5132dae91f3f3b742e325e8a28c1e9ba2d9e21da1ec021a04de3c23b1b2ce
SHA512

948c28e2ddd558d4e720c2d6d89ebcb2cea93e3e5f021eb87a6f0972fd101fff33b068d7d7608c0a01a868d80a17a65a8c630a4ff0957a0c826a842162b97e37
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ophz7040:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00916a3f6dadda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000c2582f78e812a3e77b77c4b0d91f8e5ee7f34202a6bc08a3995f5feab29e4586000000000e8000000002000020000000405a47dc086422e30e07a69f8d0ceab94f243508efe99ca823e37561357a3ec320000000d6fe07b58e20eaa5128202427cf59e4dbc91d2fda98095e39fb77bf2ded4f97740000000550cf7141d5b26c97f3108e415a5aba1a5adbedf114195141e957433d3cd5d47c73a5da7d2189dd8c7da1bc34e7448a789c819d396e192665f37255ca462e1bb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422670604"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AEBA671-1960-11EF-AB95-422D877631E1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000de89c670f15ffd34c973942de127354975d88a9e13dd82ab48b31527af537bf6000000000e80000000020000200000000712e54a152b2251668f72826293c0581ecdbcaebc56922fdc60971605605805900000003921767c9490e40b39d8165072eb8487c0f695bde6c234f2e3e04a10fb1ab808589d64e98931c78c6739dea99043945808e9b18b1718a002b43c4e0bf15ad2350f12702455316039a153ed99f8e74f6414b54b7df29a5e14353a5bce4a52742520bce1b31115e444e89c63498d33b25f5c0028ecb76be3d702390b4c89fb22097d51cd3c275d79c94901c30dcaa951a5400000006927c621b9c1c5ebf86f5fe29217356db8a24fe384493f8aab7ee21a27da0ea821ea4d8028b6564c225df6250599384434778e819c359d018a0950bdcc9df067	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28
PID 2188 wrote to memory of 3024	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6cb6083959a7234db9da19e7a8bf7484_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cd32408b94cbaa13e390a1a3ba775c2

SHA1
0456dd164f850e1a2e8fd83c1976c5e63c4de4d8

SHA256
a170d1e59a052ec33cfb1c73f53c84a603bff07328b5e90888f07478ff8d2721

SHA512
8520d1649657813ca984e81b1aa89e0a3866a87e7375cc0ec1c68fc012b0af440bba5bf8199cd804212e2dd44498c372328f372cfab19584b851029b5117de9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33a6c8014583462ff77964a2307ee7ad

SHA1
6160184ce78e46c81490572816f9bda296a573fd

SHA256
8440307f4e3eb167ad489b3762cb8eba7e5cd92009e643687844b11e6a9031c9

SHA512
ab4618d7a69c4e3a7de91577a982517773ba3700a4f30fb2dafed527172650b7bc57365e844a44bfb80eb44ad1f925fc1d60c727492edef9ea9a0783f0e6250e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78ab4c3e6accebbf41d2bf91a111da68

SHA1
ea86168b8edc53fbd355e8eb62e06739d13b7972

SHA256
3b32716fdbdab1516380548bcd7bfacd14282dac43eefadb631af6f7e06ef348

SHA512
ebd41b71c155534efdfdc5fa91a86f28a3a191ad19d7c33e7d6011ec156660f6c2953396d376826c2bdf2502fc5235f9b78cf6305b1f7fe4a3df55cb71520db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e0559331c37dddda02e2cda924615a5

SHA1
1b297447b7df89309e8600f1b7257f2d383f4554

SHA256
cf67e863982a2bfb537444d38e1c13f5c201a0b8993a62218411d78fdcff9eef

SHA512
cc544a724ecd2c1d9b255202fe0a05a8077ed75d667a3ca10e3ff9189ed186f7867150f733d8945c726e03514df425a66c6a627feeb2cc97d62157cfef774e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1c0a72febc7e51278225d1a72e02ab2

SHA1
e7bc7b8eb40eaa42ebc99444daf7d742390adbb1

SHA256
3b3196e1ef454c9ad1463225cf8bc0d154be1b7b4b5753dac9582e0e9f587d59

SHA512
d10d887921518276f508ba9cc6281467dff177ed80b9815aebf57af3b59b08e542d8cde5329976db74c5356a9c52e1e3ed45661b1ffdffb82cd5ef0cbd7050f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0baf964cfc4de835b679412a81bdb3b

SHA1
5f9f97c9f4d8798ebb29eed12fe39265fd94efd0

SHA256
e6e096b9a750a64cb2c6dadf20dee0be415b53bdf8e37c30801714b287f59fde

SHA512
0ac0cc44731f80915aa78ed0096118d6b8b2423755f09c95fb27ea369cb96058b0e461903e8c920928c353a1ff416e051e1b6c07ef2214e6834cf0fb02a97c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb20466078c3d3419a9af3b3e832ead4

SHA1
063e93433b8b52738988606bc927ea94abe91d19

SHA256
1d0cf3b4da64386e03f2a9a04a439ef828c66504fa9410b2c74b6f10ec11dc49

SHA512
a5820a4daeb56e14bd443a953b0eb1904bea3e4256a0e6201a4dcaafb07ba8ac3ce5bd91896bba8b95f6c589ae34f6ac56587277f44f0b0a7ec4eb14dc815bda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71d9bbeed1396565f4bf6295cee5a068

SHA1
22dd1f5ac5da9cae606d2fcaa51e203e3ef2e6a0

SHA256
482943331e7457b23fa26bb83e385d2763db1b139a84b3d27939cd4d88ba25da

SHA512
d10faa0cbb64bbc24b775defce9a33d7aff0efe29ca83ab727338c7c647f06af1ccedd0f63dd5f9289f945d11d996d16f8abcc4119d269649b90848af406ca00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
149bd287a78c1087dc1c742ff5796c57

SHA1
fe1f67eb0e5ec6abb1909338678f41bbdc5bca98

SHA256
af2d25182ae554b6d5efea61e485275610df21560a96d71096667b232be264e8

SHA512
a7318f641f1ab397fb00b313b2943660e0ae7e6b767285daa1aaea4e3fcd8da5948434f5f8fd3230a74b08502bc0f6037012d9d36f16733aa1cd09be978c6fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
902ae42f818ef1d1b3a044cf67cfa220

SHA1
c9385787f7a9130248df882bada795dab6611a08

SHA256
b4de5c3df8692702ffd1690b004e3f753ad9969c49b8ef735f9716b74789954e

SHA512
0f566775c511d0309414a61c880a97e2150887b18398ec12147680a9fefaab477da9ed5315d28bc69e6d8f41c6cb286d1e21f467bda3a00333a6e5e6734ec205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fc48b44338efea890513e4e30ad8fc9

SHA1
08ecdf28c3190697b3efc0122e00f936a47c2ef4

SHA256
89232045308cd4fb4e703b16cb03aeca9763d2cb994fedb728f8c3e8c4e66c64

SHA512
8950906ebc7b5e377643fc7a8f7bf0e2d59752594163ba07dc86842c3d84e4f5bd5153a3afcc3506dab81d1811a896f1a95b114dd8a94bc2d18cda69a294db59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75575e49bfb4e4aacde2fb7a2199b0e1

SHA1
7807230e470b770def252158289fe3f5d26abe17

SHA256
cf11e68e2dd576ec0825b4d28801b1f604140e9e722f8fd1b96bb13795ca27d9

SHA512
a4300ec754bb6aa9562e8979e628ac81a7f14dc9c2b9eefdc9e8c9293dfdd12f742d567cc653a43c144b20f4fddbcd3c2927737468921196fa1519d2d849dc34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28fcd83cdf5c93f3dda44cfbd9d78fa7

SHA1
a2a1a08dee1d34c1ed0f06acece52c4744398d45

SHA256
ac1525a7a6b6efea46840c0adf985dd31fa1a52014f38118b955cd1ded9e9947

SHA512
6bfc15ee79dc3c9f0d4d6ca39f76a65f90fea8718840d97628d086c2c07ff74136785351328a2d9651638e68593df39c6fc7748f3727a3ced47fce92d47deb8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32e4055f0c426740e69b088f4823a6f1

SHA1
2ce7d5c68bac941a6d2830bb127ab2aa97c4f66a

SHA256
761e060335595ae9df4f8653cf19aab5aaf4a1a1c97e039506d1c0d73610d2b9

SHA512
c498d6b5bb2b9b64ee650e3e1bd689ae69ce7c5d7402ebb3ead9bcdce472f2ce5a0f4f674ce12a348de706b370bc33e1d33c31bf83b72536393b245a6982d311

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c2f74fee48dd9d34003423cced923f9

SHA1
7b19acf238b1d4de599b94699abdd48984705668

SHA256
baf6b124a0eb17e52829b9024bb829cae5924f2fdb72905143a9d07e50215b40

SHA512
4104e5a239266feda5b82892d84bb4fcb77fbef3d4bc605866f4625285eccd6da03c248507be10a9a1b387252eb5223e3ea56d26c592d65ac5bd5c4ba6177b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4a566ab2107f2b7252daffd40f81c1d

SHA1
28a17cffb922ae6d1e17ddcbdfb4f11564198073

SHA256
8e3e24b65c372af6cde31ae8f34059e94d692b88b5217d678e0d472e29354b3d

SHA512
1b8e7f2b90f126ecb06c7146eab5b6ba97a326e0fd11c6750006889473dddf740f68cc6722cb9d44a7b7f92371ef6af8cf0d1dd1484f0890a35a7e6a3b19f5aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bd0d183232889336e1c3bd0a58b5656

SHA1
a1f0a971c81f58bcb2eec4c55e67baa76710d69b

SHA256
bfaad5f415420703685c5dc7ea6bc22f909d06f5a59670acbe1482170b1b4499

SHA512
5538e6e6ef4885ea9ee11245f8d3e987c695d3a58a608990695a4e08f345d25a7069193e483fd5094108f772f2e5eadc7ceb774bf53c3c9e43e72c627200fc03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1CF6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D37.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit