9f2deb0fc05da12d8aa1e5c06f42660a47457ccf9cc419282a36bfbc5d5e2fef

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6930be8184d8d70d9177adfeacaaad20_JaffaCakes118.html
Size

2KB
MD5

6930be8184d8d70d9177adfeacaaad20
SHA1

013e39080c1cee58e97859cb7f1d8cff96a2f236
SHA256

9f2deb0fc05da12d8aa1e5c06f42660a47457ccf9cc419282a36bfbc5d5e2fef
SHA512

fb7afc14b0ce6986c3413087a546371b21b49e21ea36c7693b70f9b9631ae39aa167a0b575b50cd133937e4dbe2705762055d70a49d0447591cfd8e8f50907e8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e72bbbe006ae03a2c3767feaa45064129f2d7cdb04c01ed767c251501e320505000000000e800000000200002000000098c0e35ce3bb9425bae2be3b112e2e0f2c726ea5de6bdba4acd5f0c5aac7a6bb90000000f6f58a800b1889f7341a219ff2be1a33242f8b4cf9058407afec9eae1ce6763aacd94ec4adb567dbf19d914915c412afa12a124ac6c4f66189b37839865e9cf217ca4006e1930772f0e12b90ba74434458aeab695e9d9f6c9e6b193e690caa5e2db501bae878b42df1f89ebd38e05d12a71a9a91060d3c68569f6d3061153fba5badcb230a63566a9a2ab23684299505400000002d1e269f02475f23ad08f1ffd40c1a3671c0b384448bf78b578a1838fc8fc1937a7b7c9eaa181502266d9a03ecb36d15a5df5c03bf37404fe576c40857526755	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422587140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f0dd702a2bf1dff573b61be1842adc4fcf61f099856ab61570eaf529e70ca215000000000e8000000002000020000000423be31586bc3a4c30926229f5942c9bfe2af8892b99d824ac1d4d4f1603bfb920000000ec0e10fdec41e36482f13baa6abca62c5da882aea418b0817af4ca4ca3df26ec40000000ab422ebcdd9c92d9e647c405fc3306cfcfa4a1340f0babc244e26b9e062d385d48e1418a9c28f9d0b4c90c118fca7c60252d1e04150a81fe4b21da1eace2f3fc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15EA9811-189E-11EF-A0CE-F6A29408B575} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a88beaaaacda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2944 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2944 iexplore.exe
2944 iexplore.exe
2588 IEXPLORE.EXE
2588 IEXPLORE.EXE
2588 IEXPLORE.EXE
2588 IEXPLORE.EXE

pid	process
2944	iexplore.exe

pid	process
2944	iexplore.exe
2944	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2944 wrote to memory of 2588	2944	iexplore.exe	IEXPLORE.EXE
PID 2944 wrote to memory of 2588	2944	iexplore.exe	IEXPLORE.EXE
PID 2944 wrote to memory of 2588	2944	iexplore.exe	IEXPLORE.EXE
PID 2944 wrote to memory of 2588	2944	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6930be8184d8d70d9177adfeacaaad20_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c41a929c3e3bdbb234eca928681f4d8a

SHA1
40b7659f5efb704bae694b3e8ca0fa023859ace1

SHA256
918f9db60c34e6ef791ada2c88e271f2ed06f82e7db28de0af50feb71c8d84fa

SHA512
ba2c061192363e73859c67a0cb63115dd2062cc3bc3365d1f9cd1e032dc55e3d19b9b0fc3e0253f3ffb0b3efde21d82db802a8f631eaf3192198f7e282823904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebb6f5d3d75dbfb94273edc623ab6d35

SHA1
781574c34ce8552995dac6106e3f4425397c8e37

SHA256
907c8b36791de564f838c56cd124e0c89dac2471688a60c9f09d9c875a161ea3

SHA512
e95b55a6e37be17f2e495a5a876f5a51bbebef4ac28442403d7e2b550ba756bad28773d8d6def32f2c25687ce6289c75c8e7d4dec7020e91d657b0bd479c94da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a78895cb39c56f1e9893015d6dc3b36

SHA1
e7962f81df9a423d32aef404733404593ba77735

SHA256
4aa7ec5d802612a6ac601a99990d543277610766e4a24433ca9e4bb438a1a105

SHA512
b195ad205199752722091f4d4b11aaa6069a9b6215d757a73675636aaae3f5e6bcd75163827db546ebd1ca6ef8a4647cacaf097242218ac485251610d6193cf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ced0f41fb15741fedbe86e36e90e65bf

SHA1
25c82c9490d7575bb9cb1f0e851147db9338dda2

SHA256
6035e79131204da7cbe65812f5eaefbbfd916b58ea9060a5bd2a7ffcdd9e7895

SHA512
6274fca843e49a4afda47f935b8b7a1e82fcac96bd1b4a4ee70d9e2a24e1b8cdf00fc1966eddba88f3a20bd3d3b815f137baf56a0678cf84bbc9d9631f4f595a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f13121480486a18bd5e3138ed1d463ac

SHA1
c1218eadd43d0533564d547508be1dfed873aa0a

SHA256
d1b3c29e4c906d009a636be2c336efad3527e9bb79c70ccaede99e65942a9097

SHA512
e8f894ff76ca0d0e70466ecebe1a75f75582bd6a56d091e21e90e178f1e331262e48cd1d0bd1259ceedb9383d0a21adb983a9a7be04578945ffc6ea2dc8ecd14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ea3b8745fff9fb92b447bc19d4b6915

SHA1
803f3aafc5f09f5cca1c027418484850cb89ca46

SHA256
79afc62d2ca79044d81a44cfeb067476b3262ad54dfde233b04ddeb8c47d9d5b

SHA512
fa83fb6aa01ade0238cb09df894f537d5a9bb1070f2e86c6c628028a8221e2e16de3c5b7858ab1d748b7ef46f159f242f861f85450d867ea7b4dc5a552f5d09f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1222beb3f338ebf9054270d936e13e5a

SHA1
db5a37f690542396490c594dd42049d6c8e0f664

SHA256
253632e833db2d593d617006414605674fb4a669484828a21018ca3efe913e20

SHA512
e241d8fc4d7cca2e57e953ef69fb232de8844017a7e3c385ce8b803d3b6e1614aa5d425493295880edd4ea5a5f9294d9022c2d14d5b057b19d0a44cce1092cd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74b139d2cafd1a1d2a76c16976c40890

SHA1
71143d293b28a553f00584ed7c525935ca0d7663

SHA256
32bc6218150a927b81670bdca5cd1bc718836a099a6941232b66e82e046ab4cf

SHA512
33c1f31500cfc800a94547b1b597b9e645034d9d0e8ac390e629b21de2a43460f71792ab2062d61788cb9ea3811d829e40e5a9af053778bf7b4b8de433358565

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9971709cfeb8e35186c3cbfc9f2a57df

SHA1
bdd2618b355418a74ef7b017786eb341a87e8f65

SHA256
0da10b211693ded67ae2deb59255dea79c3a87d4e0635ba34d026386b2960c4c

SHA512
dcd1ad7be9001b7b5d27705595e6dcd3e341951e580da68d487429e6cab4d9350000a285d1b199099c43304c58af51290a1a1ee9cd9c08ec0d574623a24aa12e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea8f2374db11c2028fc6e2641df5204c

SHA1
48e5bf7d158ec3f1b4ec8c811fe1a4c7c4c08d03

SHA256
b777dd4a68fec39188cf971b8c6e822fb8c8a46ff802ae9fbb344418391cd88f

SHA512
0bae353f03e8dd554589f30366c640ac5c118fd4a75212e7ee0b45c7e39d8c0665c98d1864f02aa3d567fc37adf035d1cb1073eac2f668335261156c100c7098

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d557775a244f37f808409c05d1089f30

SHA1
96b08042c0f1d75114819e3873b33e9cf0f69da5

SHA256
7aad5aa75da6faa9701220b3ca0dde26bf285717dea5b42c27646938326685b1

SHA512
e2b2b7d70fe5d20b5326bbd872cf50ba0eef963f9477126bf14d60b221766012cb2ba8a303dd625dd0e37844646089d796da85dbd0ecf5ba9b63e572a0be9fd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb5050cdd906108d29568680c65ba6f8

SHA1
fcdc6e7731ed6f8ba840bb2ed76e81a6d44efe9b

SHA256
9d737e071bed93e859d949f7112f257db951dfbfede6922e8a2dbbbaa04f2ca7

SHA512
e3c4c8319740548e73ec6d88f2d6c13334c5a8d14672c19baf5a267d0a0bfd8803bcb7afb91616eb8fb50c05061ecbae8400431f745fccaec7b13fb4868e0b87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23e3673e76ab4bd58722e67bfcbd1114

SHA1
52f3ce953da08c616875258dad947ed86a10956b

SHA256
729528973344b40cbd4eebcc64d96b40c7efbe48c3637759adc8119be30286c5

SHA512
03ddb6a277f5da84d18b0cadc45a806834525df13e83cc7cd6e1bb051cc8c2bbc9f66ffada3699eb94c7e265bdb2011d734298baca1f3e8602e94055be76476d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46885bc0a283bcdf9a93a97166c90ad1

SHA1
3a0202db96c598b14f7009fb37514790a7327def

SHA256
3a34ee1240bae05c284c967ecc30d8daa8040afdcb4014bf14403c935270cdae

SHA512
acaaec5febbe9787ecd613a56f60678a61b64cfc28adf1aa4083e5ca5e91fb8f05ab10a76b41a7e0fbfa3d93bf5a95e52e330035083ecfcbcf23f79d11ca0068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49a314c6f52304e9c4a1cab98bbded90

SHA1
eea263bacf9f22cf55659d11c14e67dbb2714b02

SHA256
8a6478213a8afa61656e0f6f7763580f1447219edf7698de05921b2d1b4e78dc

SHA512
13e68b179e197ec6b7155c27f7dfaf483834405e134f2ad9da76ad1789cc35a17ec3133931672e7634034f8d4e275b1eacdbdef3b2cd1b70a54aedb2dc77a2d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d2f220fdc07213d227f0ee2feaeb453

SHA1
2e691c04207eb4b414e5d3f0c111bf51764c7eaf

SHA256
6e3774cd90db106b0d4c21d39629588d2d849f3fae046abaa84d4b53d31b34fc

SHA512
de084db2dd836c7281167c34fbd82ee61dff93bf860fe3444fc65157a3dc830b97862d249a4238f42e16ed8fc0a1f9d8eeb373608359cff75189650186896d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3323.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar33A4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit