15fe9896e43c2578dbc847cc04f7fb983634e7334d04bea287c8958b43b590ea

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691b826cb15046a30cd373cb1d53089a_JaffaCakes118.html
Size

13KB
MD5

691b826cb15046a30cd373cb1d53089a
SHA1

f5a7f387358b9080936d4e77b2e92b0d8cbef1de
SHA256

15fe9896e43c2578dbc847cc04f7fb983634e7334d04bea287c8958b43b590ea
SHA512

479731ff2ebc9f1fbd1c954eafa6ce4d5db64d5c9cdf117738488862abd5e241d29b6403839b33b75cd603a713c518d95327c2cfacfadfff4a0759c843f26d4f
SSDEEP

384:g3XLPDOkeeezmv7BrvYxntFAttSPtCTtMs/ytMPL7ZE2:g3XLPDOkeee6v7Brcsi2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05e6c5ea6acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422585186"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{893E0221-1899-11EF-A759-F637117826CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000821cf02d11af15cf86e08f59054c77635bc8f3aa3d859876d24869982bd650c0000000000e80000000020000200000002ca00d598b142035ca6dbac4ab039c26e6c31859f7079749f758dd2549694d5b90000000d4b8da0d087789fc8f7b3b166271e6e2452d9fa1538fe4f847f8939984feec5df82c24311a29560a47e6473f3da9608f2c9bfdb83efab67d6604905b83727f14fddde515f5b956ba63474ad5e76b6970a846b9036805623eac373d652717982b21f3875fda3464b11ba8326ca877e4e786b63fee5d39a5ed57ab7097b2c9c701c26e0e2ca697349c2a5f144d52853f3a400000008c707f77ebfbb8273e4b6fa3a495c87644a1b0b12f5b5a07e4077e6e1ff4479a4741e50b227e37b0e35f34071003f98a25778ff9173b1416fd2b36a8ef9d01e2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a195da8ca2844b96744d62f45990816ef4ab49345664e6964da8e686cd77e01b000000000e80000000020000200000006b17d48de4ce4d715c9609116e49d678f033a43207f583c4dce99d55bbdd8d4720000000de93014b4c505f119943ff5da799ead8cd41e87fd4852b05bdb5660f9dd5a64740000000117668de62b55ce65062d6c93671733546ec87ab4d976499b8ef1697a16e6b9989480b320e1aaad660cb3d58f587edf5262c05234283d18e3b61f45bac69d7b0	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1936 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1936 iexplore.exe
1936 iexplore.exe
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE

pid	process
1936	iexplore.exe

pid	process
1936	iexplore.exe
1936	iexplore.exe
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1936 wrote to memory of 2016	1936	iexplore.exe	IEXPLORE.EXE
PID 1936 wrote to memory of 2016	1936	iexplore.exe	IEXPLORE.EXE
PID 1936 wrote to memory of 2016	1936	iexplore.exe	IEXPLORE.EXE
PID 1936 wrote to memory of 2016	1936	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\691b826cb15046a30cd373cb1d53089a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74dd6cf1e752523678f595527aa91299

SHA1
57e8b8dbf51d0b4d83fa4471af7f152fc62d9fc5

SHA256
63108eb97e2821da92a552e53c0b960586661b34ad4e8c24520f1f85f7a4e962

SHA512
aba4eb8f6195a36d8e0d64df42c6a34ee356320154dcd1c2ee56e468eb99615ff57b3a6accf09ad16ed9bb25b0e5c27f3a7b8eecbd86c77527931542096ac3bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28f9dbaafa4e7a66d8730920c4a91eed

SHA1
7bf88385ec2ba395096f4d17f7f5d1b43c41d990

SHA256
f2cdf58dfb199994ed3357ea7221e9177bdb56c66d2cab238d35ce0de78ff7af

SHA512
09f11ee83e4fd4b7e052e36f5a47ee7bacbb516d463a11e2c5df16c2952ba186f54fc9ab2e479344d898d5cab1bee98c6d9f4f8dd26434d2b100eef3dc5f1130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01ae4b64db5168d481e3f2c26fa29f25

SHA1
a4dc44275911081521020f7924929bdcd258eba0

SHA256
81a71992b4dc11597d70e145c5bf46c3ae591ac9352e8de6baf3b94e609f6f93

SHA512
0027cb1a55fb0086602021cc2cf57400a1a189c996a7db0fc542635faa17b7473df6f001cadebef79e7bdf3e8aa063f6a475759200208a43ed1688bd73858c4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
768f4fb3443555bc2de7f9e1c2d269ee

SHA1
14c16ee622633237ec05a91d9f846c55a78a016c

SHA256
660a2fee1d19bf5dcdbcb6f47202955f7e0e7d44fabf353f90bc370fe7ef24c5

SHA512
ff7cf3ca51c39c9842d84af15eba66a9894f2e7788e6bb5d85687ab69d6afc8a7c727a163345ff3db640c4221ac9ac3560eabb00a5e13d04a777dee2f7be1fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58f4b6c791e6d72bf9cfe75d3df4efc3

SHA1
5600d3fef5e6e2f5aa032f20ff8ed75254212787

SHA256
c634b9bedc8d588e37fe055d9825e38cd0451b556bbb8414ab0aee92dc5609ff

SHA512
80022a17df2d89b312190a51804cb6b91939073ceda66cb350793a5ce67867900baab774688d46e21b9bdd7dd28b2aff47b2c427777da8ddff82de17abe567ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88ed3e69b299d8959a71f5ef9e272f95

SHA1
06c4e23db51f505abb8a45f85508a097565de2d8

SHA256
813e74de4c6c595f200a6c10056cc7fba8adb4df2e089b8cfb03bc98fb183ac4

SHA512
54bb89c10adbf05235536aeb852239e6c05f1dd09141da19c2a30a27879e30b48b721c2509080d033120a778323e6ac3b115132a5f807df140ba146b0e2711dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6061e7aebe5567e60c9c81d7c969dbbe

SHA1
dbd1ca028eaa19faa02ac713c660f3c7b4344141

SHA256
abf56fa27e6ed2e485ced798adcb864d07a6b9fae86f1035407dd61bffd0af3e

SHA512
b8e2830cf14f4978ca418a8038b1fc4e6fb0b80b59333ae844053ca1111039f1791a5fbeac137da0a023104c064f175ce37f0fe82196d67475e50d66a365841a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b675046c0986c5cc6f96bb60b27526f2

SHA1
4a04fff740e5e856e21cc0c3200d07635832ae3f

SHA256
d5f81bb53f672f88802f311b78dffc1a923cae50459e5e801549c2d27ede8902

SHA512
0e91e22d27fa10e413250d89e4d8e2f24c90757ffd2ca1fa6a70db4c1ef52109e52c1f53c0330dbb79ac1952ac9d469bc8ec65aae215b90142c2bcba8e3aefa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b5229bbf44ae2d93d77619437e2b415

SHA1
e1e3b23f5039ca9723badbd46aae6d2beb7b1107

SHA256
0a4a5d3c8364c4c2f2d1415e83fdd8408e1ece2fcd09670a1913654d79f393d8

SHA512
d70b942497c9c008324e3e5db5ec85c2353e4f4c6e9607196a7ff2137077f2d6433c9050abdace40c9ada7344ba28f07faeafb15a4ba602b9bcf00734bf151ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
509aea9bfb2aea40561cad5c8f181428

SHA1
8ce937f224d53eef018dab83dfbe23d73d270a5a

SHA256
8d85195d2c65dbaa8cacc2e908692be6b890536d495a6eabff0b631493f26d8b

SHA512
cf6208a3aa4816ce2bc068085613c29bfe54875150c581a3932e87947ebabd24d0d1112ea3d9f8c9ffa6dab0e4bef6ebee3c636be0d445b67fbc677bc7139044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
462110513e9d5b795e592651be632c3a

SHA1
9c60dec545a721700d9098e4b89b2969ffa5d8db

SHA256
0d8bb90a8387ec2fcf213772c45593e7b8a34047569c46ebaa2e25d8218be261

SHA512
1b3944350a9cebc8a58f55b889c6e39d8c6fbb39c01c735221fd585f8f95d2edb57034ee844b3ce4b3e0fa2e6a6120e60e8a0a2e22b0b9a09fd6faf88cf6787b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9822ad9e77dfb263013c59ac8b55c388

SHA1
2ca77329cb86a6ada51f595a8cad0d4971d2e9b4

SHA256
512b7fb59638ce5843ea28388a987e4b415cf553a88dc43bdda45545716358e3

SHA512
bb23c6780df2dd5e9763ea8551a4ecd517333e5121a48e574487d20bb42b593bada82de55efdf45ef13820111e74e62045d3297d825abb16f58b8dca3528a739

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e90dbb4025c4317719826b7d24b93325

SHA1
13ec6c32e58cdcd76145260de06fe843d8391a87

SHA256
93b09657a82d398827166c88d9f0ae1a82e7452a2bbdbad22316e4584530e63a

SHA512
49e96debc53a7774125a2dbf14b03d70770e2dac67d589bc097ffe7eb3e8b5c4f138be11d193fe130f8b85a457158f59e502d25e82e0e0fcab928edea0fd8dc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5ddb1ef874c08a08f3fc5e75dc61b90

SHA1
41ccdbfc3cd5960985ddf5ad477e3fe244eaba7d

SHA256
8ca7642622bcc11d4bfda589918dfa68672bb28a54386e2b896c36a9ef25b77a

SHA512
ef91181e20b0bae359b7fd4c35d334e1976e7e26f9c428b79b1de9115890c40a87cc9a7e195e0528a6c98ec221ecece7b283b6c9db881fbde0a0f1a2ecbb4ca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32ba5da0b8e0b8d1795be139406223f2

SHA1
5471ad087f1c2be37ae88462051c931341c500ea

SHA256
3fc5abcd513b2c7708f88af8579e120254dfa6e86366bc798f4033c0f84c32ba

SHA512
8327e44ad657fe0c5008a65d6b2bcfbe0251e4db17cc21c40e8646bad4c652c255f2ef1d64b00f2e9ef993e89551299a55a7085479fcc2c58ff555ee8b3340fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58dc0fc920952a1d6be8a20a442c8e3b

SHA1
1a605be06e080568d4044edec9eac04ecb40710e

SHA256
743a6a97f389c5e2dcbb19648254288ff5ed547e72caa0c4fdadd61b4eb5fea0

SHA512
dc27a8f65590523072c72200aee8743a8f88685522a8ecebba2d65e85893e074e0ef6e24750e45836c628d2cbb565cde8a95c083789a53b9d6411de0c177f11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3554.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3566.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit