e875b68ce099266b6aa53ca5cb432586666e0590c571d33def41d8a899e18bc7

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6951614f4bb0d21add547d427b2f53ad_JaffaCakes118.html
Size

22KB
MD5

6951614f4bb0d21add547d427b2f53ad
SHA1

1fcc1e04f3dc21434c83646ec8cf5380dffd4393
SHA256

e875b68ce099266b6aa53ca5cb432586666e0590c571d33def41d8a899e18bc7
SHA512

06a3973d8ab8150f173c652f6a44abf30d041fa8c4ea13d2c74aa865d072429206e298df502f22bedec2ac6e7772241f79682e9db7845e31204a146d86edaa8f
SSDEEP

192:uwf+b5nXsl3nQjxn5Q/TnQie6NnxnQOkEntBpnQTbnpnQmSBxd5xHMBaqnYnQ7tk:wQ/oexkP0F

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26E67A61-18A5-11EF-BD6B-4E7248FDA7F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000005d7da2a67526e1807d221eff3d09ee2f152c7416eabfb25913ad8c89cf82e3a6000000000e80000000020000200000000911944672293019abda90fae694ef4b0d70f76d579915aab30c05de9669c49590000000e89893b9fea6b347def45f14d989be277287062d8cd2f30f95e32988c7d6b0c9ac31525a7b20bbbee15db3980a096e5e9466f374248da1a56ac912b88791c19ed1b64b1d189da25b61b3e76dad92499fac895c02e02d5b1817a042df3cfc7d7584be0a06900f3b05a25316b4aa9bb47b0cc3694c6ebff2fc69dfe3fd318f92d71dd90b3ad98ecf18873e44f144fa243540000000c972c8a9b461e7f7bef16231e964db382770cc129d232deef85d4fee09ea361b750eb1f34581d8ca902ab9a019db2fe20d97245733f8377d2d6f8e2098b4e8b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000055cc20943ed447722ef1631f067142bb65112886324d8c878f96560771bfd216000000000e80000000020000200000001844d87da1eac3d8882356a8e503ccf0d916e69666c276601b30b8ed976767c720000000490d1b4870d489f734a160020b16ffff9595fbba074b91c682a0ce807df2005b40000000d98ef5eb91d292d61c1708f7bee3b6105644d15ad4e1ac3e066c6ed38959185aab59603e5fd278ecba216d03e1c3c86b666e8842c12230837022f4528c304f5d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808617fcb1acda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422590174"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2100 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2100 iexplore.exe
2100 iexplore.exe
2840 IEXPLORE.EXE
2840 IEXPLORE.EXE
2840 IEXPLORE.EXE
2840 IEXPLORE.EXE

pid	process
2100	iexplore.exe

pid	process
2100	iexplore.exe
2100	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2100 wrote to memory of 2840	2100	iexplore.exe	IEXPLORE.EXE
PID 2100 wrote to memory of 2840	2100	iexplore.exe	IEXPLORE.EXE
PID 2100 wrote to memory of 2840	2100	iexplore.exe	IEXPLORE.EXE
PID 2100 wrote to memory of 2840	2100	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6951614f4bb0d21add547d427b2f53ad_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ddb7f6a2c633218e294beb950c3eb6ee

SHA1
1431af9d250be105f1c11e8c374f261654daaa6d

SHA256
e586b44c7bceddc80d287b85b2a5f1ea539def1e8d860683a8dad3f5b92d386b

SHA512
b8226ba30139049f58695f236efa5e6b3810dde05d673e57a73ce12df945024ecdedd312e2978d8139d2459bda7f14f0f078433000beb02dd6f5416f7d2da0a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
89ecccb6813d8dd76846369c1f589a0d

SHA1
6dae02941a03a36639a63ebfc55dd9cf4c70e240

SHA256
0aa6636686c1bae092345b00f8e64e51d9392b86634223eed94c4e2802498900

SHA512
abd23458531eb8f70053cd1b8a1ffbea280c5eb41bba2bd8a2d72fce3790da5d22e72ca60ba41b59433c01ae034b91af6c425544cb5ea871a2deed45cd67fd9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6a2292ebd58c0bb8f985f8017f0dc650

SHA1
bab02a91fb795b17bed85b0ee120d964d7143765

SHA256
278cb51454e7df9906ecef964c3bec5c0650057c0a1a97075311befab9f118b9

SHA512
74b2b04ebd363a70a3e1d2f797a223f4b5f3e4f53fd707362bd2b5204d67941e649988b69828176dfe53b49b73c16e281a110b6e8e5fa5a2fae48017fd6847c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
83a2f883953e95b2c2d2523e6a3c3ff5

SHA1
99fd6d5fccfaf80183b005b50b173d7ba7de3cae

SHA256
2cddd525c176ab1cbef512580d49b78e66a8284baaab5b579584155b5cecadfc

SHA512
46ea2660ab62fa4b4c76bf1575c2d2460f61e57519cf6e6c4e60de6139f99c533c8ee458a2d141c9252cb6b0853146bbd77df9bee3d67bf7e6c175a9e18e9e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5522b4949c5ded3892ecfeb43fab439b

SHA1
ba511bf4655e26bbe05066da7216b8ae6f84d4fe

SHA256
c45d92aed7a6b64d8fc40b7fffe83524f936f1fa0d9f66115d09ba8b95a90c1b

SHA512
f0f103712f148c6afe25b3dfd8550e40b6ff3259a7974bf71dcb7c3317861c351f9c05747ff9c4bed702d1f9820974c66b5f42a8326c521d554c32f604f3af5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e32146786af09518df2a57278b5bb484

SHA1
ca7de92b9785bf123d3b85fc0074f9dbe803ecb5

SHA256
3f5de4bbf9a0a8d74369ee2545696574737706d792c297b89a9e79cea197a17f

SHA512
fd200cdde95035d8d8ca34754dfe8465c684d8fcd01161e72c8eba0eab5232698d5eb6d76419a8cd2042cd42047e2d5feb07a5f368804c4571490aa7fc4f778b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
df8feb4e378cbb0ccefa2c6b0bc87bcd

SHA1
78d6dfd60991564d463955d5dda340a29a8a3827

SHA256
af400a5558047b574e890847a9fc983094809104e9339f307c5e95acb739b727

SHA512
fdb4f10b34670ba81ed31407d7c7ee018c3a35e1afc588f238463c0a60e1d835205001028d1984b88c6c921a84ed98efc8b091f18934d451c7038bc7ac56a18d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d7cc676758214e19ad154180849d6a3a

SHA1
0592332611e3cd6ed2334e505882095052a2c424

SHA256
f2f78b94feff05c3820517c2b5d8413af4f79c2a8e85118b8f4e704be5e365f9

SHA512
9d3fd945e7fcb35288222c8915ee4f1d394e42a98f2b368088207b80054a6dfcec45a4db692857b8dc3c6b6d5b5c63ce14fc738afcf6d5a4985cc80684b7411b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e543378083599fee309a8deb4dfa3d81

SHA1
aacbf5ae3100bb5f25f90b67990a07e38875d649

SHA256
1084c06714f40f0810f574a536296f9633ec902f2048282c76fa4269b6b94894

SHA512
903a44876dcdaf1c0d8ca3c77302266c4187d950a840094ab84df16299279689aa92b6ea4ab968b1fb9a1123716d95c965062427e16262841e4a484f424d8758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e53e6fe5c9a7c6cf436f02afa67f2b32

SHA1
b98a0c0cd850378efac696be1c06350cfd33c887

SHA256
d375eb2b44cd9108f493d3afe3a10544ce70f3e8a19b9d8d4020e49a4b6a8865

SHA512
e7dfb9720857df74fcee1026b6eb72b716e7fee7d5169f30789e0ecd8e20b47c57bb1895e577ccdf48b42e9367d8e3f43f501ea50ea6c686818ca0243e0ddae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b72b3f92f6aa433b13f77596621a2742

SHA1
73eafdc32712dc5260957f25f21ea109873f349a

SHA256
5680ca563cfa00d54a8af59fc044bdf6b6761186f3c19b385207f54c3ee298da

SHA512
711e82ef2b9868019055fedfdd68f65f9d9ca63dcf88a5140b5ff0199621c50d1ad758803f5391d983831b6c57feaea0c0e11f8e7d76a0018dc0e3042ef3c257

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30D3.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3144.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit