9c4736414cf3fa4e65f327b975b20b65677dbf8c5967bdbd2b2bcb848180569f

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69371aa802e8e8cde670bd818fd111f6_JaffaCakes118.html
Size

70KB
MD5

69371aa802e8e8cde670bd818fd111f6
SHA1

fb087d6ba6d6c491a3de04482f42fb0419c9dfcf
SHA256

9c4736414cf3fa4e65f327b975b20b65677dbf8c5967bdbd2b2bcb848180569f
SHA512

9bbfbbd29c2007fae4631b01ad03534878673149e87572c3f6292dd2bc6cd6c9c51787f351bbfc73d01a370c437852fdf8c3e46b2920ea22a4d3eaa6b04148ba
SSDEEP

768:Ji2gcMWR3sI2PDDnd0g6OUZqdSHywoT2e1wCZkoTyMdtbBnfBgN8/lboiGhcRfQv:J8euSSNTTNen0tbrga90hc+NnhVJ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CBB3121-189F-11EF-A18A-FED6C5E8D4AB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805d5a51acacda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000007d837f72d853bb9d94bb30ea844819e27a0283e524853fc49b7a77962173a854000000000e800000000200002000000048f2b619b4642f017df395771ee48bbf4b0bf1c263e1ba459b82e77625084e6d200000007c1cd93f58f93de5e79b0af29cabab88ce97e470df4472941d0b8a8a3504f5814000000005a36e6c8eacfba73c867534cb17b51172d639b2d79224b376d505226712b69e7512cc10a0557fc23d3351efbf98e11acc4dd7732b56745ba51e96d32479f0de	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000d1cfadafc2699ffc190720268b8bc97a6164e0a98ee4a4e982aea91a7c212a1c000000000e8000000002000020000000e5d97283afcc1dc63cdcb76c0fa11a7902d36f5f85c744fa882599dfb8e88fff90000000799dda98f92daa07e6dd9980e47924de753027d3f7a6b659de38bc37ebeb31adf55004e48ad566d03cbcc15d1fd328526dc8c7594298efadf2127adb0246f5752efde0825fb469b91ac99d3188a776943f0769fe5dad75ab3d06aa640c1f35c3089c737f85cc850eb37ac3b5c122232f9b0e658420648309acf05a8c6d1cae45c5affba255ecb125a57bdf5238a6472e4000000030b9beb14580f318cd0b6c354263d9caa588f07f6a3704e2fdb1bbaabf0b7fc01109813a258e7de656e653313712f01724492c2042ea15168fc2c2b136fae805	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422587741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1944 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1944 iexplore.exe
1944 iexplore.exe
2928 IEXPLORE.EXE
2928 IEXPLORE.EXE
2928 IEXPLORE.EXE
2928 IEXPLORE.EXE

pid	process
1944	iexplore.exe

pid	process
1944	iexplore.exe
1944	iexplore.exe
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1944 wrote to memory of 2928	1944	iexplore.exe	IEXPLORE.EXE
PID 1944 wrote to memory of 2928	1944	iexplore.exe	IEXPLORE.EXE
PID 1944 wrote to memory of 2928	1944	iexplore.exe	IEXPLORE.EXE
PID 1944 wrote to memory of 2928	1944	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69371aa802e8e8cde670bd818fd111f6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8bc822c62aeb1b26f2f9d9823109d2cd

SHA1
497ef02e76f2b0434eed018bc89fe342ea13ecef

SHA256
3aaa0bfbaa25d1343daa45d417418f743f887e88f1d782e97ff51e115a628ded

SHA512
26eaaac01f211c3a05eb9757c9e9ccf8964f3e7381e8bd8513998b31569f8d6270b77dea446f717a83a5faa868b975fb4c12c332f13676e9a718b5683c694333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
25c6e92e0cc31a5774b8b1a4e895cb66

SHA1
fb07030f3bff000eeca7e0da4f2d71bb1eca62d5

SHA256
6fc18bdd73afe045777b7c13884c464fe501de0d9319d612437cb0352f4af667

SHA512
130452e0b06182ed658720d2db31ae614532ae51f342b569a4b2efd1b3ebf5e4943b9fa26e07ef085344f00b016e73a940b0a9e8945f1161dc9d4413e376d429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d726f496ceb4e0364c487fc3f7fd5a5b

SHA1
29d911510cedaa8436576c53e008083fa01e1e5e

SHA256
5ac13e97182319b3c5c03c9be14c87353848b348c5d44aa25accc484adae3490

SHA512
a8d4771b2f178574e788e3ebf54db3ae3819fae2a7ef5c847342f5a2936dfb21388e9c2d3c39dae19e368476b079dfabeb1b74ed7e367250c849fe9dac39c189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2d5b91b297a69f8d84f3f13c296d0177

SHA1
2cf1b44c8e0f21bdbdce2e23d1a32fdb5a9cd394

SHA256
e9e60ebe468335032b4ae070b849ac1f3bbdf9587c0f64857dd46d0a365cdb51

SHA512
91a88fdee35ea17a9cd3b4604aeed9c542c4801d0ef8da079171d9e43e72b67b5f6f5abb0e2de5f35564ea825620b925731104198ce37fb76d263cb077bdc38a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
41248dbcc70a0e7daa92eafb54ca4b04

SHA1
be8be97d757938bfcdb5c274d19f29b34e56b6da

SHA256
2dcd39711ec40072daa4c14d1f4167a1091e95acd798ba7642dec8b63bad8a60

SHA512
3c632c782e6e2f38c94f1dd7d9a5aa565e0eefaa7e2250ba8185a8863d6b473dad26756a36137cd7e617eb9e6e4564202d4e0ca81318b7be852640ba8e0349f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
287a479bedc31da76f6a908043571397

SHA1
e79bde17c6c972194019a38868bf013dfc6bafa2

SHA256
09a49a1caeb7bcf62ee0792829d74696dc0024ce8ab3a93830675461e97e2385

SHA512
f8147d3dafdadfbf3aeabf56f65bf7f0ab378a198cffd4736a015e876dbb0c75dc677f70d7d30d53d0f85e5619cc79fdaa30b31bb16ca2ed5a482b3e74e9113a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
884748c0d19f405a76131f2a244ebed4

SHA1
d6e62fe80cf1db444b198c677700e7c27997bb1a

SHA256
42e3d4ea35a1c3938fa5f7e75c3da53ebdc3e4afea4c17fb7869ae150ca57756

SHA512
feea4131f1a70e4d69b187fe1ced406417ffa2a5fb5ee7d7263f7a49bea61239989b3f8d07f66078c22ca050e814b14e86c8d3835a3652c1fd79088c015c4503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
789e713fe8e688f42473a98a326d3218

SHA1
70b7d073ea6e7b34dac659b8a5585e2fcefb5373

SHA256
f46c5c41dad1c1c02e15c7ffa0ee54d4023d502dd58830ed381786aa35b97887

SHA512
fe8126c0208def52c63a64706b822aecf176fb05914825f4feb09e97803be6d9e59cf182dd1f89d1dd17bcc158b578a2c780042bb61b6cbdbd1aef18126798ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
83502e38f1c4fd666189ec370cd15bbd

SHA1
48d712994612696298c8233c55a5777f72c95f69

SHA256
ce64cb22bfd303013ecdbf7b70819530eb16bf02682ec1331fc4707cb8640ddd

SHA512
c76f301df41ea3c7bfa419729a46bf539cc3a13138f05ee7514a7bef8c87f0c5a5f188919938b6e05867f078231957fc7930f8a7f06dae30014286b3e2172939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
80c060216ddf7d078a88ae6a70c137c7

SHA1
91f262189b7367150eee163667f6dc2580bba0fb

SHA256
dea0b24a0058da978b82904a349b9d1e4c8919886a2c8f965edc1656e5fec5a0

SHA512
57b10f587b2c71d0744503977c7f12bba406e65d37705fe98e0230c9ddf69db5fa2527f03724f30984effe853a1218f3155b3ec0b5de2c3535a4afc4c13a8ff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
37405bad1b9e589769e501ceca0f7930

SHA1
cdad25891ccd5df93785e8ce1e900a027c75888f

SHA256
95dafe1b4d5a56787b0a2381756a710e37f9d64206b02dcbda2bf6076a18c10d

SHA512
669d6cc78d211f6134b9f0fdc78a353d9319a5aa67d478b29a78c86ebc9d3d9805553a679810e629f9eda8cfb4eabc92c4219918d5e50d302340266a744cb449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
577c06b741b962d53fbc5a6b6b3dda9c

SHA1
71000c4a3f5c49a2d913a8122dd30eb9dbe31373

SHA256
fe0fefaef2b4278a74c966ec558597a8412200126a1131da5c5d9db5ceb8c035

SHA512
7bc37f3774a0903bd7e6cb27422830c03dd0a10826d5c47e70fcc9bba015498ad1bb335a638e9fea87fa0d8d596f446b3a5775c5d27021d48eb9e8c0fd12aff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fad2f622f6013377789108c6adbbf61a

SHA1
7c50e7394014be585edec7d5d3ed7df486f43c51

SHA256
c3dff16aeb554a4d4b832c14b04195539cd937c152d76c540c54b72d9ff0f917

SHA512
52558e340b672cb82715627b248b3c05efed914b83aa2ee26921d46bd3ed38949527d8500049cd7e0a36cf32071dab6eafb25ccff4cf56c2f5132be6a2c18248

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f84cfb885c585ed42be5d98840939c33

SHA1
6c6bf73e5dc3b335495a74d4ea5029f78db00eb8

SHA256
47f1ae7eb6c4c18b7cab71d39e77490db4222980a1747f15e86a04a77fb5692d

SHA512
679620900008e89a7b551830186e79aec63d4ecaceacb064a89a7699d9a800368c272d067d5655e9bd54c600b279c7d441e8a5abca727e17c059bf41dd29c1ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ec17168d48b442ed5f0fd04fe82d5481

SHA1
f27c7f4a09212a131ebbea17eb5ecdbb89d24f47

SHA256
fb301f4260a4657c62d4f069bccaaecc49e8d0af09bd5dfebbe15cefe023fc54

SHA512
d34721c45f53d2a2d9577c15cd86c9bad2c01b483808aa96150faa6637d92a3cc2f032bb165ae197fa4b309325ab8f39620fcd3cf2d996c24511c0925610a5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3DCC.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E2F.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit