1fada978472c230cc222fcf7cb64d0abd02b3f3353acca2190013b08869c4f94

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695d1cd192cc4d7afdda64c7d6bdd905_JaffaCakes118.html
Size

448B
MD5

695d1cd192cc4d7afdda64c7d6bdd905
SHA1

e9873223175d7cf70d4bb03f778aa81750b146d4
SHA256

1fada978472c230cc222fcf7cb64d0abd02b3f3353acca2190013b08869c4f94
SHA512

2feead2f5d8e6177f31d22a355678b6844e7575d3b262ec8a4be8518d84ebbe19b8bce17d6d43cc94073424dcf9139689ce266df351faca2c8b5ea2ddf314435

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B72C0071-18A7-11EF-86DB-FA8378BF1C4A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ea556ca9feb534896a3339a7587940000000000020000000000106600000001000020000000173a58c16fd65242bbd6037aa1f8678ccf0f6453f58d1b3e0e8694fe5350466c000000000e8000000002000020000000e8534b5fbbfd03ae5e10cd9e99384af3bb88f4a9aacc12d0f4ee62fb2569d19e900000006f35c8905214152cc61c685d07038345c7b654424b5748685113b459dd0da161cdc61fa785eb6231385d0de5da1b617ca314d94b6950b5d6cf11ec6ef71d184dbdf3fcbc2ca40fa73fef6a5b510db40e28df35fe3748b10dfa08879497114c5c1b9201249c5cc1a89f0a689131beacc829447cc6c68bc509a38eb65f0c51898a9a4ccb10507805a64eeff2640ad5d10c400000004042c8993b57942418a10a02f6a5b4170371812b14726af8a5066d79f46d7b10e47106bc9522539f892ea9a63aecac993c8b14fe9f2a7b16c7eb40132dd4b202	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02fc079b4acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ea556ca9feb534896a3339a758794000000000002000000000010660000000100002000000095242c6021f74203aef093a7ddf44de29a3fb16bd5b4854d4b677690688a556a000000000e8000000002000020000000718f6ecafd9e24573d8de81e576c7a83f9ae9143a6dfb73c086c210f80bcda1520000000dea84725f283234f7add57687eed857623d8b40e3e429228a9246bc5ae1af09640000000ec38dfb33a17e5cfa2851c6242a40045a1c4856bfcb9c043a117123954c5b11a73d87a34ecdc7f74ed5c1fbe14a16578cc256a313ad266389710b9a55e2af2c0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422591279"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2388 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2388 iexplore.exe
2388 iexplore.exe
3064 IEXPLORE.EXE
3064 IEXPLORE.EXE
3064 IEXPLORE.EXE
3064 IEXPLORE.EXE

pid	process
2388	iexplore.exe

pid	process
2388	iexplore.exe
2388	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2388 wrote to memory of 3064	2388	iexplore.exe	IEXPLORE.EXE
PID 2388 wrote to memory of 3064	2388	iexplore.exe	IEXPLORE.EXE
PID 2388 wrote to memory of 3064	2388	iexplore.exe	IEXPLORE.EXE
PID 2388 wrote to memory of 3064	2388	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\695d1cd192cc4d7afdda64c7d6bdd905_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
499e6f46004eaa7684fa8cc5a2c277c5

SHA1
8ab2150adc68da7259ce9c9f5a9022f90282521b

SHA256
2ff9df4c265e282f8d0cd14f8299c6022372a1da136f805ba84230b9c9793027

SHA512
624bbc172e18b85c1960671aee7e6dce1b032043c203867004cd8804d3954bc8ffc947409492d395f1467728cee69bf0961fb196e077448d70f1c8104782a904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dc9788db969c4675938c53c7e37fa71

SHA1
acd4df9daaa016a5539bdb3f7e930bdff7eafc92

SHA256
a5b75097a7cf68ff28497cbc067fa1638f0159659dff26325d21f7da287ada05

SHA512
33ab9f4657c82bd2b0b4224e4c879e92697c19b3673a8e344af1b931b430e25e6c12410d8063ad456d345e7ce7ea10606bf2e579fc41df2efad9c6e812d3dafb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c90491834aacd619ae859fe2ba0ab673

SHA1
2eb611f80f1252c71333dd1fc1d425aa24e19e8a

SHA256
7c9ee8938c75d053dc5c518450e5e1b90595bb6e2a8eaf78d0ac96dbfced9a47

SHA512
6d22aadce0f1560ae9f1ba3ebda773e8f855226b9506e46be03efba06bfe7899b70ce06c2c93214db80887e40669644cc75d5a60e0a28155fe46bc94ba7b8f4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dde1816a315a28fbed3b01b2058ea011

SHA1
1869d42d622a4103a51a2df182825e0a28f79b7c

SHA256
5897a4317bb8fb34c10365499101abc086d8518e4661b1c13c86748093d728a6

SHA512
ce92768ab85c4515f622e95a91e9478c171f5907c67712af4aa982a9e0048d2d9f6d329e5e003a194f2c75bb6db811278554cec470ad24822f542f8ee9906934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efb7f1b9a4fb0be1f3102036b63bd4e5

SHA1
bbba0d776628ad1cdb15e198ccfc8a01e22d3c32

SHA256
f619d97c686653c4b1762fe1674138efcb42902e82d2c347a89ec88b33cf5892

SHA512
820725998f664e313b294b9d7bf63cd54060131ddcdd6a78178ab8839c348e04f392269c5230fca22a7c72753f64cc92bf789a5373f3fe80cbbac00b56b098a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8be1797dbd24d942a816adc09a911f7e

SHA1
94d79ff00d1797faf6107d927b30306855462aea

SHA256
1526ea482c915616d4ad706e3949c41b65291c92865ab9bf0bd433fd001d62fe

SHA512
c0fbc3cca357f1c9aba72cba1adb497c9ff0bec787312b571b50e61f9425103f3e83ca648238a04bd8c79641af01a6c15df22ce114dec140c2bebb9106b6f6c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b80e2340579a9ae578c901106871e550

SHA1
373a41ae9dde5c9bc4a9c36b5b37dc097ff5e7c2

SHA256
8d01395d56fd74e14f48c5cf980b4d0b3bfcedaf15488c1572c0dab18b98edf9

SHA512
3b26fe62e98aa59deea8c8192c3687de3591f056f7d7b68cae251064966a322a820500da413c0b8d2b71e4429e461d33e944b874c730e65ea4bde32e2eedd232

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d02c62f91121e84feb66d6b3cdd1f91a

SHA1
daab5850902f87bf1150221d85817c264c6671b2

SHA256
e697abc54ddb4d055c664f4fb04385487eb9cdd970dbe087ac1363da348989fb

SHA512
0b9ce40c3d76876112e1761760f2964a16c4688913d2fe9d5ddbcc867d7ccb432eebedf7f869ef571c70484e0d6a4cd54c41820209c06d8ac28e0365b579aa77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22154715a4317287f0f395aee7c345c2

SHA1
4db86d57e8d4a22a7c151d726a4b199d8464d5b0

SHA256
a5af00ca11da106d75056fcef5b7a7fe707b250f83d153e4f97bb85cced14b44

SHA512
812912d87196bd57b6d91cdc29b7fbe6ad720a783118d577fcab816dc92fb34016b8c5bdeac90af0a0668658b14ba9fe833cc17043acb7af78dc8f6b5cd8d695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f178e3d3e2f4ff7c728d15092dd0c2b

SHA1
b71b868dfc4f2ed2c18c282dbbe28e3a696a3cc6

SHA256
b8025f6b6b5ffcea87e806d83b25c515ff0a5865b6e7f86131996eefc4c4a3e8

SHA512
a4052e31f3e7b9040c36a78e274a6e6655ba8577ff460575feaa0b682a604e5bcf80d61bfd68a54a5e3e32c4e8453a68f4665e3cef641cfe2d7eec64dedc6c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D4A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2EA9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit