db021621608192ce8cd008c4ad0c4d9a97f698f6ab9e8798e074b8ea0e6ec93b

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696d69640b13411cc102c040485b7716_JaffaCakes118.html
Size

19KB
MD5

696d69640b13411cc102c040485b7716
SHA1

11fcf924d321d943830f0e01fea4eeba51167ab6
SHA256

db021621608192ce8cd008c4ad0c4d9a97f698f6ab9e8798e074b8ea0e6ec93b
SHA512

4693c58b1563ec2ac506c0c857d68fb9c70a150763b236c3e804f8b6c899862e9e3b91519b9d416ef083f9902420d0e4d3d7e448ce0de5664cf9f41b45c84373
SSDEEP

384:zisK9f+75VBD8cELi1+mhX1JLQ6bVfsa96uIF:zix+9gcX0ml1Jzsa96JF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0902eddb7acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003dee429083fda0458ed356c6a979e65f0000000002000000000010660000000100002000000008fe2b9499747427a00a93192fe8ecdaca9af0c054f98fceaa0f8c3712485d4a000000000e800000000200002000000030f522a727b238503ae83f1c52b198fdaae7eb911533d28d6889c95365e9697b900000007e6d270960183936d49e64b7fcbe2b5d6da11ee2c1412110de4b6c713912511a2d2e0ed2f1500921ca3c86cf6bd203ffc88e9b63a669d7cff7c84d05d24202e70d5799187fd764090c504848733291171285795110d638c458d29b2a1e029d36e13bbbe4dbad3096196c71344be40bbe13a6b0e60be9636808dacc67957e0c2b8731529abb9b1d9db02e89ca0fa3c3b84000000039347d1debe158305ee159f6d706e1fb0badbd2c35d80b5cbc887a8739a68263dc7d6ade20c14607e84ad6554986cfc34870e9a519f877cbb78cd479bdca0656	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003dee429083fda0458ed356c6a979e65f00000000020000000000106600000001000020000000357dcfb541036e8df91c3ec0537de05b2b1ff8dd3709eb0705ad1edf96cec818000000000e80000000020000200000003d36980019195ca74359d17d0988f879ca4c1bad9aeb7ffcb8a00cce9e9ca9d72000000098c3b70637e074bb0f49a145eb63e2d48e0b8cf8a8c6ad52830523aafbe51827400000002454ff87f60beb27dc9a4a2d1928a825a672c33ef0b5f381a91c0d1622231f43b38fbe7b2972d4312444162ce709c75f8d1aeb780ee48ad15a39945f90245232	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422592701"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{088970D1-18AB-11EF-83FC-5267BFD3BAD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3028 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3028 iexplore.exe
3028 iexplore.exe
2228 IEXPLORE.EXE
2228 IEXPLORE.EXE
2228 IEXPLORE.EXE
2228 IEXPLORE.EXE

pid	process
3028	iexplore.exe

pid	process
3028	iexplore.exe
3028	iexplore.exe
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3028 wrote to memory of 2228	3028	iexplore.exe	IEXPLORE.EXE
PID 3028 wrote to memory of 2228	3028	iexplore.exe	IEXPLORE.EXE
PID 3028 wrote to memory of 2228	3028	iexplore.exe	IEXPLORE.EXE
PID 3028 wrote to memory of 2228	3028	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\696d69640b13411cc102c040485b7716_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9947cf6a24d9e6246b3d162068973fc8

SHA1
dd6dcb7f50bee96728c12afd6863e68c4a73f16d

SHA256
f217d1e14134dfee1305c23dcedab03aa5bf19ce62eeaea3c90df3a57a24fe5a

SHA512
f9802c23770795a1b3e49dd5d01d2d58b2b8defc26c29bd04b2e5fa345ff8b64957bbf0b4ae0f8ff7462174009c9b263f9c2bdd81b6cc888b9c09137c5b01bce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b1bf7f3431c3309c38ac11a587856cde

SHA1
e3aaeb7fda13135af985071e73fbacd9b9c4b831

SHA256
847a4eb989666592b9e528d87d12bc3ca5f3b24d226d5692e93bcf29209448d7

SHA512
0a873916aaa1d2bae741bd50580e5b2e398e14c40f3faca50405ef06a7a062ded446728c6851cb39c526aabac0feaccf4ad7e209c8a7d514544b88b125839b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c82b428269d1896f5660b0b1b04a4a94

SHA1
d8b92a01daa796f6dce8b462aeae889b232beb93

SHA256
84066885f5e961761601abae9ebd81e8d3d5e8f0bdd2d9543893b81f82027ecd

SHA512
92e9771eb3afab86adf1196aec8589a2ed2c6cb59fa98e0eeb337b826745fa02b2c9a85de75759fff085f37b9f77a71fd6086d9b3ed054f293e974000afd2f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2abe58f8db49e8e563b32c50a8f798ec

SHA1
3c53fd6a5a10f203c406cf20defde7035f59e433

SHA256
3469880c48a11c0ccd5a7586f71d72646209d79be66322c287a6df15205caeb4

SHA512
6d706c5f91af91abe55fc9c23f31c0a1e1b80bc722eebc6b8c5721e476dd117e1fb62df36ad44fc415e771da3a1de08163c03de5432248c03780556a1cade2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e5e0b1ab5d2a5dee492483343b27403c

SHA1
5a6081d0779171a60bd3fcf3063ca2ac868b3785

SHA256
74d9e7211da29f4a8174059358044e4f5939c4c684d4562f120687e3fa0f5dc5

SHA512
ef0ec5c454f48168325f4f35896d77a4366e83e4dd747e572c986a26cc5350c46df60095253b7f8fe09bd7dea8ebffd804e4f9a6e8e8159036013c6133f540f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b79bb961b30ba388075f7350556ec0a1

SHA1
dcb889b0b63204555b6bd8610c8eee691934b85d

SHA256
7f651876cabe6e318f1b9be877dcb949af99d8d618ce98c37505780be1fca743

SHA512
fb9a4bbd01ccfe5c08d4e3563bcb81375e613d4cf8b9160104f077d3f5c73cb3135d3ac3c8ade0dc88819ff425b7d6a2bf235fd117da29af2983d908543112ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fb0b94ef9a90e5b9ed414620d34de822

SHA1
de00b6d0a95bf4d1cec05ccc83e3ea996532b617

SHA256
d4ff852dedf3b923e5bca4a7bdc9b351854339150e5b119addfb345d6f7f4684

SHA512
b8d625a64290680d6e9119fc938ade699ad06be88e23ed327c448bd3ff31825a6cef333f8671ccfb2e1c9e9c25318133c9ea6e4bfe04fb34dad516199642c343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
49133931821f73c7fa3882c58e16effa

SHA1
d8f950615417e1b1b581829afb6aef9271c5d4b1

SHA256
374f16e8dc514193acc20ae265f92d5295b2e47389336003279c2101bdf083c2

SHA512
61255d4d95c4f2a4a24ff0f402a98c626db76a7ced5362b279a73db5f61f49796ffb14507b384fd10ba7e35d209afb52da1d793a16e609c7c2c8860019bc48d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
eac21614fbcac461a4c71bb82940a432

SHA1
adfb25ce5087a58ceb03d8ab39226aad9311c5fe

SHA256
b89876267bd72f3608e715e2b3e1ff5cc750ece88f38cfb541140e0ff72f0f24

SHA512
7be676f6054eb35b1d418bf4a9bec6b1ea2f45936d45df45fdfab0767f9c77e8c8972bd8447a5f7abf56c59c4af64fe9e7864a33b7fb3470601b2488d436b097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
73ac88144085f1c4020d48cca17c18f1

SHA1
a61a25a58dcdb01ca8f2591f6cf83477bf38fe3b

SHA256
414d782232510e709bfb9eeac80c365ebddc4d1a17d84ebe02c79003af29b883

SHA512
6864770ced7caaf6250e8fd1adb2fc2c2d187e34ab80e750bbd2f97aa1bfe28f41dd173cc80603d2bd87b038549f5487c07173f6732ca6b3abc973dc814fd7ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9015438f0983656e34c90531d32b4f9d

SHA1
68db74d22ff923868cfcfb339a9481d586c52a02

SHA256
7f0bceae219cbb4c16c70d36f40758ee104359d0264295107fae86e9f92fd11c

SHA512
87b36bc62491f232aed13016a6d62f59bdb599952a5995a06463e90e950f1b84cdf474569b05f155ddbb196407a6b016a3d975c2ab6a72b029fcb48b71af7aa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ab23fe889a8e84e9abbe7354751295e9

SHA1
fcd758ed58be50ff25c3761f06a42fb5afc9c287

SHA256
c6a1aa2d71901b13e8ab05006f8a2fdb9e1198fee183f1ab8bb6b2516814c6ae

SHA512
adbc3764f94b8dda7cca94b7ad12f51614889c12a4e14576f2baa42bb25456781da1e1678da08395fe934747be6b59be93c86ba63f102d0d8655c6969d4f748c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
015109fe387feac0233eac563395e65b

SHA1
08b59b0c298e28299f9276a97d385bba8a66e38d

SHA256
ffbc99f502ab231c3c37f1853c49ba824401c470de83918283072ca704320a15

SHA512
adc5d085da5caad2a523fa3363a6a6524e460e919fcff34969276ac76951934eb2373a5e1ca162517d5ebe755b319dc6b5a43c6e42346a7335d90900e514f9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3ac2015740109c6af362985b4af0f80c

SHA1
5ec38717f8660f0821d9f4d217f421bead379c2a

SHA256
59873aea45cb9d84ab9e89a5d55b6d15f371afae2c7d05cac09d566ddaeb2dc7

SHA512
f52feeabc58f4f7cec8af5201ba0258607a7118ca8ed92ac7e6487b3fd13bca0d3752ea677d441204e2dd3b3abfb0b64bd93e66ae020c7572635a806a88e4ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a37a9d8c80ba989e5b34e97f0531eab8

SHA1
aca2a159f9e39652326ea936059693eb3508fe59

SHA256
fcc58b3cc1c5ab4ad78dbd3321a1b00a793a6771d80a41e423e40a2eff50b3e1

SHA512
7c6f97378e2f578b983542b239356587e1f7a3f20e5c3ed67ecbb7f22dd99972634f7cdd2b4db5911f3de52e8af07f33f9cebe1437b311c55530512cb7b45e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3007.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3157.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit