ce7d55c1b75fa0c918336ee5cf5e5f144bcc243964fc7b5024a234abd452b46e

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69e3586eb4afc13866b5cd57262a11ec_JaffaCakes118.html
Size

3KB
MD5

69e3586eb4afc13866b5cd57262a11ec
SHA1

4a4706682fab2d1822346354cb7fabed0fb199ec
SHA256

ce7d55c1b75fa0c918336ee5cf5e5f144bcc243964fc7b5024a234abd452b46e
SHA512

5d954d093631baacc993cf03f13c8999dd20e04f0db4469cb2069208224430f825e8624fd6adcba1b1bb2c6878658abc10bce3c2d85fcd8dc5f9493e9ad91a61

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0887165d2acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9070FAD1-18C5-11EF-831B-46E11F8BECEB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422604096"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000234c82ba17946b40b5b14be6ad6c118900000000020000000000106600000001000020000000e5883dd7f54863202b0712db309026cfecf9155addefb530e0ad83460f61a506000000000e8000000002000020000000139f97222cbbab8341e5a35f9d59f5e6e7ae855b33577707c4c85b05f842d3fd20000000f9b1f83f8d837885f83a588a675aa36ee2214ab84b2fd2d5dc82f3f95599527540000000a0a22d4e03ffc9ff5bb4ef9b063a7810a049ca223386c0e4ec26f620bf28a5fd6e0ad294d9624680e0cc12fe3471e47b0b303df9a4d3981acc086f05b70f0f19	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000234c82ba17946b40b5b14be6ad6c118900000000020000000000106600000001000020000000331f2670d8a0bdb61b75749d3ef9f67f148d0eeaa2ceeddc68f04bbe4cb4adcb000000000e80000000020000200000003edbe7a8ffb837a658e0a451c76ef5c8ed40c39a979d4acb618f5c00d2d217269000000023a181fab4cf7ea3a8aa0c24e9656eb4241cc2d5fdbff7384a7e2a33c0b4d17b18bc48a80220642f199020fa9ddf2072b3789c1f7a1a5cd35526f6e229ad09583c82dea39dce9592362d52b8957bc036b6af1bbcbeca67a270062dd26cd92915aefa03b3d9e450366221e7042cc650d7d0bbae1e597cec90c4e36811f35eae88b323d8f62c39f80cdcfe25f2b96faa7f40000000ac5eead63ab321ed8b9f2bbb30be5d68c961e26c9073d7ae2b526b78250e0e964a2066afd6f288eb5ed0b1ba5af50a97c0d59f82e7c1c4064c52ec09b844d55e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3028	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3028	iexplore.exe
3028	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 3064	3028	iexplore.exe	28
PID 3028 wrote to memory of 3064	3028	iexplore.exe	28
PID 3028 wrote to memory of 3064	3028	iexplore.exe	28
PID 3028 wrote to memory of 3064	3028	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69e3586eb4afc13866b5cd57262a11ec_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8d170594be29159f5d1b68833805de0

SHA1
c89ca654aa70e74c4cbb881a20f4cca4268fbff3

SHA256
2dc635875caf5b667dd877fd11be90c1ed039459da82668168d654e37610f698

SHA512
479fa0b335066a9c9608e85f3068464c2758ed1841241786cf411b165004823504e9a13027b463ea1e7b17bbcf58cd2e9d58e2daf10999a6ff44d2bfd29f1415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b59d437b275eb99e7b778267251bc63

SHA1
bb1b416b490b25dc427e8f455793b3440fefc3c4

SHA256
9d25bd23bf1bd3ac5b9a1746ccff04dbe12b7caecf010d54f53f602b01028a8e

SHA512
f3e22c3f2ba11d4d271bb93fe2b3d0b1f1eba9af9d4bcf74b4078792a0688bbaf1020749812919f1c3516773da5fe7f0e1f6d00e50119fdb427c83b4e6b6125f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd2bb3c783ab8d894db5e4c5c8c12a89

SHA1
a26352d4717caaf7ef1f3af4b3c277c1cedbdf38

SHA256
aa21ee285e298a7d3dd154d7e2caee5a7e23ea780e2e5332a3b1a3fdc9771af9

SHA512
2b8797d09a7e685d834fcbd8404ba362e2c388c3bcc6105912ec4313f64dc421e57aaed7081ff28de4f9dd2c44ec39cd4f16ca9c528f5f069da4289ed43d13ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf658e74d5c2cec7b83fa8a236652c0

SHA1
b9a3ee86115aada71224dae9a2c07a6da96363b0

SHA256
8ee9e48291fabb8752f960ccf71dc4b48fc7c5d6b9466a6e0c8c58c399d6634d

SHA512
57db430ec4460ef989e6c9d087b20bd55c1e1ea1f75ba3ba7da71016d8be9bd0f1c5dfea22103c13c033e24c89f8c6b31cc1ed394984d304fb616edc1ec77eb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8a3b3f8d2c9c8e5d990e8bff872bbde

SHA1
22db85b9e4831227e31a3f8f0055c116dbf3e0f8

SHA256
eba8b0afd1bda5c1ea5a59e89c8aa26a61befd07fadf3045ee44eccca656fb6e

SHA512
89d317b5f24ba56b7a63e8c2ec58853829c42f872e0ac9f8087ddaa29dcd8e94b5f0d1d2c3b11daa67d4e29d6714497f2180bb18bab2a2a8aa4b7f5e7cc329cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35d9e914247a291e9f64005a6fbbf347

SHA1
f870c8904a678c4968e43e02e189fb0b12c4fbf8

SHA256
5ede8c6cd6c0d06fcd3c03ac741ca68ec0867a370e89d33e640d33501f99eb1a

SHA512
282bec9b823e1cc26807a39f21ea1a9b3c9ff6ad89d687a90afb01ac8ffc4ac7d7c9dd4167e1e6f479f58d8113939f302db9d73d03197ec4855f86ac62522a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f59b47db2a73fbab26a32abfcc75b41

SHA1
146787280a2b37643ca4475b2c5058e5c2668b07

SHA256
8456af2d1b049166eab4929ac84e6344f65f34b70dc551924daa1091f6585e00

SHA512
f5b76253a4300b95ae6a8a987aa685388643d4d9d7f47637cb3bd0fc153ed71774029d6eb9102ca0fb5d7584ba42f68e38f434ec6cf4e669bafc53e12888a363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1ccf0df0fa20a5e441e4612102dacb9

SHA1
ae5eecbad3fc937cebe337c3acf3711345328404

SHA256
cf0cd377917e7da5685ee2c10458437c71f65f2df946900c129e47da80ab83a2

SHA512
0e9bd7359f6e35e8616ef10672410244a710f97e1e92c49b44040ffd6b6a1be4d0e13d096f4907502e0b34b089de7fee4d91e12dd15d0651b106c00f9bcc5f69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
287590e60a92bbf1bc015c74b770ad4f

SHA1
4f2d46dd7b119a193cbfcd1ce143128d54d38080

SHA256
e8fc85709b38b5ed8263ead8306cbba08ce8b9dabb3c716ae53e9fda7a7fc288

SHA512
462b49a94fe975f3974885a5cb8caeb3d7b2f016f224440b1fd77c26059def8655f3b1a15847b543316d1bebcc79e164e0451115eeb760cca2fb0b55ab4de81d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea321a03185cc0e04dece863a211064c

SHA1
46e95c38a9a317af6f574c58ef4cdd5fbb3ad03d

SHA256
ed8333f8f504b7100d01f0378d5d2d4b13efb611781aaa25e1cb91298e65e96e

SHA512
0bfbf22a9e65a0516b7954a9281654b777b2e23333accccb430dc1a4962966ef72e9938c9c7963347c3801c2b78918fa56013c95d548e81eaaf574ce29dadbbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0a0a72cda126cb48ee3098bfb29d6b9

SHA1
a28a43fae146989adf8b2042187982ee96ce170d

SHA256
101349188ace11c40b3c6e08b8a3ae1d5ec32c7342fe5951a3df76b357466601

SHA512
b2691ab2200f1755f2bb57c0524c513e60eec504c4cfd02c81b2cca3b6543f9c4661f61b8771b0d20b58eada27c503319c549fbfc29eb969cfebf27cbb324bb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
232c041b2414ab18e37ddd3eacbe0828

SHA1
2c5586c6ba54553e32d0f4d664fc481d90bfd0e7

SHA256
c33ae99a9dd37691649ed43f5ccc90ab9df9e67a5945fde62371a5c023062250

SHA512
e34fd58f1837e1ab26fcb92daf4739fecf17366c473e43c892ac72dfa4656b4808a602db01adbbd44850d319d0a049ee8ef1dbe0fcf6ffc32466f3caf5f00fb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc3d06e27c6bd76c2775f9c069071e22

SHA1
d2bf25ef2300aefae57fc9edf17595ee9e0b854e

SHA256
48f3420a0a04fb788da04de8064b23e20e372cf4e0505c7570311c30e4ba71ad

SHA512
2544ecd02425c4db9a42eb187b5c401aea6ec39347a01a2031d507bb2324a744c4f9451c789655834005140c97b17ba55c0a34f4c5d48c9f74441e0d0f8a570e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b787ef6ddf95d625d8438d6de17db366

SHA1
92b93e7da0fa4863540a26110af63a1326cac1da

SHA256
c27fc218ffd7618b56c9b6a242c5f7b97ee039654012485203e148b9c587b0b8

SHA512
6a710063e15bc11a0e86e0afdd519db329e45aabb075a79455702645e14bc08ef5244fe3db8fa843852da9a8046ec5c7cbb08b571dcfabf670ed0b7dd6bc9ffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d7d9112791c8f26b9aeadfb72e07f86

SHA1
99c1668a5bc6f46f88e6c4163305cda575f96afe

SHA256
3e6d7fff59f706f3b00bcbe51e91a13ac39d62a9b46c4130e5416d1a2c4187be

SHA512
011a0f0354004ee8e785b419bc98b0570399cab39291dc1a8f9d23d92950d7df40cb7c133f807eaccf450dd6765ffb6487c326eb44fcc5a214117688a9a961e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b9e6679bb9ec4d98f2377b76aa63af9

SHA1
2858c3dd031c7406abf64d875e80d81fa9daa2fa

SHA256
d5bde67463877812f0b3b01c3cb6b88cb17ffa6b4165f0fb55f6c66b752027d2

SHA512
6b21af080e6a3a1cd1d725069a74fe7cb8fe7d8edc00c6353f718309e80b386858b822168549d01e42cf126b97b8f0cab9da2dd11662dbb6a017e759a60cc0f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab394C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A3D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit