2d3bea4bb9679bab4219536f84f28acf8ac779ce9ff7eeb13e05868cd54543b0

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69c61c442e5ef8cd5679607321aeaab1_JaffaCakes118.html
Size

460KB
MD5

69c61c442e5ef8cd5679607321aeaab1
SHA1

5e3abe9bf5cfabb361b005b8a07cc510499b66b7
SHA256

2d3bea4bb9679bab4219536f84f28acf8ac779ce9ff7eeb13e05868cd54543b0
SHA512

4f835a0f420dea3f5dc9a2c1f2b6d9a094694bfd162811984f22f6572fa46b76b79a502a8849162047bd6adfe4c066ca0570bac0520779d14582a899ebef177e
SSDEEP

6144:SBsMYod+X3oI+YJQGsMYod+X3oI+YosMYod+X3oI+YLsMYod+X3oI+YQ:05d+X3j5d+X305d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9A047E1-18BF-11EF-9CEF-E299A69EE862} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000145956d4c6541c40961b909448985f910000000002000000000010660000000100002000000006b41f255f9587ec65fdea426a7f79d41d52e6d8c454f4bad93c33f210be17da000000000e8000000002000020000000899fdf12af20df572dde4fc54d90813ad02f7342257f3f569234f903f9c5f9a420000000c87940047cc1077995d3159d3ab6e00247577078d57eee826032f8d9577ace4f400000005718e78eb83bedd72745c4421f46b58ca06bda559062e02bc7571edf98a263d819f45dd228605f1435d8b151bb365a27c4bd1e28071d70d745697f748c57f063	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a2998eccacda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422601588"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000145956d4c6541c40961b909448985f9100000000020000000000106600000001000020000000c16ccc33ea8553ef01d22499a292c75787267ab1c36fcd8a00c1909605f627db000000000e80000000020000200000007b5752f6ba4cba0ff0ab935defd7464ae89f7ddac57a120454ec8c04db83cebb9000000034ff48fe3cad3360542ecfe6390ccf08a01718023ff5514cbd7bbc4725b77e18b17f8bc9e7d34ceb6bf09230aef7b21023dfc1c4f61807d009566d639ae482bec0486211f339c6c5e937cf026583d158fa078b7cb2fe6af169d4bbadead4f98fb5233397c3494fff82165f6dfa28f031a1e78400b464c7f905197266e3f7000d882daa936102b47a333db40920c4b90e40000000fbebaf509ed4dad52a68ed3d4fd89d41d3c9966326788595026ed21d8a12af74fadf06263490e5768a260f1085571cfdbb2eb82a759ce372fd6d1e5e752f1f19	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1096	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1096	iexplore.exe
1096	iexplore.exe
1816	IEXPLORE.EXE
1816	IEXPLORE.EXE
1816	IEXPLORE.EXE
1816	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1816	1096	iexplore.exe	28
PID 1096 wrote to memory of 1816	1096	iexplore.exe	28
PID 1096 wrote to memory of 1816	1096	iexplore.exe	28
PID 1096 wrote to memory of 1816	1096	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69c61c442e5ef8cd5679607321aeaab1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66c4baaff7126443c08dd8a5f3a1144f

SHA1
6b0cda70ba26c34156268e03e92cae45fa801a42

SHA256
7457f990de817dc232a75742996b3284a802c5e5c8ecfd3b01396eb8542bd172

SHA512
cf44649497a888c5d6cff43f8da215e50e5abd9f42936adde466f9fff115a28b85eac9204a1bae4b0a659a936392c3ac69a226d8658100b633606a18b1589872

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9efc7abb25b00bf971e923f18aee39ee

SHA1
88d6b99747399d53fa888d52c21631bed8620a25

SHA256
c330ad6ed16499c179b3284e307ee75fb793307da2e98b0d8adacd6e42e9a3c8

SHA512
3b1e7faf5f3f824f6cbf60165940aec305061c516aa6f1ea0d8d828f759d791ce6c4a957a5be205be8b126a7ff5660cbd1a8b1918865c2539e17e23569233b53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e09a71f51c4f646f18663e80cf40e6e

SHA1
91016b1ccf3338d47b1420634bdc03eb999cac41

SHA256
4272189d9b2fe78ef03a7e64b4d09fefe84a76d3d60726ec4bd982204b0ca070

SHA512
fe8dfc978db9d26720b77351492a3e899f19b6d4534897952514ef311c451c142f1954d82c33a47037c677927ec18b0e539c8f4a4b72d8e3a699a2f45660e3d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
606348b49687eeb52150af6b7da6656a

SHA1
59858d42f618442d2b3badabee3c96d30e0decec

SHA256
0377c15b41c33f236f35f25836c2a84250bfec23bf2ddcf5c701be38c2b3fba6

SHA512
73e9b0031f7816a9e532ba74652c340c1c3c05a01531ee72ac3b65d3150449c52e996373da84ea3d13b4481addcf78921a52e2722f6d58e5ff7bf3ec6674700d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0168ef45d8dde15d944313184b85e56

SHA1
f5d353adcb1e2555a5124cb072921f5d00e71481

SHA256
e4f3fd5b1fbb3327c92ac00026d5dfcfe6b651a1fe4e006b68fc1ffbf0d8b893

SHA512
2f7398237549e1fa3378534cd809fbb9d15711650b46abb9d96098013809c0cf45d7eb34795bd95d928b2f2b78fe0bb56b75fec82dae472e771ddd4e9059ccdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3562f6316cc0c7ef974b2421b2ae33c5

SHA1
c5f32a0c9f5a2307ebc76d1206ac69f8c9eb791f

SHA256
46956c10a3bc793c8adec7e53faf7c8a33bd83a3b3a82099e1dd236793809fa8

SHA512
264d3b83cdd22121c1bac71d2207aaa63eb2ca3f78095b399a90f7f7624f7551caae55d8b89b3b74a99d06e5d4ee8849a0c93d4517c29d71fbf6edb34dd81348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adf7b47acd1b6aca69f7c01ab044cb73

SHA1
b9d74be195b648fa474c31fab37a2906363c49f8

SHA256
b62b165d478e98b50cb60cb0dc0bba5161e65085b406e6a400f16eabba64f7d8

SHA512
91be8429ceb73fdd8df39b9c9b88f38a0908e642c942809e3163c5baf78a43a2bdb748a763d7b65838e3c116b4ffa62a0d044610d6cef8eb4362fe773bfb813a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e2dab735102862b6dfbc0febbcaa28e

SHA1
32ea6d91af0af806088f163ec284f1070fb84385

SHA256
4705bdb205ff27a0b7a65b60f7aef4854ddef31d14037d339cc285b8527eac80

SHA512
701c61653bb51720267e2ea514fc157004694d306987572aad8b9bd5c7e44930c0ac64d9f062a050f6f74a2341cfb777350de165a62ba3ae7e5d2a194985b639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b8f00e4c42d6d3b32cd568347967a40

SHA1
709277e73b2c057c33086c6675592969fae1b3ad

SHA256
19eb4c8fa5968d12f251ab4be85fb4facaa514e00bccc85474478a8819ef9a03

SHA512
33172d2ea4a3b238de8a56b3b4e4ed8b619c654cc080c4626e79416d2c7c7c624190ebfa2d488e147dc1171edb98a789c2d633e2633dcf448d3c364e3b30b5d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88258a627f561455a008ee699e9f67d3

SHA1
9a03195b037b5eada35eba950db2bde853484d52

SHA256
df386ff4dbd90ff07d24ca6fe1e5a80bcc67e8fc626140abeae7a65d8cf9c57d

SHA512
68ac93e403ffbc2fb6c7315ce0855a89f836a5de2e7eca3e2179562167e0f047cc0b89faf978eee005c6150710e431b89f15d8a059642d74971c82783e05e14f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
913cfc30b3d5084ffcbbaef934f2dc24

SHA1
c839907c0b0d76a45c90df6145c61cf9087d970b

SHA256
6adfad6a568b8c5d13acfe3e37de2a2d7ba6abf5674422d516f033b54f015fa2

SHA512
f7e6e7b694431f37b87d4ec7bcd3e89e2eccd3b678d0f89f9d6ddeb79f2385f128bc382494e93609b0894f07009e7da581d5f391a311c496ff3ecc6b4fe28992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7f80c17a0dcf8860e45571d262461a6

SHA1
fade2ff5111d41e69801a7c852d265191fe03090

SHA256
b948e88f3b8f88d5931d7c374bab26504c2f11065ff6ab254384b90da6bff5e5

SHA512
646ff2ae2516bc2f3efde79ee976f087610060b22a9c319de656a07774bc4570580f66007fe371912e96abd30a082ad4f44c92cb92f309d8f51d97cb2cd3bdad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d3f7fe21096144401b356952da023aa

SHA1
b2b697925a26910859f448542f4b12f40da0bf66

SHA256
9929e64c0d5a69585336b5b0c07b67c0609c9b76ad39593870f0c19067a5d4be

SHA512
d36a137ebe0852a179827bd1a35f52ad5afd7053896ac63938d6c4723ada799326a194d98d2d0bde19df4b41be793dda56cd2a246018206bf73d0d5955e53f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca7ef9cd103353325fa06bda2673bd99

SHA1
d55c428df0fb040c5c397df27fef0ddd65e24c20

SHA256
60d59158b81913759737b323955b4b2db9286322fac3c353f0c0e4a1f1cc61ce

SHA512
c02c5ff76770e58852b6739cd7fefb0a8b7b7a45a1ff6273a87adfb2086a799edaae9fe6232c9b83f3e2bad8258cb14626afdc0f9d2a785dc4d02e0b770d6a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd75f7809df150f775f094c7f2aa476

SHA1
11df259b985fdadd5877fc220ac453aa3c579714

SHA256
99bdad469156c973892a5787b073bf255664abac5c17b29d21a4106b8405106a

SHA512
7e79c89eda5a25d5cae5d38bd893076f6113f54992063cd76a800ec1247da58d4932d870cf73fbe08903f78cbb9c7e5a82f8e1c255da28fda9d8e36d2d0bf6f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12b231eadecbbff562d506f13d6d8c89

SHA1
c4c772d9b27cd01bdf58365dce08c2182774014f

SHA256
ccd5519712cf5a0abadbba56474aaad57d5ee615c2dcb47a7ffcfa7885592c19

SHA512
6fbc31e20bd7f9d0d1cb5d11c886a8a3d845311860bdc42a7407849e08be04506250d43f82aa61bf90b9482fb69c97689b6d825749899d4b237f0e46d7a4039b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CD3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E14.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit