fd0fa99f41701c415ff1910be5346d0c29a4943e9a7f4b3f9231207b3f8bbfb9

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c379f55a6f4fd52a219c4eb2d395d51_JaffaCakes118.html
Size

110KB
MD5

6c379f55a6f4fd52a219c4eb2d395d51
SHA1

0914d2c262860888c1d10af9d1ccc1a2a382066e
SHA256

fd0fa99f41701c415ff1910be5346d0c29a4943e9a7f4b3f9231207b3f8bbfb9
SHA512

d27a36e79f73a47edf27803027ff2675d31d4196d7de478f78e19a60ada00d9e77b7f55149f99a2a9c2aa65b5c8aba7a87f3dc63c470c512c11f5fd9484e641c
SSDEEP

3072:EGl23Ok/YxSzippQMrc3+hyBoSTSYEeectHpPojwe6tMa/R:bLoZMrc3GyBoSTSYEeecwwe6tMa/R

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000008efa5e0af243f621a73e20a1b3305aa3a854d07971cf76648ee42b7d64aa93b2000000000e8000000002000020000000763f82c49d51078cac607eb5a3e684fc6fd9645fe97434ae6fcf788b41920dd52000000068dff50d65ccdc00295d9d680a4f6ad83d6289932610e5e80c6d53ec1685634e400000004ebee8b5952139c24204b36b8bbbafde9a62d230624363d10aca6f5f23e9a876fa58bf3a51745ff71cc6d266c12e2300f8e5adc67d8b64f7d1eb3852fd785da0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ee6b0953adda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a28599986880dd73c5aa43e9b480c85306ac3b78d557b46d9c19e4655b6060f6000000000e8000000002000020000000ece28dfb49ee0c7c224e1331875bc7a9c728bbf79e9406ae6cef8a1aecf67c5c9000000088458c506fd58e5ac5bf256df81de355908d2a69cc6b53963877710ab2cae5965eae5d1b1df912035abe2700b0b12e79b11fa7fea8562667d10671b7a559d07cdbf2b0a44607989e93ff39193a0025284513afb0513a07fdab4b82edf2183c1584d485b02cc8906e09728a11024391e3b6d948c242b1ae2b4cd65ea758b92aa00cf57af380f5b764b782492aa0bdd69c40000000eefbdf7fc7b8d5633f01f50b2a1ca1579a3d9a37434cb6f38ac576aa15be1ea98306102b79e3b39d81cfb1970034f60d8712625e9537c482ffb53f9a8d36f732	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34A319A1-1946-11EF-AB84-52AF0AAB4D51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422659347"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2020	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2020	iexplore.exe
2020	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2600	2020	iexplore.exe	28
PID 2020 wrote to memory of 2600	2020	iexplore.exe	28
PID 2020 wrote to memory of 2600	2020	iexplore.exe	28
PID 2020 wrote to memory of 2600	2020	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c379f55a6f4fd52a219c4eb2d395d51_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
741183c8ac54cd3412afcb4a6a1d7f50

SHA1
51e98dd159d21e3557edc8eb81a90fb5399c15a4

SHA256
9fb11cd345234d2d38fa089d8da8433952c755b7f7f27eb9c90ba5e7081aaeb6

SHA512
c9a18e4439b76ff58abce1610919f47897492dd0191c1d5dde5f9994d8a30be1aa9ea4f35d3ec25946e495f4c1a5620869f61f634429c568c7295c785b23202a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab7d4f55ff893e65c428a5f38cb2eed

SHA1
52d73eb4ea41326319f8986a6b86461dd271d475

SHA256
e04558a73b24683ecf9f301a9830a61c27846699c2a58c4af92b7a721ff764e3

SHA512
37461936ae65b274e808433a5a27902fa8f991fb3825999fd18b4a8386532422e5291e0ef51f8541d44e8bf3156ee97e3240db876dc3a8a902cff7bbd560c771

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84c31f9ecb38b3005d2f618779bf7558

SHA1
36709aca574a2194f084baf3643dc71fd16cf18c

SHA256
7c187c331507bc14473a519fff6eb59e750446387d6b4336b05c9b50b4ebcc78

SHA512
f44c21217a9b64071044d0fb1a9558443a92a244fbe5cba39d0385aac9f784774b9448d7a0dab50af90e5c8069990baa0ef97114a4324d766eef9ddcc27a47c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e1f8aa4894d7c4820274af82a5fe807

SHA1
6640d83491cc16dc33a80810432a4f398de8802e

SHA256
ffa05dd238a05d0032a30cb6767b4c0132c561b4212ba90b047bdc26b1d8725e

SHA512
109a6ca8d46c1b5d9a9711531121cd6a692b3a1a82df6166da124d83c07ba9bebe2a08e47e987b8cf67dd000239a365b614b546848a188b5958c0218e52dcd75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
165ce0f40624d7c7c104aa73738e76d7

SHA1
437b5712df27efff5525a7a03b33e657f219c646

SHA256
588cd683afbe628de220c000f47aed4399894d19641ce55027e43b255950bcd6

SHA512
89527ce1d7e57bbca2c259d27210d3b0f6472be359ce0ca042eec77c8a3cc17073277a55a2861f317b8360a369dc4a6b0a4ae68027c8667e28bccfd0f3666c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dac3a3efd3f5e02a8aefd103c2ff3f85

SHA1
b1204e42de97303767ff8beabd665f6470f26953

SHA256
bbe45a0cd91c5f9eff7c27c573cd099095569ffb92e5421c179c3e569b3bbac7

SHA512
e0f7a3b6fec11192361ae3460ce6cfbee5cac5bc52c0b1ebc0dedd6b0db6406fba13b95cf0301e7b4f2d0cb5353c71902f2e058053456e81f9e6ad8cfa20c66f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd3d7c57909b89cd7a670025f87c876d

SHA1
305e905e942f26feda39933f452e50cfa223bbad

SHA256
bacd5827ca6c7055559c819380480ec2bbae0f79e0501086e5a8903611a0ebef

SHA512
e9c76c611ed2ddaab67b81f370c39ec3199d98f8528388be2c9e2d7effdde53857ae07af823bcdf6f81722fac89f14896b7c4b26894830da7c90073d7f506986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42ac7668730681e90047f181a7c00861

SHA1
54ce242b32fd23ba8db152087cb1729df4889d46

SHA256
1ada074ca7c7235b8410006f684daf34b1fd3a463ddafc59c8c6d5272e4f8c99

SHA512
69f1ac8b17dd262cd44bb81fa3d1749894efdc2d1c07e518d0ef1c56d1ee8e92a8c833f53cf0856a924fe035fdba3b2fb0d8739b1fbf7b6343b288bb0e51f1ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d6fecb2ff2a105a96969f796e178bfd

SHA1
7b8cbf1285c89cd2902f4c3c63b60cf1685bbeeb

SHA256
51040cd686a1be32b20ab9f0cee44d0ab9d73d6b014785bfb10ed6c83cb83a23

SHA512
cb8a8709fa8e1279fbad712f1b2ad917e43d4d927893522977c228e4bf4629904c29d99e0afb1560478499b8fef46ed80b4f161dec1ed33e9d1a877685763540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c29487b5d991c656eae08368f9f42ce3

SHA1
01dc09d82cd5434b2b750494d39a9e740fdfaf66

SHA256
1a794e5ad220b93b82c14b0c06696bbfa79bba25eeede30da22c2fcd3036b6df

SHA512
755b392715f25222a7a58fa29ea42b479238a8d580cba1313622d9d374c09b490cb95ca10491b142243376927b0798b8998d5f3e795de9ad749a09190d2d921b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35aa1cf8d5d1c8def1468f3082e1ef88

SHA1
590798624912b4c10bd8baaa1542891c0da8bb2c

SHA256
aaa499e532338c865e55baf26036fa1467fa30d2f84b099c37fef9c240f10915

SHA512
9fbe6e671a9dc48c2ad9b20a72802a47ea79c934404e27ac74663e77ef0b91cde45bd91d613bc2e63487d1c8493af67f279e9ff08d2d1eb4074a1e786683ed0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb467fde301cf2c3c2eee1a5c98f699d

SHA1
64346c8cdefe44742b90ca9739c9e4f74de068c8

SHA256
6f2f8a1a20395d7ad709912756be0ef7307f6855bd1bda68a37078f581a6086b

SHA512
ac11f03157208026937b9ef94f5cf0078839e966385198f52d9dc69e64b2c899622179f558d0ba368f83a872d3cab01f8e8def7344a3cc1f003615ed27b94faa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
366dd879a8e43f3428ad91f07107318b

SHA1
466f373b12a024c475027c5f4338cf37389feace

SHA256
58462699752039c656cf1762eec43ebeeebdc75d9b33dbe120b67b7a14e4994f

SHA512
e0715b5dbdd97a78c6527ce6497cec2a3c069767fa35f4892b89c8e205620a449e87ee2c250dbc426916ee3afd07a96c3929dbe68fae62939aee92d3e9913fd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4390298df9edf67d7fbe3f10c067ba8

SHA1
6049357d51af2bcce9142d45913975d789ff6893

SHA256
c66a75401c81c03ab29e21ea782b6f4c3ab3b53025658fc1bc03ebf058b20b6b

SHA512
102468d0a6aedd36fe241f762a91a4780368d14dcb75f5d540a2b0c42dd6e6bd3856532c76baa96142b2fc7a5e2e90d51f5e8173c3642aca0879e0095485537d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c76587f93b5d50a599d8516cd64b216c

SHA1
ee24c02d57f6bfc938198c65edd7f265f7acf620

SHA256
ee73d1146d1899c3114f385fe1fc260a379aacd3a96379eda040fb828208c09f

SHA512
cd967f8cccb069127abf24f0b7c5738a4bb785f268fc9c5df83ed58f0a359ec01ae5e20fa3cddee9b9c8534cb121555e598f7b1f7cd69d081c4e9261b1faf7fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75319d7ef773998c84eaa01ca05bebf9

SHA1
9206bb757dc8443a5e430e7dcdbd3a4ccd732ff9

SHA256
520e7037d42f75584d1fc49cdcab298c8a21a0bdc76588fb82cb285436625e27

SHA512
fd020b3b8ca75e73a4b6631679f50963a0e02ef5bdb89bdd8c4eb6a54399ed6b4624484e33a250e730186cd8d542abca2bb5fd6771456383cdd0c234dab2424b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2915.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3ED7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit