85bda07aac995d88a07b6e9c3a7c36522c86088fb9ff730db965200b9d77c65e

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 21:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6fdef05e09392f0581e4eb693dbabaf8_JaffaCakes118.html
Size

204B
MD5

6fdef05e09392f0581e4eb693dbabaf8
SHA1

e042c8758c3529e635b27d97eadfb81a86fac1b3
SHA256

85bda07aac995d88a07b6e9c3a7c36522c86088fb9ff730db965200b9d77c65e
SHA512

03a0cd70c58a2dfdeaf03a1cbd644bb12faf47112364c3d346f203e2acaa57aa850ceddbc7a4d660de225aaa1dd3bff1fdd5f3ab93ae62b03b61bbea2a028e7c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF72F2D1-1A15-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0a9409d0f2a6a4b81e35763d326448c0000000002000000000010660000000100002000000067698c95ad159d6b851e29f73ac869f9eb2dab9f60772f90b6f592fa350e2c78000000000e8000000002000020000000155f6a6082e07d6d91ac95524f928f54d36c7e3b3e03161434b41cfcf02d4db9900000002c517a8be1333e14ff34b9c26a0646fd0a6e304d7cbdcd7990f5d45a9ecd49818f50f4633c49620c85a30e29f89b2bdb7e0a2c4abfea55e1956ebf9202fad61ada34e5a56a5a53dec580587b72e78472f5647be90ddc572ef381452ef607869ef3f1c27a6d1759973dae30cbf5c5c7a3c315eadb834c8a0365152bb0e3674bb60d57d9a2590c2be49fabac269ff08df140000000503a2697264e9c0fbdddb713e48e1c70b0690115a5c50169fc0bff0ea039a9ce989bdc5c3b0a16d9a60d8070498def62da00b7007f4803562e51dfc2475fadec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0a9409d0f2a6a4b81e35763d326448c0000000002000000000010660000000100002000000011cd34f96b5bfb99a8e91e1f4c83807f4b125cc3c6660e504976b2c4cad478b1000000000e8000000002000020000000011306477e5eab435076badfeda2116a38055e9f1d925b7ec3da5bf51c3f51b120000000ae2027ae3518270515b7655d4add4109058644d843fcf26c160f8ba0a1ce21a7400000006da8c3b5e0b0cc3bcb72e4d38e44a447af7782ed36150409b46bf2fa51b0df0e625bc5a81c3e25dfd90372c42d854cf25fa25043a095d9669f3ae2286d0b3640	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422748567"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04e6dc422aeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1284	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1284	iexplore.exe
1284	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 3004	1284	iexplore.exe	28
PID 1284 wrote to memory of 3004	1284	iexplore.exe	28
PID 1284 wrote to memory of 3004	1284	iexplore.exe	28
PID 1284 wrote to memory of 3004	1284	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6fdef05e09392f0581e4eb693dbabaf8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0771643950bdae845cb06a71997a57d6

SHA1
8506f9172fa7ccf9dcb1da00ae6c2f8de9bb0918

SHA256
d877779e9599aee5a698558155f9a4cbcbac3c24b7d5034ae97193e50f169532

SHA512
79c227b999e76884ff99799e1ef918bf87b46b625a4edab485cbe79af842eb3050f323b6c387ed68eff8ad3d0228183ad04293065f5908b7c829424423c564be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe61aec9b262d05bb2de09ad7959426d

SHA1
bc0742c1b34bc759ea3e69779a61c2385a2fab42

SHA256
ad52538ffb57dd2bad8107f12718d33dc2b14965e8a023333e45a0a4d8d7e1fe

SHA512
9aa4279082366ae60c81eea255be7da651e1c71d23138f9c5527de3d9a415ee57303b2017afe084acb8da4e066d5f2048be7fd7163d44eec93fe5accda36de80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9db3012104cbd8e5a78acadaa5be1370

SHA1
8161e65a65e754d938deac8670e9df0d6009392b

SHA256
94f3014ae57fbafbb5267aee098fe74077bcc0bd1f537c8141378920f5059960

SHA512
48542a7c3734bbfe4bc511d81829539f95b5371514f9dcd9833ec351bf2fb14b0ea1f7d5198cb6d6c20c24eb36732d27a5b061ad43147192f842c68b482ca9d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f73753f40f703bdf1b70eed136909ff

SHA1
01b34c44cdfa1d06b017b11c160a9c7d6fb801c5

SHA256
e7a8281a1b7302328f0b83004c83ba958a5d5e076436a895742a34bb990b9764

SHA512
5d69a731e8b0db8a2c7a5b7a8c79b235f3e67fdbc2f8a4069be8a7043674a9c82d1adedcd12426f8dd7f5b16ef7ae8f02db1e0713342589b63d4ae236a72ea5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab3fba72feab89a1088ed5f6c6c3ef62

SHA1
bd32258f1ce703fd7686327468b12063a67169e8

SHA256
8eb90a91ba16d7305d3f4772f83193409261f8e9ef017f574963cd3a8bd38902

SHA512
03f4315d28f5c59204c375e674f29d10bc18f5d7c8049ef0a591cc2de2d847b70c5422c26ff0281b61b151871ccbaa3ba9c6333dc1d6f9eedb59708b11d2e473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1d8ad95ca22967e4118f4c77df54cb3

SHA1
ee52f94aed90602d1ae1d4daf63d0d997283781f

SHA256
eeb97fef81e1e9867fe40d52902aabe43832172070464a132621fadfb181e454

SHA512
24bb5fed3a042d341af3662ffd44c14ecaa0114ab0168760f2c8f0e7bdef430b6bd09a584530bdeb1470b19d2a1165efd13d6b19a8ecfa3fe767289b5f3121db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5691d97ed44e06287f71ae3fc06821c5

SHA1
53a68ed0c9b6554b27682d1a80013754f82877e2

SHA256
f5f8aea2e85bfdd632c6e208b0613bc5bf22a45b062b3accbf3210714b9f9fc5

SHA512
9bb226751b7641a378a42529a7379b531af5ecf38cd23dadcc77de384e2a5c29e5f210b6f6c53418461f6c88ee1436252d6a7a0e1d94c0747ef6c7c8b865f271

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eea01baf8b82676b49f77b302919dc5e

SHA1
e96d2138353aac6d1784f5a809e0b25056904ea8

SHA256
6c63698c70d6b58406130e9ca7f6de19ee432b9bd08a387880ce08d5eafe78d1

SHA512
31de9f4c5feb2796fee7835b59520ccdb203bc2ee2f4c234720fa6a927857cdc01871aeeaa425475e234630518b0085b9a320047d9f4e516beebf9bedf87abc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4015956becd5682eb4a02ca5732f32b

SHA1
aee76ec7d28d44d658646e44a94d0c6d965ec7ed

SHA256
6d264caee59dc5e9cd33f6f61cb879a003a883ec36ffa9b1f22361e6f3d3d5c6

SHA512
ae35f2125cb869f6658b3efc08cd5851b46585e8b842146be19927d4248dac14a3d9b3af2bf52836895d410fb0552b3cf8eb40c179d8092c63038ce45a29ff4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb8953383274709635d451bc0c9d32d9

SHA1
7b8c167ccf58f9512d18169b1e122c3ef92c163d

SHA256
b3878080381a4ac91965801fb9705284488d47717c8f66ec3de095bb9016756c

SHA512
58465bc9790d61a47c343f4e30c84882c95334e04d2710f3c252e00058e642b7fb81a926ad8e4cc38d9f0216aeacee8fcbb0e86a2c7e2ace0b87a30ed52e82b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2bddac27fc124d314c2b2c083435929

SHA1
27c1c60df93a529c6a038021894bb959694efc44

SHA256
f05abc48083badabdb0fba5a2fe473454c26c2c00e3d5a7f65ad6e31f736fc54

SHA512
d2f30bc178f0a5469a2e4169351dcab7f19809d5c9b5cf145af226f6511bb113b01490293f1b0d8610b2ae0e9d571f7683d0a6aa5ba92a74ab40d824f2afa275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81770a78c7000bf65fd1a26a6bd57cc9

SHA1
67f8d37e702c8655b3be4f866a7a017bcd748709

SHA256
ba745a2c85f1c4ec267ef10bdb69f7079ea676c263bfb8bee50ae69667c02f4c

SHA512
e46fb78570f2f653c1a4101e3a885590eab34271fafbe9f3ce62aaf34fdef03961d3ca8bf76eb6f9dfb37b8ee754e915bc8884632f5a296535bdb59166ab1a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cda6f7ac4f030ff2b63363881cb85aa1

SHA1
0ac6041a26e6ddac670fd2be411f764086bb2c67

SHA256
bf582b6987ce9bbe0c28a69907424638cf3e1c0dacc50a450254609b066a93bc

SHA512
0525928e66f9db48a4125fa3427f0bfdc0deb02745feb1a22dbce10f2ad78788091883b222a1bebf5d2b646eb53a8b0411ae6c7691689e075a9e073267245b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
395935c59041fc5b24fa9aa3f9eb9c7c

SHA1
9cb7d9b789fe6ed73b33c01199cf7c9b135cced3

SHA256
474f82dfa548fe197a89994fd38d67c5052c6203504ad29d538669e34a304e5e

SHA512
8c42f213d4bfddad9bd944968b2e585c41feab25d4b731fd1bf79fffa696af479066632e0e652f1dff3df68c62d6e3bc069ba6036d68c9824032f069b1e29259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f90b50329fdbf45e5a3ff96dcd445b00

SHA1
c694b9fafcc3b9a720b8b8936c4995992a9eb391

SHA256
b44ebbeb35273dd2110170d48003f37a113b652bb9eee99183bac5588f1fef0d

SHA512
2f872ce0a2c0818606be079f49cac282a5fe10dbe450ec399f0202e022b97594b4345c96173b4693f8a3f4cf9927d3967bb4bfa557a9a90da763e3b339c0acef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c78a603fd9a275b6e725063e1d732f9

SHA1
6ebd7406c321b213b50e047ec3cca54bbf243ab3

SHA256
c40446773de230a469bbd6462abb749f63c8331b7822ade9c35fbb9529381e5f

SHA512
5442c88cdd4349076e8e5a5bc190089cd5d4e79e0e921535b88af353ed1d548481b661908a43401e00f9b7c8c936737d00d4828b8c917da0fe90285036213b57

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADBE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAEEF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit