93a8c478dc50cefb4159c45078edc24b9685859d7ea6ce66f0896c7895a37d88

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6de53357ea0013500df165046bc8168b_JaffaCakes118.html
Size

24KB
MD5

6de53357ea0013500df165046bc8168b
SHA1

75ca97a46d61b0657ecc9675db20fdea7699e6a7
SHA256

93a8c478dc50cefb4159c45078edc24b9685859d7ea6ce66f0896c7895a37d88
SHA512

58b58a1472cef01cdd61ec97ac0baf30a517a4958a8a0514aa37269ea455fa309cdf973a9aeddd29dcf653f0eee0c281f2b89ce8adc29f85f6e225673b0adbdb
SSDEEP

384:zuwvEIV0beSGDcO541Ci9EmsG5c1HSThrw59+ENW8ObUdSsANmCqpne6jf:zJEIVMVO548LiR809hGD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702eac2fb5adda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422701501"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000024db7068b1ad05e5c7793ad7d2f6dea68d2bdc711053cf6cee154c79daa9f3ec000000000e800000000200002000000055e13fad3a82e641852ed63d29946fada4d595a1ec66c2e29d0854473269116e20000000be0260f66794c1fc9aa4188496ff5444a10d136121bf416388005011759ac33940000000a22c983385fafa37f9dcec234198bb4bec5d309b930ed79fddfe689c7443d93b4ea0798f5c01f0b6d79e74c6309deea0c785fbe5fe37b0feacd34867a4693ca4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000040496a09561e504fdbb2ee04aba0ee94cf2087aff17a1e4f4738a12dda4399fa000000000e80000000020000200000009588de6af7a10a568030fa932f04c1a1ecec5ea0c093b0151635f26b7cdfe0459000000014b8445cf08c6580948a97668cfee93094e22819568a879a6be80861517a2afa132cebb0729f3987c3bb198ab68b08185e85783b06e7c348db8040ec535a3bfa0f927ff9eb2ffa0744b74bea8e92d6d5f267740e8fe9d5866e8ed197b00f3341dcfefb195081c309298cc5b6a93100d294bafc705ebf8647d231230ea786f8f59042b962a39c79ea6f1abd1e7d9e11d0400000001bfa435e5eacdb9a226b7417d55efae387cfd9469a96cf5fa66ad87ce6c22bfb6b5758cc53a2859c33902ffab9c5b86a7c32feea65446aad25b792fe6ed7a62e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5AFE0DF1-19A8-11EF-B02E-F637117826CF} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3052	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3052	iexplore.exe
3052	iexplore.exe
1300	IEXPLORE.EXE
1300	IEXPLORE.EXE
1300	IEXPLORE.EXE
1300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1300	3052	iexplore.exe	28
PID 3052 wrote to memory of 1300	3052	iexplore.exe	28
PID 3052 wrote to memory of 1300	3052	iexplore.exe	28
PID 3052 wrote to memory of 1300	3052	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6de53357ea0013500df165046bc8168b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
377d66eb1ce3aef6699fad6bfb3b2c3c

SHA1
c4220e28bcd50bbc6e8780bc5cd52c705df41629

SHA256
03c8ba9003406a06f96be2222a3d8306dee8b2678342330a908f97e24de343bf

SHA512
85f081e07a4eb5a86ea0e79eda2095367d6d6def6b3a228125c2007298468638eb53d62d05a22f09bff2b9e197ccdd62d95a7d65ce3648a084497c3e22614795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72f921ba650807686bced41e313b3499

SHA1
1305083cf0508d6b2dbf1dcad559c38d56f9f08c

SHA256
18957260f84e13f8cbdab238eb1b41d6f7e49fc91c04e5c41d2cbe6181973abf

SHA512
8e98bc9e3961ff3c63f84663c5de7bf8238b7c0b6910945774556fc3c23c601d7652091c7cf4c8a58a40d736fe07d5553fe571780ff43f9773876432d1a83151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5736f79b3a3a1c6013040d5e44334c16

SHA1
e1d8884ade12702800e8a7b4a98d7cc6da3e1e4b

SHA256
7fb51bbc635fc518a7a43ca7b7d51b4b8d3d53c2dfad7e2c6162cc401ca44ed8

SHA512
207cb3a91f29904b961d834a9ebaa37429432cdf6d040449abc70cb84f08428234115bbd81217ae203d10602f81c98e4cf91365b2d780106a4b854df728cd199

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
585d4ef17956e89722e36aba918f6a62

SHA1
319d19b7bd3185153c665e5ca25008e3c66b1938

SHA256
fb4f4a0183882e1ca264c1b80190a17f56949bdb02e15d19fddd4868782acf0f

SHA512
9fd6c4fd24f418024e110a56e92598efabff2800b17e34b2b9ebf1f32d92ef83e353e2aff13a61733354211dcaa3f1f6ab3347e3d1c5b262fc18b5fc4328ed94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42d34c21902660443deb162d0cec6cbe

SHA1
13be6e4ed8e47785f8f2005c5db809222b56e1da

SHA256
24b1c2a8ab998b22ff7176ef177d07b4e3daf041cbf4b67114f38a9579ab96c8

SHA512
ebf624b89cc74f06340342076d5eedacb24f7379e93e792befdf187274a095f3143799d62a24ed5511556ec71a2c0e27b1d0bc8f02c3e6830b297b4ed1dcd023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6af87574ef11ae720fb1c8e54650212f

SHA1
cf1bf57dcd0726dc9c2dc2d2848ca5fed631ae40

SHA256
90035c227d394a84284b907c52085f5c9bf9b5332e99fdb113c4aff93323588b

SHA512
ec0dd7f55e67e7ca1254720c4a816d8dfe6f886cadc22ed3a6f7e1633f9799220d617e7bffb4c3d08b2f5f3b239c56b15a96213beb5c2f4658eede3d01fba09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8586496cf2b4375815204d05cbdf047

SHA1
abf550e1623e10d932a442cdcf0df2fd71fe3c6a

SHA256
49fa544fc53f17a31c50966f89f070fd1c70734be54a05b4a83f118bb25da425

SHA512
0adb0fbb93a5f1c50718801ed6902d03e0bd998ca748f7b309eaf17c2dc41ac0874dd7f22d411ea14cca7ec40e10c46286a557eddd4e0ac9b70c490e8797bb67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4d8743404b72dce4ef8f9f5cd772587

SHA1
f6c40c674312d409531f6c8c12ce57bd7f9d7692

SHA256
65467382641fed357bb6475b00165b4798ad211ce945a93ae3d709d5003b40f1

SHA512
67ec3e92b09c9d22c3e7f3e4a2e14b6accf7d8844ce77dd2763ba31496a3dd453176f3117370a86d94225647cfbaf99ba953139bd79fddfe9b3f0be6d3865af5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
533b6c37db2df0edbdc61daff1cae540

SHA1
a4fa1fdd6ad3340e8a0e3dd587fdf6ec2ff9e5a9

SHA256
22665f78c5839c4009ba1f2b2e861266ecd189e1648b2476a7e3a7aad8df10a3

SHA512
a742a25fb2f91bac786114de02cb4ff347dc78867f7a411745120b73f04a25535bbd2b9991503b70ba1abb0e20150baa9dbbe1235db9b2fc96b1fde03a8e441c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e1767fa9b2c8f93d514e84edee3724d

SHA1
11e5d4e87f4f2fc9125e8fbfccd1d3959cb51679

SHA256
d602f976492e78b7f3315b3ba828297e4fbfe1014ccfa85f71738884802af4cc

SHA512
47de26a50c6fe9e6acb3be62fa2a99c0cce69f4b15d6bf61be520ca1ceceed76ccb4884d83b8b3da234b2d5870011f3666480fde7b558ff7c14caa01e7b039ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
455428a56be86524ca943965a7b5cbac

SHA1
854ea90b892ad81018660606aa7123caae895fb1

SHA256
cdd1122a6075c10e56cf46abf796252d48772e4f224e518ef35a21a64889bc7c

SHA512
f88db272358561bfde70588288053fc743d5a8b7ff0cdd0be283c65192c99aceb6c39fe786e7e9874a4cc8c1f391684d25ec7ad70f824ad3836fe766d1e43798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7087eba6f47f562fdee8716ed64c96e3

SHA1
28654627b850a884a22debf043d60b15f7c6c254

SHA256
52f5eccaf297c86c1c6ffb82605732b2707b3b26e05bcd475ef9b4c7d5f45cbb

SHA512
1e166b3e2242109106dd6baeb0c62dabb4950b6299c6934af9ef97e5e123a016df9046485e8243c7082217326b74b5d7868747fad521ab28df49f6319c61f481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f658438eea44e1765f3339d69661dd56

SHA1
c7c44d8b605c54cb9b61e07592197e10869dc6a3

SHA256
150362fa0d3268c1f34b41029038295e6b44f7743bf2880c09f71f528eacd5e4

SHA512
d73f08b2a314c8bfb7caf1959002f7d41e3d2acf59de61242f43cb2257b47ef6a939c468e98ef4c5b81eddd579a71819c4ec89d9ea97ae9687913334454d1974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a343f33b67a58e190e1db53f8b9a62e8

SHA1
a004b0043913ddc92ed7b1605cbf9e8af1941a01

SHA256
31f5b79080ef993d4ad0b37e3badd1034e954a4893293ca83bbd2ee9e61f8746

SHA512
eba738f6779a1d4b48a08865554ef5bd9b5df68e4836d1600414f19a3694be642cc1d1edbd9bcce2676d14fb6acfdba791121c5aef6494bcf84ae3f17b506d95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc07652ba3e6534a355d8db06beddf14

SHA1
10e060f419ec444b831d47efe78903c651b472b3

SHA256
7f122386a5eba7e55f3dbd372268811c0256ce0004e42a7c1c919fb71366ef54

SHA512
17e284445fed39f600548623a5816b8a399c5f259900502f5b893ec0446f74df9a2fe72c5bfa7c473b2cc010b8b05cc21526f3a3789e2a6d5069fc513ae9dfe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a04482581277c97441c730897a63f17

SHA1
e776f71ff02352966f9f4ca71067971dfe00f314

SHA256
71079496e97e07eea8a9483e51dace0fcc267f1cdea43273881839199dc070c4

SHA512
3de00a97f00475f77cf3ef6067cb0f2254f1a30186d853c1eff918f123f330444d10a4e20225e70a5941d4790ae57be81ee21a9224278a6089b02ecdcf957993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
502922a12b46a634afbc0913bc36ad7b

SHA1
cc38c65e44a8d38c1f432e059f3c6e1544b072cc

SHA256
1f8f52847e2add880e1ad28196ae0dfbbaa735fe96cc00a701ecf82bda29bc77

SHA512
789c11b1e5ea19f9c3f3016584d4b2cb73aeacdc263bfd2f535316d2238298890ae86f4ea9ecb25c354a01c647e73aa7860ea91eaf572a0ccc3e27399dc0fff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab281D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar288D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit