40a8fbc167c51938d3502615227c1cc104073ba6cc3dff3b4a8cf6962bc1ba4c

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 20:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6fb5024d3993b96041f8355f710ae678_JaffaCakes118.html
Size

461KB
MD5

6fb5024d3993b96041f8355f710ae678
SHA1

bb9e7a78a79a2138387421e1e91dddae656d6592
SHA256

40a8fbc167c51938d3502615227c1cc104073ba6cc3dff3b4a8cf6962bc1ba4c
SHA512

7f43392531de3d50ae385cece9ab641f2f9bf760c0e81ea18ce1e3d9df1c50418329407fd4e8e0dc161c0345b485d2a08cd1533a3fbcd1e1c1a1427e84dd7ae5
SSDEEP

6144:SgsMYod+X3oI+YasMYod+X3oI+YCsMYod+X3oI+YLsMYod+X3oI+YQ:j5d+X3K5d+X3y5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008374590fb3c7f044a227eb0498edd3550000000002000000000010660000000100002000000091832834e66dfc6708ef54b145303fc0ffad8e6b7aabc0c09a1e64343e83c8f8000000000e80000000020000200000003ca33f57e0a043dde3acfe34f9209956c594a1ecb42e7b1105a9ef89d7c6a9f990000000aa0a949b6c2c30a1902af1f1f501924aa97c4d9709840da2bcb90fccca1c14c846dcc354ef0191f02cf8887a0d10beef807070c9a4359a03d855063c976827ef0620acd8a0b7e7997731f9c8fa66ba93ca6b05d68768359d46d17ecc471657477ab15b838ac16cd6a268a70e687248f4d31dc072e8ad1bac953f73e4005d096e3c4eace394573827ba952a7135897d59400000000693dc27e7a7150c5e91f69e00b1a4f534e9e2a18a315b1435070df432d4591cbb5e2180a3c8308aed6c84b698f3769a5b2492c188a6751221c48a7fea3277c3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07d66d816aeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008374590fb3c7f044a227eb0498edd355000000000200000000001066000000010000200000009e7138879a4c8f1e34f1a722f69a503ad0f706f0aec5cadd6da1a3db309d8007000000000e80000000020000200000001f40ed5a2d09194914b4c94f686474c20347233e71fe0b9f8682147d5adf697620000000cd4c8bbbffbc34ecefb393ec7fc0765848613df73fe48fa3fb5f0ab684c12c2d40000000523ca5fe8d24d6880b4903bf5dcfbd01d431da859cb58cb7f8280e871057c7aadff1755548c81cdbc7836f675fa6c85f03389342b0e08cba20420614027d25db	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FFBEB9A1-1A09-11EF-9960-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422743442"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2584	2172	iexplore.exe	28
PID 2172 wrote to memory of 2584	2172	iexplore.exe	28
PID 2172 wrote to memory of 2584	2172	iexplore.exe	28
PID 2172 wrote to memory of 2584	2172	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6fb5024d3993b96041f8355f710ae678_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a81e31977277b776a9a420a5d786092

SHA1
6d86c685f78429e637813036c5ca58101e358704

SHA256
869e9cc4889ed4d46b67e1c40386abdcb12d647112b53b28a2ffc54271c29f9f

SHA512
a306153d1b11c833a1ffffeb1f5c99109370bcaa2a4c200c8d4d8a101d6ffa3a047603b3f2e2bc1884c38c1f05003f317443aff727a5dccafbd5d17bd96a9cf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2005ad1c87554e087bf6e942b528177

SHA1
4598817687c9576c351f789ba115722527b41120

SHA256
5b618a3e0d11e48d321cd03ed6598bf1c800a23efc05f9a1c126faf19963c0d4

SHA512
6bf411988462cbf4f99de60c852a9741fcdba97e7beabe9d07347f8b70398c646510ee735ee65262f6cb9a31d7d95bf4faae802fd9feaa303311fd41fa201a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f320ed17bdb7e99c35d7a584944bf412

SHA1
2597cf60968d079fdcb1a22bddfcd2eae24180cd

SHA256
ffcbb2785afbd3beb99c602910f62a761189b79cd12b097e150bc5df10932326

SHA512
f0109d13be7ea62f7c278c13108e52eb28806d9baeaf70c7b485ff4a109a66b43dc7590a5e225d442e86d95fb3e325ddc30f033e83e261f4853dfa6e33a8fbf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fd4c2006331273d2466c75a48291385

SHA1
740eb0bc2e5d8ca6b6757dbc3c0b84afbe5dda12

SHA256
c1f781626972005b1d36502e6142e578cfc108a4c626515f6d6abe7910705315

SHA512
a4b6da70b85fb844bde32251f7209b4325e360ca6e58ba1487a3265fa080b58916f7e4b54c3f0ff1b505aba4c23fd7601d94af12fd879b2d8dacbe1055a63d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ec23e8a4ab66523ca2cda71f4beb42d

SHA1
66f3ae9bfb9bc1ffc5670527fde1f8f4df805df9

SHA256
b840a01d55e8859821058160d4b53112c32767c12db1c0066a0bee9c2c203f6d

SHA512
bbb309a0992397cfe3e123622cd7f00c8de0f1f0674a2ae185ed4f896b653ec51d85cce52753bf9d63e22587f0c8d0eeb627f44021815be356112a172c6845ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19d4541d9649ba906969f994cf891606

SHA1
2cc5bb782dbfada9c8dd3a9669f530a1ab089088

SHA256
17e4aae057ea71053445b2697851202b583ce8a2b69889b55d2c1155d2bf11de

SHA512
95b74e34b6dcb1fdfc51813ddf73599a0528a081370f71d8057c751f6f703d509765e0e54196b3408bf93db2d7d4fa77d5382f66b413f555ae1ea18031714a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26afceb5a512a18b55e8b00c1c692e5c

SHA1
eb3f881542ec60d1ecbdd806e9e99431b26118ba

SHA256
332e641bb7d8619ac3c69b0b3c9f1938bd975750c076143eaaf9fe1a3ff39c04

SHA512
08affd9d3b47f6bdb5a49baeec5d1162571bdcd2d87dc6b6d89168de4b976ce25d15a2bbe171bce494de30ad50d4a1f01d514a073fe3e60547bd6c26e85ae8e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
503e2928c52981b7bb7bd37e681d1fc0

SHA1
fafe9074dc0e698af2b6c8e6fd05c84a1db38a21

SHA256
a885dd600889895062046ee0d67d674e118a097a413844eebe20f42b8f63d27c

SHA512
05a7bb0073a77b63eb554cb8bcfff573299540256d06752adef0a0f13167dfc04f47995e7b295deeadb984e152213db3d61f41e85ab72fd0e90fbf4e45a62c63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af895a50568865ecad8206b07d5645be

SHA1
cf8b7b411df47d3a7768747244ca2d0645dc875a

SHA256
7c67beed7a3ca83130a38721f3e4df5d685a00a0e45e385290fae09f943a8190

SHA512
789f7fcb17ee2c3b073b0ece9fdee2755559e097f5fc203a4fb576e47ab8f341634b0c05936831c439b949078a6d199f74908d00b38e63d3d370c14fbe2904ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86aecce91e533509851c36f521469814

SHA1
14389200c76805e89f716ffbf6f02df262774660

SHA256
feef22633448bfb38a1d0cb43692a8ebc738279dc074ad9fec4b0dc780971e01

SHA512
15e54cb85dee21372c1137652948fdeb5195b249a513581f17ebe6441be3e2c3feb22288ea3c7487e47140376bac7b317e1c46088c85504e2abec310b8d15b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb529a6554389fd0bc5338db39fb1b42

SHA1
48bfe32d205868ab36c6825746fb8d3a0a20bf5f

SHA256
e3b6b1f99306c84d3fc2a50cf0ee2a628fd3e6262f4463e410ee99e2eee40c7b

SHA512
d08871372934b792d2af5152e08b44efc747df1e82352d2fbfbdc83394a839fa74cbc82500fb610e5dfac863f9b20ce19de82c101d2578fe5a04a17c185ff44a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20c17af0a6d43ada19fdf52e9b6d2568

SHA1
f9a87e5bd44cbff29f600b6365ca94d744474cef

SHA256
43baad08344eedaa2ddf871b6be6759a6265ac00c4cf8fb3b09c312361a0533a

SHA512
37ff0de0e9a9e425b76b1c5bf2c6ca847134c1114bf0f141ce1f126aa45e5b5757f7f2e597bf90108e062003780209e3a068bf2d8d0a8dab263d1f705cec746d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a01cf31ea7ff5cf761da8834b272d94

SHA1
462c43ae16ab5b62b98cd464693cae3c69ebb779

SHA256
c5e12478aceaa9408aa93c616c0be7c6a915c628cf89b3f3ac05c7b6ea12f821

SHA512
32b2eca2721da2169635115ea422baca121ce7eebdd027dba4a0887c0a8a1ea3825f377902fd32ec29493de36123686334b8c5a6445041f1892ec579ff30020b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7274ec03ed8175306ddf570ed196cc84

SHA1
7b6defeb6adff099af3fedd951e5cc1d3a928e93

SHA256
c867e699abc70538f949832706b13e217bcc11640be02e7ec761bc19376d6f72

SHA512
404ca074e6aa850aa55ab4ae3b31e573f29626c33d68309aa07cf8a514b77480fcb410593ca4e0bbb0fd22f3e88cfae47b046b75811456d7cffde9daeaf8e9a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4967bfb615a203ad1bab2a47858ed72

SHA1
48a5dc50042d242736c5e488848994f703527f64

SHA256
8f0ba109c6cbc67a07fc63b5f9299d79fdbf9a5ffb8f88e5042c750b8fed9ce7

SHA512
f199248b96223328200e319a3421578c64a0ce12e01feeef170431b14fbbb3aeba223d45ef7c0bee9a2baff3808ff81fe56df5bafed7147df9d3f5842a8be4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB5CB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB719.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit