ab44effd14cb8f516edc5ad37a601630f3050194c9f05d877c6b80a0d2ae07e7

Analysis

max time kernel
141s
max time network
147s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

739623eac99820235e527e3fc155904b_JaffaCakes118.html
Size

23KB
MD5

739623eac99820235e527e3fc155904b
SHA1

4ff5cbda85dcdd1503d7504099038de019bf95b6
SHA256

ab44effd14cb8f516edc5ad37a601630f3050194c9f05d877c6b80a0d2ae07e7
SHA512

cba9ebdce14366494a8dcd97c6eb9d96bb3bdf2d5a3320feea0c4ee022090620b6e84b207c25ff0279cba9693709e4b429704ea81febc8919d03b9c2eb15bcee
SSDEEP

384:W2GjXWb8mwuIfJM1W2c5gvXKCGfLN9Mln8ArnMab:W2mXWbCuIfoc5+G5QnNtb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000008ea461fffd2e47c2f0af708c6a14cc08e5357ed69cc68b1b7f3291ec84a9fec4000000000e8000000002000020000000155b851ff9d2436f2061a8b6e4f0c6e06801e008d9a3dfb5dc57ced713eda2809000000079d9758a17e6c651021aa878174841a0e4e6f456c7a6227d915684c6d6e0fa747f272deca5488bae71174ea1dd9a8baa6db37cbfb0519684a1c233ec691996073a3534ed9886a21832c6054107822147110cdab3dd5bc45538b8c6ec439a53329f331cc6b75a8bcaa9432d879b2102a15534acfe3378b1ecf4567a744334dbd08e3055e0b72420b461e0213523ff7f63400000008e32284726b2f6b4c9c95199b62a0159556ebfed94baf42268b43f5808b304315660686c961751ac06049ca9aa158994bddf44365854ce53f58b65828e3f5a41	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90F7D0D1-1AED-11EF-906B-FA9381F5F0AB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000f202c6d51d15c354167842cc7c7dbce402475b5e4b5ad847fc804da8f4fbe68f000000000e8000000002000020000000bb69a8d99c0a6fcebd6cb063782c54a4836af3bdcc0f43067ae38049dcfa0b83200000008d2ff4a0cc27bcd8047c412583c86ebb37effc4c031a58fece224cbae894aad74000000056d9881b6055bc65d79ac1e01cccc491e3de466b9bcaf471abe529ad15c029c25a01e789dbdb9a7fa6a2db025d955b611966ed7ab1273c13196f81498057c786	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80464c67faaeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422841178"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1796	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1796	iexplore.exe
1796	iexplore.exe
2004	IEXPLORE.EXE
2004	IEXPLORE.EXE
2004	IEXPLORE.EXE
2004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2004	1796	iexplore.exe	28
PID 1796 wrote to memory of 2004	1796	iexplore.exe	28
PID 1796 wrote to memory of 2004	1796	iexplore.exe	28
PID 1796 wrote to memory of 2004	1796	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\739623eac99820235e527e3fc155904b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70d765a28637cfe6fae232f808d4a732

SHA1
3f0c57a016c9311b6dd9f73c46376fc54e7ce8f6

SHA256
e7c6c16bbdb494294a63d3e72ddb098526730ac85a6424120248956bb515ab04

SHA512
080e8810d57e957e4bda7a50d2eb1c752b45edddd76ea853d5a4c388169d14eb3e2a70e87eccc77bcca350381aa1d47f7ebc71e78dc32aeb50a1279266011190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce1c8b8bde14b0ccbf0fdeb572790632

SHA1
0bc96acfdfc5ab86877e95a61704f94db83b78c9

SHA256
2ff5351d624ce2476a8a275caa8faeb4fa3f2ddbf06c60a370436b5cd00d0b75

SHA512
153fb531dad83a467ae7debc8147ca953976956c0faa990a530fc41e7806ef02cbb79ea0db48b05380a2e65256f2f7741b4f83c2f6d5fcc1c7f71bf1b937675c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44b3bd6be2be27ad7280b77584f7399d

SHA1
b18dd0fb01993c2712e37d0ad9888855a6c70831

SHA256
5283da514bd3a02f6596e0e505a9caa48a6e73a71b60d3b70cb1e4b17b88c134

SHA512
81983ef37d6c75f4845e5611e29426a20893a397088e2edd2e657ed109d83b62049f65846974e63afa7b1e62723cd31696e1e6cf202a85c4f88cc5435a004920

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0a632be9ebab7a1e428dc48ad463804

SHA1
e6752a6a738f3474c4f0e546a1302811dc250da7

SHA256
d28cff72abbf5cda1a4b369569dafb143518eab698aabf73064ebe3b77257943

SHA512
fe28f0049bed4c94dbfd8dc87aa7c63924f412bcbb35fa7572de6be4ea3f9335d6c7457f0a2b9adccb269a43369eb83fc1f764556cc5316df8eb3def358c9b17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32906c2e1ea2eea642cf988ee908ec9a

SHA1
b998e88b6ce5718c5fcc301cbced8e18edfb19a9

SHA256
9499e805c9c333c83feae35ccc72b97e29869d4ea393a8213d38499a703e003c

SHA512
de5c2efe7fd875bf43431919855a382c1d31f22aca84c135c6469299eedcc46aec87c7ee41f52e53d66ec7b0e67f1032f96e31e8185cbc12506182dca1bb165f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0da69638cdc878ac8934273192a8b839

SHA1
ecf83059e7942bcf1c2d522918fbe3c6443adea2

SHA256
e182cb72c5389b576e78e4ec0e4886d330b9d4319e465862fbdea43fb507f4a7

SHA512
1a968eb2486aa00c81db2870c3c203ecc6a3bb66e809726ce736e7df65adc8cb43d6788e11e46fe5d47b6212f54913afc9c32e00ad5f2e2f268196b831efc78e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3646d741f24216eeff0dc281145bd8c

SHA1
d43234cc339b111cc93dba6f2310594e1aff2606

SHA256
1afdef17947f2a34fbe1d208e3dd846fe2af4e25cf6953d4ba97299a9b0071c7

SHA512
2dac87bbb9987faf01595f175c9a3cb6a1214c1d8dcf4bc0e49c375a0e47fde5f0f617061df5055fd6072c0166fc87b270046fe4b45ed017fc585a1d00290b05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9425530c602cebeaa30a0a977dda9f6

SHA1
46019a2f6b705efad5329a7a1fe82bd728c64868

SHA256
0a35a5528c14eba3cccbe81d72f905189e6eedd944f0a69ce5d29371f751e059

SHA512
c1f4c8038467b3b6809487f2b82158586e006a0e8186b4f1d5803d352de25df27d4fcaf84d22ed2fe475853b17a1f39a252f7fb68810e7755eb37bd3e2939bb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36689a9262d751678fdb96ceb1293bd4

SHA1
5c555fdd1c113d838e0a97aed847469426912849

SHA256
5ee1a916ebb0c772942c59a63c45d6a5976d37e7e61c6cc07ac8da729642d581

SHA512
ffed94b500960b3211190733e02a7acb2348f068d418a5442c77734d64c21f75279e6d15266252921973b152c98f9f7ac4a98f539fbc6ff7fd4d50f30919da8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
674d9dceb00f899a060bb81523b5012b

SHA1
41572eb575c5027de3df3c4ecf747cc01dfb0c80

SHA256
d7bda2110b798b9465520aae5755e7c3b002dfeaac3932bd90f948edc1ba5de0

SHA512
38c9b1b0db8915c268a7fa66c83d3769fa93e063a85c6c74fb64d85a4961d44d9a30b978a66d0618daa259b6689b6f20bd5614b3e2879166a5ba1b2cb6cd1412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3130576f708c04bece4fef206785ec5a

SHA1
e39e2b359090732fbc795b062fbf747faa670dda

SHA256
7274886fee1a0640f8225015947beaaa53ba7011b28e952ed4f61d2033c74adc

SHA512
b32e3336f33559ab4ff802fbfbbf60e3fc3ed6077f884196ebfed6089105f32b083ad33c27f3972a60594247b9584cf122f3c22603349e9073dad1d099eb8394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b23e6b897c1fb3b034a7e93c46326882

SHA1
2ae317a11b8ceea04e67839c15adf7d0b65cea43

SHA256
c2819f84cdd7197dd322295d208ed851b56fd2d915a69f8c3313504a4f6c495a

SHA512
95911d29abdb9e32fe9890a476190e3f92d77061624f7e20a374eb7f27537d3fa0646d78e210c55c18bd37e4dba5f8f6a5f2d450cb446099f8112662a749e831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8c7dc086c9c43a83b0770e63f494662

SHA1
003f3ee72e325e72ec42bc7c014bd4dc68117bd5

SHA256
5c010284ebf5b08150b569b824b36c9214e56f1e1fc74af5b82506d340dbd57f

SHA512
55c818c2da4c1ac6a82f7929521c7f6e4cbdb4b9212b3bdf9b0f4e7fa5f6850f0a3de9381c3a65d3bfc8936803411e069b0aeda2b31c0739aaa8eaaa6988a527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc38bb7348543b4d234a510481b172c3

SHA1
5b623112992e1e47ba49467e009e962762b57d4e

SHA256
cd2c48e6170bd51def775ccc326367f0d260f9e9cb3fb486a3aa25416c6f1f48

SHA512
c22beacddec182cada7ffbddd586877bc144d498c43b5f0cc508e4480dd8a422278d0450f3950234c87eb52f2176d4e084db9883cbb886e0d7a15e20f3c6e257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f023187e61802e7dba44f2d6601c176

SHA1
f540294e5334497214d179225561aee04081ee99

SHA256
30f0e6f85795746c87d9f4d1ebfe74134ea7e1bd1584a47e5e43c7e1e6c6ab2c

SHA512
d4a64ae38c7a60706aed21b91b5d1ae6fdf6964ca170cd14ae2bc97d9226c1a7772f25f9bd81474c76c94ed81e6d4d76802b06a33cb9252437a6aaccaab9e9af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cd8a6dc20480944c4558c51cd167573

SHA1
f4dc4458eb882b14adaa4f41d24a723294951503

SHA256
509473abaaf0f723d7cf002f39c746363186c411830950161a9fd0a137cf2ca0

SHA512
45257af137929646ebfa88be865883e8db22680576b3a8cf84c48b3a2106b4021ed1a17a71282fd054b10a5d01d630acd9f75aaa65ead7537c82bef0cb04d35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ecc481526a8e5c2d16313f7f4527af4

SHA1
717ed4446e669702f75463bdc12dd0f859f8e0bf

SHA256
f46d9efa8f2f27781d6011fb779a8e31fba6c43c636a02c793e67c0bcb13cef3

SHA512
9de95b4399cd4297d26776c8d56db935b3e554cf88db04695b6aca9d12d96fd3324f32b10af1fbe3b11399832b4cad8cccf734a7baf9d0fb44072bf895622ec4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4884405d8dddbadf3d1fe340d1d447d7

SHA1
663625836b701925dee49f33f8c606dd353a1c87

SHA256
9c35cb40112d245a1faa7d1809e5f436b5c9157b1cbf8d8945082d47cbac4ce8

SHA512
a9c5e00c6d9109dbf6f425980b83a11c3e0ffd766d23142baf79d217f0d62b4da22d44055ae3c612978a79c436889a79bdbb304b143bcb750c4faa59656a5c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab43F6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4437.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit