5605bf3a993cecafad9d9aec4c18b06b6030ee4221c771b5b5f44c633de66dd7

Analysis

max time kernel
140s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 11:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71c392b1f05d84ffcaf69968e87b074f_JaffaCakes118.html
Size

3KB
MD5

71c392b1f05d84ffcaf69968e87b074f
SHA1

bfe17003ee0bd73f1479848087f77af9af654568
SHA256

5605bf3a993cecafad9d9aec4c18b06b6030ee4221c771b5b5f44c633de66dd7
SHA512

800cd8f0ce601fb600c118e5c3dfc68644b1a4b8674a6e86459ac702084a1a61521f1bfd119b00ea59642411388cb8c8620782aa87fd212f5434193e2747d015

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422797536"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ca702fd17211704396e3e767e1505429000000000200000000001066000000010000200000004fe5b358efafeaca7f2ac828ebbcebea80ef0ce200d5f6ed3ca9f0fdc4a39962000000000e8000000002000020000000586215eb42a8aa6958c27320dd24547d6d2a8eb25893cc4afb5ed9ac811ea8442000000094cb485908220e55acad7d7cc3e7843322a99e73f868900ddc01df28d2eefb08400000001c8e620d08f1497e60d70cc8fee55f601c18a21a974b089ae0f2b9a7f2238bfdcde0d862ead20951c35e4466bec4882f66b5290517d427acedaa677425d87f69	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ca702fd17211704396e3e767e150542900000000020000000000106600000001000020000000f1d30bb4b3730d074d490acb935e6cf9f71010038d4b976311bb1ccc66d0bc99000000000e800000000200002000000040168d19d751a2d50e1852e54dace3e9540010a5d198b4dadf06d17829494679900000009507e174b4633aeb69e857f23498c2178acc4d275991539dfb896fc6bb344d4f9785f6e3fd97757496a6d9b1b6276afd160aa8ef1e5f0550ce6b8867c9778085ea3c4b02f3ffb39ee064e0b4f2fe98174ae91737e74d8286c4b110f5ec4a7533f42db1768a577368744906ec2298dfba548c1f86591df797a1bcb39e7ab093a8671ea24396e8353b43e4c90fcffe6ff740000000f92d6071caa04c96367c0e9706cf8be306dac1ada48d94b1e2e6be35cec0e6804d3d3472176dda3170193a0c1d5cd896f94ba539f66dcd782be8a9edfe9c4f2c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2AFDEF1-1A87-11EF-8D50-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 002871c994aeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2340	2228	iexplore.exe	30
PID 2228 wrote to memory of 2340	2228	iexplore.exe	30
PID 2228 wrote to memory of 2340	2228	iexplore.exe	30
PID 2228 wrote to memory of 2340	2228	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\71c392b1f05d84ffcaf69968e87b074f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bf9d84208eec0dcd4f46084a5c47c7f

SHA1
e715f02a3a252223f0f76f44279903499ba38250

SHA256
ed286ab186f9fcc20d5d05f02af3fd7af03b808b15ab2df9f6162b8209bafb44

SHA512
27d4e7a1cf5970166fdaf73d6c09de1a1bfb764ca5856ea0130c16dd36f2613d6351a3e38a99a672ce5bf630f0973783804f7e59f8d21da490239b4feaa4587f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d507c05327dbccd916d27612eb3be2a6

SHA1
c314661671bafeb2c366b6d924c1115547f72008

SHA256
1c352a9f34536d2ee5816b4c88c2166e769ca340ec3488c1642b08e0121f6cec

SHA512
f336810563ff8ca6e3ae33087da84c32214b749354922c2d1efc8b1a1f91621fa24f97dfa8a2c5113b7947a53f2e25ee982ab6b7c386f879d2eed591bfbe86d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d2ec479d07065096a084bd0c6e9fd1a

SHA1
db5f066260a049cac4250520025e5734b5e9de2d

SHA256
d6bc874ba607af4f42f55036ae105ec11fae5d752fe6becc97af63d648eeb832

SHA512
c430e2f6b10787c44f8f5990f5d1cbff08784a3c7281e2e960cdcd755a34eb98ecb27cf8ebe7d33747a12fc899c568e7b78d67fe59474174dc185758076b729e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a2a305f3525a97119293a5a92030e80

SHA1
afb750709696cb4f5aadc97102a0e6840e6a11ee

SHA256
ea3a813e19c5a35fd8abd6205fcd156c24a2c914064e7ea2dd610aa20d7df926

SHA512
4360d3551ffd871b5861442fb2bec3da7f21a81a51ada48d65beed19e5bd346591559dcb333a2605642e73e0c198ad2fb74d1307935a38db85ce3b05e29ed68d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8abb6fcecb1e849b116402915ff61afa

SHA1
1139aa3e6c813fd03630c4bbc1c993dcba85f87b

SHA256
d96eb5d8d72c0f9320cc4be5a547d255d568f8bc27593f0fe34c039b34fc651b

SHA512
205287e5673390b32bbce87187fba6a93df027e1a708e32cc3bdab9dc6d1e1226d88108d20978b2f6d20240392eb666e81694892d47cf56b0cfe184f5ef17f18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efa7e3e6cc21fe5ed447b7542ce9e97b

SHA1
8394b761f5de319f6ba65a6ff4d746d6b44d8e19

SHA256
e6bfcc7cdf76ce66edf81f3e5fce137607f567e0b4e5ebcc2d3dec05245f2ae0

SHA512
1c9d54cb66c9976f7ec48a59acbe9500ae54327ae51e29f0df961daec7f95ace7306def9871780250ea0adf4e6a1cc4032b5d1ccec940eb75b3a83237480470c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc7fa59a1de522469d31fee57488f97d

SHA1
26d0311e2e7de775d33e600037bd6d2b49380d81

SHA256
98f4f50a4a91fa9eeeda2a5aa6595cb33ad2513489df2542686513a1ada77829

SHA512
8f0536e6149873db51330fb406c62844b2cf29bbffc2ea062cb452e1b63aa2a101f1454f56b1bfe9af5bab24e6eb99c4fc5a2f03499bdd9e3edc577b58518016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e468608c9e6dc4d695661c87a977baf

SHA1
94ae60a759b66cf98993d3b2a29033cf128a9322

SHA256
91f29fda74428b77e3fbfeb042c0569e37f3ada9cbd5365ed9ba0775ea511a05

SHA512
d22dfa38d59e369798f6e4fea09ad0f427bbb238bc6500c4ef53e529e78685ea49e7b98553dd8b45ad373ed3e296ac58b56976a344ed559df51c3c8c2919df46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ec07bce9d3db9ed0f99e6397b468f0b

SHA1
18edefb92c9675f6771bb7359f80b56eeb9137ce

SHA256
29da59a17f5ebd120da783de16c6ab28b515e18a31029a9675438bde576b40de

SHA512
76bd0d4c23984aad7096e73f311b2b954aa4cc283fc1b08c5260a0cbfa1ea66bd21d1f5a956a00be7fe09657274292834433c027c80ca1f772514e8e36ea5276

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a07f3c397f03eb0e6347a115423a9dca

SHA1
ee6dc16ebc003e1bdda2148f9f8ca5a2ad4f75a8

SHA256
47a52defe40728fd75c8ba21ba6c7477638ac1723298ae2648180333c368e571

SHA512
003a6a34f387ec6f0e968cc0693cf0b8000cbce40d589c11bcaa69e629073917ccfea8efa7d9d42940d71ac9c3cbc87b97405e16eb05cab4149da3a5868b515f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a786d8c8c738cf3b8b6cde858cce7f6

SHA1
4159ae82bd191105baaff6d67eaf316fe8ff075a

SHA256
1d281ab05c0fb9d2041a924e795ac48b8bc6f71ff475860931fb69cfe6c37372

SHA512
03a39943f62312028600059fa676adaac312847583fc17851d947a81f2d6f5dce4c08551cc24337e20a6aec21e5addf72e30fca2c1fa1cc1ee662739889d79ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56ed271625181a5ca0a01c41dc9e4352

SHA1
54adf232276a5f7edce5323ea1eb76d1be631324

SHA256
a0403beab46815dce3a8826e4acc41ca9a4b0eba36b7a5c5c2456b4ece67eff7

SHA512
12e0dbbe37e5ca56c28ee37f093d34cc7f37a3e694fd23902b79d47db6706046577581cfc2be4e6d8761e934352f903f8266d85262e1dd580ead136ed9d5dd6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ebd8a81cf85753354b0bb7f8f00a79c

SHA1
ebb3438c62cd5bef79d9aa9cf6019c09d08004ac

SHA256
efef57cc3fcdea5f0e230a2a9570bbd08f1c6e1993c19fc61f058ae8ee8aeafc

SHA512
00e91010db6b7481af6271bee35ab8b5a381013221897ee12367d95ef34bf2bbe8af1d9b31c9235e60043abe0db6fddf9eb419fca029f05907306b36b74dbe3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7590.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab76BB.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar770E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit