a1c38ddf9f29aceb8d06d859e036e1ec6720c2269b849936a8076b3847db3c86

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 14:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7233cbd130280ce2d5b13946e7c35742_JaffaCakes118.html
Size

70KB
MD5

7233cbd130280ce2d5b13946e7c35742
SHA1

68c9ae50075fa58a453dd0042b88c890357d38f4
SHA256

a1c38ddf9f29aceb8d06d859e036e1ec6720c2269b849936a8076b3847db3c86
SHA512

050c30e9df60be7a534ee12f20c63fdd3242f040c7fd29b1489299a9a17c4e8427e0bb470b18aab2cd4f27a6961cf0333f3f4a271e4cfb56c6fbb9993579d326
SSDEEP

768:JiEfgcMWR3sI2PDDnd0g61UoNjdpvrOoT2e1wCZkoTyMdtbBnfBgN8/lboiGhcRe:JEBe7j/TTNen0tbrga90hc+NnhVJ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b56eb40ded3f794bb7675a3135330a600000000002000000000010660000000100002000000069511e56b8d0d232f068a90d59c7e9046e6fe6547c4f95cd9eedc84695156a19000000000e8000000002000020000000069ef075abfedb5a3a3e91716be7e86432f58571dc1c15c461e3cbcbb071cb1e2000000070dfd7da2ccb163f308890231c9842f570ad58589d2ff26a92929607e02d1abf40000000f6a9801983296a7e8c9955cd93942d25d4de2b3bcc63135c563816bc8fa7d16d937eaf06b6291f6a5cd3973cfd26c87549f1c1bea5f2be26d7fab173263beaff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59F98C91-1AA7-11EF-8547-E6D98B7EB028} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b56eb40ded3f794bb7675a3135330a6000000000020000000000106600000001000020000000bdcc744ef7180e89463dd99700bba4efc3556ff9ffd8cb7de2ea93998b01cd39000000000e8000000002000020000000722f20bde88dbf52b3a8043210de11e57dddaf8dcf95e430370067f861e53adf9000000070f070917c59c7e45917c1dcc9c7b55bde7a0a5c2c46410f60a9d6e70ed6775275a437b5a839e4c9e0e460ba46070983c265711170573b33721f6348ad598e55491a4d1141f0884bc07cb6d098ec41aba16fc05685ec8e54572ce73f41b7937a979b51566ef86804f2fe8af59f55e8f2670747e8958c9081e16312d525a6c0a9c174b1e73da724ba89f8d828b4add472400000006f8e4657fdbb18ab42c372cb1274cc83d1b9fbdd20dc94be4c3fabb35141dfbf0295e43094d35f57a4979b971e5808fb1382c498e6739921e1ef2c1c0db6b8ec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3016dc2fb4aeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422811024"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2504	1992	iexplore.exe	28
PID 1992 wrote to memory of 2504	1992	iexplore.exe	28
PID 1992 wrote to memory of 2504	1992	iexplore.exe	28
PID 1992 wrote to memory of 2504	1992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7233cbd130280ce2d5b13946e7c35742_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05737168b929bd0ad1eea4d6e87324ca

SHA1
08ede19a476a300a6d7a2c8b5f8e70fde785785f

SHA256
23064f3392427ff05a3756ee84a76976238b2ecbff98bef97ea674f56eea93e6

SHA512
dd74e1790771082c156a053495e7ff4a909a2dda7dcb6b28877e34abc05bbd1e0cb5072c6f7cbfac0d2c5eecc8253539698e31c093a4a12a189ba775b1f6ef0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afdd422bfaaca3ba85722bd970066837

SHA1
0d3de87af3df293ee33c7b2f6acd61a1871c52a7

SHA256
93c728b820baca681d22f6952382882d71d147307362c7d2f51decdc1aa6090b

SHA512
568fb45aa6c935c0de115fad524c70d2a17b0d1ce98073fadf536a9ea9ddb8ca61bcc26b6097a6e5890a9d40fef393e6227ce970e3e6ae6e23db4d045d054f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48e465630178ffb91cbcdda3827ad7af

SHA1
335abec575c3e83bc5e233e510e619797dfa0fc2

SHA256
e8022e3be9139a9b20f1cfbad2e13f58cb87fe67c0100f84d19eda4075a52287

SHA512
1edbcbb1b3bbe8032abf0df1c9e1ce9a6f12d936bdc12d867b5ba844bd3b84bfb44e23afdd3c468a7e531066766a2aa71df187847870c9e9fc328a53aef67034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45ec1655a920739e92b8a70c021eb74e

SHA1
8fdf7a6ffcb577838be000826b161e54d668d992

SHA256
6ade522f06cd92cc6f943d38d1886b05fae0ca173b8532631d4ee30d681a6e0e

SHA512
b2f8ce712ababf38844bee604c15724bb070f0778d60ff7847e4bc355b28125a092ecbf11ea96dc51f07f5cd1c77a43e95fd33ac77498ee8725542b285ae3a4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c23fb6a05ca6c2c2a6eeb558e254c168

SHA1
11ebdf2d69b046d6b534ee17fe82d78b8c7c7f94

SHA256
92f7baea1a951122497666e17c2f50e6ddc37f6427a6491cde9341a9d90e7b64

SHA512
2d1ed8a15b10e98f4d1f3dde084042cac6eab4b41ae5e0b8e0c04b6dd24faf82276b9c3a597cb340436f2268a4b7d227bc8ab89cac71b5c3fc15ee77d4ce88d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33701d11b2ad2604f8e504bc1f97b1f1

SHA1
c9b1b7ecfb25b79ab3eda24d3b1b629f1a53f650

SHA256
718871355de7b063949cbcd31bc00d0feb99830dde474c7850711cbefc409eab

SHA512
3c8ce46710ede1afd7b65575e77fa03b9c81e128a6ff53b8fa9726b16fdb2396fec72ffac5880698f2792e56fa84d213b142b81d163e9fe3746a7a5271ebbd48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
148f394026242ea9ff776517da33874a

SHA1
e08d3e77c5ca1442238b2c2116f83f708a75d1bb

SHA256
098fb65bc62893e6263447936b370df6a12a637858af09821e7793816422023d

SHA512
f6a566df3ed2b3b405fabf3b9f86b8815c6defada94cb0f6bf2b150631da2ddcd58b877f8e21946025f1a31d692983169013010921dc00733699d15798349bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25e5e55e264054ccfa43dd2c8ad2c9b4

SHA1
001674aa0564f727dfe7b6023d3ef8242e2284cd

SHA256
59577d9a0606fe86d0edb959ae8a342a633e73e90ccf42d56aa8ab415b2a5748

SHA512
1eb3abcae1334eaab487d21f72634983d8448eae7211b79351e07088c340379d745518483e4a56278cc2413af957bdd6bf3cc830b2fb19cd797c5e6653bfe40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bed2d67799bc682c3e54c0361f476ca6

SHA1
a02547288ab70c665a233c2a183b84f1eae88c2b

SHA256
955730eca7e9c97248a5482e94e39d084c48169cabb2fea088ad1026f2d1fee2

SHA512
af1a14a490c24c28880cf905bd4e1476b7f39d06d45093dd61e90e36513459edf1028fff396088cb127e08570acf6c043ac73462ca4f92a767903b796f7917ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cc838721f50532ce88b492897f5985d

SHA1
1be05c02d76e7028f567da0cb2779340e8affe23

SHA256
4108e062f7ddac6a4c74cf72bf2c3ce400e71dd75bb70ee165a8f448cb9b7abb

SHA512
276a398156acbb2d045244204f5ae886e116c9a36834554def32e784883fe635120834770cc7b75729868989c38adaab987fb00ff9d0a6f321fb0e38181c4c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ec5ac7364e07308954fb1907c15ebb

SHA1
fa7e6d41937b6107d0322c5888026f350f634c42

SHA256
6eaa7a3c744afb1f6908264562b202f3f8e54f8e365523b16d4f52b3eadf4a9b

SHA512
c92d7bacf8dae7910b5860245f5a80f2e166dc6fa49070c013fae7f8938d0413548a510ac5d1994066c1f1e4e49f4a70f40cbb484f6247c6e78cfc7febdd7725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08ed1673285ea8b0f0fd933a12e15e72

SHA1
56a69e7ad9f9839a14523806b854012ede2d1afa

SHA256
65ad3562382e5b810db511b0f9afeb4f9bada0bf7546b1cf3eecb69d4a6876b2

SHA512
ca395a5cce1886038f22019ff4e464f67612169419b286ef84b0ee667f72d89d0cdb4afc39098b862160f3d6a97f935031555801ee2193402682e832817ee0e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c50c1c201f5be7f97ba334c4fc382892

SHA1
6cf47ae2d0512932eadbf759d8a4e887f77097d1

SHA256
ed57719b9684a377401640b2712a31239a5e2ae59234af11de01c790a282bb29

SHA512
a6e9c8fb8275fba78a9f275e1414d422b86caa0dd828302536f444cd450193b491db05ee0d9f073c4a30cf4719c00ab5a59b72c54bfd4e026df07ddf77cfc485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0719ca05bd515eb406ab0a7b2963bb76

SHA1
8a3f735ff8d63e4d4e73ec9ae3bbe06da880803d

SHA256
3c5ee46fa996407f87dd51b3b17d42ce7f4f14cd7f9d1a53968e32942dca4c90

SHA512
a7ec57d596c40d57448649698f31fd9130a8e0902a8bc742df8e3423d8ea01cf24da0f6fc4788f709bd5b22251d375b24761cf92cd972f73bcb4e9aab52eddc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
292fd421b9af656b7d8268af344f8f36

SHA1
1dd8a0dd5a6797503e3524ca834a98831466d2dc

SHA256
79c661c2187797a7a953372f2492fc8431fefaea9b483d64af8dfc5cbcdcc097

SHA512
174e2c7ad6193c2f49d4315389a5bb75479e503218f224bb843982f122473656f5ab80db5e0d30e96488578141f26a51f144added8a0d774816648d96f5e4f95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b34c09e54c6bb8f2454e9c2811d317a8

SHA1
0d15e001b6ac6b4434047195dd51880910f86b49

SHA256
83f58824c054ff2bd14876b4b1f1ec0f3d913bea66984ff2dbf95db6c96b3113

SHA512
bae15263e2fc902386de24501277e9bd729d5321770dd18efc7fc78b3efcae5f9f07c6c41cbb7d34b360284441d482e12bf9e1d84a428ebab13ffdb08ed5f539

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3979.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A6C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit