123e2d4f7cc05de597c990d16896c032444431d7177482627888179eab619adf

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 01:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73f9f65c5a35c912b50234bb27a2315e_JaffaCakes118.html
Size

4KB
MD5

73f9f65c5a35c912b50234bb27a2315e
SHA1

22aedb77cdbb1d5d981a9d2510631b60d0c72d00
SHA256

123e2d4f7cc05de597c990d16896c032444431d7177482627888179eab619adf
SHA512

2cd1cc14df6e2a733e4630290d8f685e95338b2a422ab4f85a39024eb49a30a868ac499f9c310e925919e1088e91bbc074015b9dec030f755e347a999e7cdfbd
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oLqZraFd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eb24cbd78683094ea4e71077c4a0e581000000000200000000001066000000010000200000006b95196c68771807fed61e3f2672cc9ef1cee5980b8209b7fad8f41745b5daf9000000000e80000000020000200000008c8359d33f023801413adb14d98a14ca40661288aa45db63c888b690bd5f767d20000000e9c56ac476a54da0fe792dd448b2ead132caabb07de32c0cc955bcbf9c079efe400000002a89c25413feebd94fd9ac26d6df24e0f4d482a0a0083475fe583a5778dd669a54401bb709a089402bb22d75baee58aad9ed260f164b8c26317d6c68b4576a17	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422850345"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8556DA1-1B02-11EF-822E-56D57A935C49} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eb24cbd78683094ea4e71077c4a0e58100000000020000000000106600000001000020000000c3be43bc0cdc71c806ee3cf6bf716c1c446cb12e02178672e10baab263ca931c000000000e8000000002000020000000ec529ab2ecfb4745f2dd75783fbb56c5c2b629292732b55a4ba18d02ffcafe19900000004db87476478e1a77832e666370978c0a51fc085a4e202020d9a5ce2e1884d9e2a8e514559c0f1a09e3776d2a2343f2f693720943225f0c7f44c3bd647456a4f9c321b1dcb8a83158eb23eb714ea20436a4474c48830360ba0e0cb5639adfe14c146ef1eecabccaee9b369a1b56a0698dcbe51a64c58929904f02e9f4f601a2a3de3ef953d1732f318b77e16f3066061140000000a095214b7350b497965945e3f24c5b8ee5cfb73c6876faa3215c911f9d2a7db972098b8d5472aef612bb449f748ade5a616befbdf5bd73ae0e806637881eb7af	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e2e8bc0fafda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1504	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1504	iexplore.exe
1504	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 2324	1504	iexplore.exe	28
PID 1504 wrote to memory of 2324	1504	iexplore.exe	28
PID 1504 wrote to memory of 2324	1504	iexplore.exe	28
PID 1504 wrote to memory of 2324	1504	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\73f9f65c5a35c912b50234bb27a2315e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
774b08bd96cb46e14d6d3fa67623272d

SHA1
031a50b2c7d4a041ec52327b04e46520975aa9f1

SHA256
d17bc209fc1994685b75c6dabdea94a59407442943adaffd773032cfb194f392

SHA512
20e143285f14628ce1f5e6f16e25c3f36838ed9a376314952fc1df0646db480e80b745fc2d26360474bf0a98790b295ad334f665054197b96b437d3a2ebc0cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
388a81b1b60ed841828e652cc6ec8ee2

SHA1
56dc3ed3ae533f9f2c00cab0d5d4644912ef3987

SHA256
865e6ade4fd8dd3edaa1e24916d9c252b50a06d12c024efb9372459c7012c0be

SHA512
b17c948046bb4001d4bd4480ed79845dd1344bfcaec96e88fdd35624fc4ebfb1ab4fe8090673f209c7d9b524071c396cfbbe6ee9aea8d95465f6537c19084260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cb2c7f3d79376e0254f47bb5fd5e8ee

SHA1
95587a1f9e17fcf516a81fb6d94585f6d2e6af9d

SHA256
05cbfc25922f0d5423395e6af4d707182148e485cbd59791b767dbb44a1f211a

SHA512
332a04231e0342900c2fb0aae8e1043ca4e125428add28ee379828a9bfa9a9c345b653234e0b5644327ba330a53d553525f6b484d06598b6606c3bd90e4440ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be829479f9d06fe57e5b7b990416e10f

SHA1
16946ea5b1328526a7e0713b5b99e7d4cb6136f6

SHA256
3bb312197f7024c1833fe085ff750cfbf25fafc7da9723c4ba87efa3743966d7

SHA512
0c9bd8cad07f3cca7896dd5dd1207886e64514f4ec3c3ce9b9b43df72773b9970ab3cd46e9f300963f51359b11b8ab6de733ed763e347206e81c61c844868620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ff84479f36526bb1dc3f831b9d9ed1e

SHA1
94d84f001506b8368fa62ce91f8eb0ef5b9db989

SHA256
112d2144c11ef1e0215eb3b36a3c5a6e23f121a95524c5ad41de5aaf04ce562b

SHA512
fba81bc07c68f53245b43fadb91ad496c0dacdc7b29387935f26fb483e05b428b9f2d9b4209c3955b0ec411c7fce2e688e0ccea5db9ea18515f1447b37576d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eacec2892eba679cf868ed84e2014a91

SHA1
23e745bfb011b90cddbdd4c3f19206c9da786d5e

SHA256
be0da8a21e6621fd96eb69a09c881a6da2a01131dd10c6f4330c520fafe33699

SHA512
3d386ac37ef51eed9e8630d1df5187fb1e4b537fde20e05f09ff9d642caa214820b50bbb2d90e0b698be48b2337d3f06dbbfd61eb1e1ec863597c564707654a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbb8cfa1d4eddc28c557f1d7981ee25d

SHA1
af31b126aea6dab59c995e856a2921f067ff725a

SHA256
17121b86d561f57e8d549d7dc46d7bb134e5483f0a39c93f408c9a60aa2face1

SHA512
bb5f018158bb3fe40a362d41ab303e23267ed15b7ba2d10f7ac0f533dac129e20bde47d77258af58961cf1021d0714ff19f4f3acb2db94af57ce46492657071f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ef8fed5343bb1e2637ab8ba33e949f4

SHA1
38982b7fdac487473fa2f53d7308bac9af0e5993

SHA256
30982b5ad9a70528cc770459fa47bc319e9c41fe7ce1f4568abb80c000c9a762

SHA512
b1a8f497f4b9c0cc9acdd422db27644623cba1be807ef36db4866d27f519b7e318525da75812e5329fedeaf60503279441e60fe16e5f80665ba09f4d8b736ca8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a24060f64aa82e3c65761ba727182c6

SHA1
b3e8ebe9533d370c9b24dae6300fbefbf09e201b

SHA256
6af19f1ed0083d3b62131491e5fcb47228bff156062fc0703feca3f570a50496

SHA512
5ed8fa79a516127ff89c3cbd1931fc995a7f6b3d059c0f9f9c934cb3da61a7e21993cef78b3faa37fa9fb2ad0354a09b2e684e4119a573d9f8438cad0452cdf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa9f533884e728f552dbb2af71152eb6

SHA1
f4aea561d28eb9ade7098b0c81f0414f7bf95002

SHA256
0f364ca2ba03171347c83e7026e65d7e8168db21813463cf241c90f845d5b10a

SHA512
941c3f8390f32dc5bc8f01804a72c306097ac3e947a4ddfcfce0e175b6cbdcfa87c85ebd139484079ce0c7a492ae997d2d1d3cc3bb029d2580756b2f1e51d7ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0903ee5c405ca690f9bef338a7a120db

SHA1
0a740720bfdeb3999a69b8e06da72861c4db8a54

SHA256
9d72b4920eda5c4b226f29677d2c99fcbe85e13d677eed870aa8334ba976506d

SHA512
22426ad15b4503f77f8cb2a71834cdaf5c3e2147affb991ce4afc92335ba25acdd234f29d4fc6aca5871ebb2c4503fbe62d0ad54ba3d32f74203cc13ac489070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7986c485e06cba592ff6e1778e548a57

SHA1
17c571d604035933f1ec8f3cafdd033d11eb631f

SHA256
e300665334cb9a41a91b62f8230f60944ab4cfe6ce0f00b902d6353719cdce35

SHA512
217bb6a692d16786c05ada609b65f4ae37cdbd4395fe822334c7a52833a375de306c407b6f3d15ea43c3720946d0e8d9282930d867fe02862251fdb42731ad3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a15d1b68e0f858fd6fc7634833d158c

SHA1
d0ae5310ed16c20f08325a722c53d09195a41360

SHA256
d96a4844e434620b71fbe6a29313da4f906f4ac7dc21acc31a1bed80ed594cd5

SHA512
c21253f12c281b8e92171fc11e15e08b3b04b3e7a2dcc4529692d37e6e497cb72082231209b8580a4c59b3cc29995f34241521737fba6e0f03bf6c486ae27dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
865213a0eca83c8336a9f17f8ee025af

SHA1
712707985bf937f72967730ca177f60b0e25db0e

SHA256
e171ff950940716da358a8838d906c77b8b5774049295bb92fb4b0902004610b

SHA512
ab55bcff9c92804750c686a4b6c7e72800831d79a34cde48f6af43d93d869cd737200037d0d1e658d7524c3e9438976b9354ceeaae230b53efaf6d991777785a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e248d1601667b36867d94920780ad66

SHA1
c419e9266dd63e8b1399f9e0d5d380904414bdf0

SHA256
3823c5549ee0883c771d609d126bcda3fb786ef71194f703cf54e5524ed9018c

SHA512
ff4c12c3446a148c547a9f9b717d2e4011d6c2fa4a1973a54a86675d9404040cbe010700245a8bd07dcca3ae5c16f43b78725ffa5b14b0c2953004392522af7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ce3ca3efcaac50662049c22857a8a66

SHA1
730c8b0a8c7a72f2b3a72e70ac95f239de0f1201

SHA256
61e55bb5aadcd2f074282f534b4b24e23e2d57f3f14015675321c1b30f989bef

SHA512
09a95683392dfb5ee01068bf3ca27838b069fca05ae430b70060a45ca6e108e84144cacea46701fd9ceac05241719d64ec18f38f0d9c1415cd769169ce904ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab348B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar35F9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit