f92c8aebcbb37cb9f6272066df7a5fdb546f51241b836d5ad33dc0f51fc5ef85

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

755dae09461ca9cd02dfdf25ae93f658_JaffaCakes118.html
Size

6KB
MD5

755dae09461ca9cd02dfdf25ae93f658
SHA1

42ee781fa130124ed6ad527e362cccfaf091a564
SHA256

f92c8aebcbb37cb9f6272066df7a5fdb546f51241b836d5ad33dc0f51fc5ef85
SHA512

091a3dfb51dc523d1dff624ff409dee2c19593d6ea2275bd5ba34e7429c43c3a10cf9db62e6df80b1be6577abeb88c1fa2decca67b7d47abb2892d2ede386bc3
SSDEEP

48:eyhwf3ERHfvXD4R124IdAkpFCThJFr2X+dtxoQ2AA6icREZr7VbFu8WRWZUxW7on:jhM3sHfcIdcEvbcs5bsG7G5MWhWJUFhP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c6884fa3d23b2461f81e5dc65b61b1b7ad8a78f6447823218472f052196758a2000000000e800000000200002000000028eee45b551cd8bfa4edfe1adb589a114b8910458271d872b6fb4ec4062573c590000000dd77b9688d699aa7d021b61bfe54060dcc3f53010f6869a5b2f6ad8aeb7538cb59a99f2cc7fdbe607042623db31b0561d36bb4c8a8a1badc74a4a83f6911e4555ffdcab0047e9aa114894ebd59dec6819cc26a85dff8ec80384a562e8d05a5d867c0565ecb5eb25fd4f0832e97a75f98faaef8dfe75d4ca8b39d4fd9b5a33e4b29f08577317f84eb3d72e0940d74cd6840000000ac8666e469746c6867934242c6fa66b3218c8579c7bbbef1fefc55b483904f26e11c70baed62413999b03f325d275469386fdc95808ec6dd7a1c2e7a0a7d9d94	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422885718"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000004c82f418ada41ebf84725ae5cef47365c44cf67e68860bd1dbe6af71cbdb9e0f000000000e80000000020000200000007474d5010ef32aa771e8df0a00c8f2ddb280c60d688b6c7c334135631faa349c20000000a724008ff5cd23375182507f8c41e385bb5074a3321cca57c9edb4771b83ce94400000003630b98006cfa3199b00aaacfb8541fa26761fc6b93bd6be2179d72bc8311396c715b7f20ea2f6fe9c5b51e3916c0056a7af99e7a837aebaf58ab6acc4e83a0d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106c131962afda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44626561-1B55-11EF-8E9F-FAB46556C0ED} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2992	iexplore.exe
2992	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2700	2992	iexplore.exe	28
PID 2992 wrote to memory of 2700	2992	iexplore.exe	28
PID 2992 wrote to memory of 2700	2992	iexplore.exe	28
PID 2992 wrote to memory of 2700	2992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\755dae09461ca9cd02dfdf25ae93f658_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ba117e05723a92254967b1739020c6b

SHA1
df61fdd1d10779f6151ec3bad10a55fbc7d0905f

SHA256
d9a74a2ea2519bf4e5349d97bc5206ead40267cba11a1f1b8918b23746ff7f3c

SHA512
08801a6a3fdabc5788875a82b11fb91414bd8c2610e25f89fb11df6a73d00032322946ffb5f468db0c0f1822586530350e1ec80294a6072c2f3993717fee4fe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c168e0203848df455913ef5e1e41fe51

SHA1
6dffe31e135a21cbfd8d7d0371f6ec80fd8725ef

SHA256
7c4fb9811394ceacadc278237160d7b1d1d3a18d29b93aa246ca579a20ad9f65

SHA512
78b746b2769a1f8b7d713c7d041d25214742fa9dbf4301bdf1a3223a26f86b20c9ce785910740b71706027adc122c5283021d71f453cdb601c8a86d85d0a272f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f35c95577449cc329c664181d9ae0fb4

SHA1
f0da6526fb1d503cfbe33857ee0c02b21b4e0109

SHA256
93a13f3f3db7ae73bfa0196c6aa7c50e4e814958e73fb2d306da54e72c422ff1

SHA512
73580073cc7551ce44eca324bab39b2387b9229c29dd24c8a687b1c05c14fdad55921427c1c5ac323b220e42927fdc141f96f0ad1a32edbe8ea1c44224cecf9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7b33fb457fe65ad53ee5d4828b922b7

SHA1
7bd761311b4c7fabea53e7f6c8ae9d2c4192b61a

SHA256
25504c6dac2e3c65d5ccff23c8a5f849d8ae7c35cb62593031ded259a74a5465

SHA512
28fadb202eba54a5bf690bc8a2f5808b02c91ac41792c466fcc4cf2c2bdc1a36266e15205f9f263f7f53062ef16088645f404b5454e08f965071e3e824018e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7212bfe628bda87b45ec7669184db2e2

SHA1
57f9aff1dfdfa1173bad9123c4f13b9caaa721dc

SHA256
dc9e23b01085fc817dfc88381967d2254f6541f685ec244267c5642958edeb80

SHA512
ddc367903ccf109bbd847b69ed44068f53175d769e1de2a666d9fe5a2a75c939894a1507f99f38847ad842f8dcfacde5167cb9a27dca1506b82d78843556a9ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20b00782b1a1c7c9b78a41c00117b941

SHA1
ccdeea7cb3b629bf2802fcd89d513818837a1036

SHA256
cc9dd7304301723fe8acfe21cf970b18d3b44f82917f877e3f4b3559c77c4b7c

SHA512
4951fc4789cd8fae3da8273867695799848f9987b021ff6d68dc04809be51c1acf84b077a4794ccc3b9fb7f38e8341045cd7e9f2da0046fe683374e71f6e6758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23948e3ed30c08f3b3a5dcdd077cd1fe

SHA1
f7e8f83950fa49ac64a3b2d89cbe957e5c979b08

SHA256
0bf2154bb5cb75012607e15f1bf0b23cd446f390ae0a3a32e1627676294cea04

SHA512
38355ef764f57a031146bf0984f8e8876c55fe443e59902dfc8fa6bc516f60dfb2fbcbf153560a75351cd6c554f69f72d9c98b78bd9d1b683aaebd1d48c04611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f22ed1ae0fdc19cb5632ade1a12e1f09

SHA1
d2e783e52e25240e2484daf61b94a6a6507b8c75

SHA256
5cd2a46c7c39a950d20914174b63cd0795109e35bc2793dae63ecd3b7a347f3d

SHA512
ad45ce43628bf5582b70e67cb1633a9ed6c83ae3553dbe0a2f42ea13450c541761bcb38756c306c3b30f85ab8036a42ae892c1e2160e77a024b3f06aa36575ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8d6db06ea60d09b46e400ff9f8ba6a8

SHA1
0814d6677bf38cb51467d0ffc81fe6fca8d4408c

SHA256
08f394de2d1a8a349f742cfebf5c177e4d90aa8cf2ecac32de2544900d48b45d

SHA512
eddeed62f3aaa775719ad25332cf6549582767b112bb2aff7a3b6d6e69144706bbcc3251948309d3aec3e04fa8d56c6cac7509c10781cb6be79b581408a861f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd5f9c230342d1877d7b2c3fd4b020c6

SHA1
ea9df82ba1e0c8a52e03d3fefaf0495cecbfa1e1

SHA256
f5feb7e77b098f466ce708bd40db36c64af4d2a05d74f4a75f820256ea3652ce

SHA512
a97c3f0e51587e28aff64532b4fcb103451d81b44ec521bffcd5053782e2b4932ce696c40bf51ca33761398869b0010f2f49253ce81734f5ff39a37fd35ce47a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bf5a0b956f5082a82a5e067c78d72d5

SHA1
c4bfeb566aa210d05849d59f7c5d27c18adbaf03

SHA256
78658f808f55bf4f8fd3feb2c8ec044b6e6134da5c322cb40b2bf423ce043f4c

SHA512
d3be9258eca347e0c1448d33b351cc39d00a8f755465bd30c7bce9dfe68b80bf2de400d269f87c771fa30e09b45ea561d2adf35b863e70ee6ccf40b15af24082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0c4dbfd0b2cb36fef4f5aaa7cffed64

SHA1
d8a059bd28341b67c5c5c4c2929050cbd1593e3c

SHA256
51aeb448297dd69c577092d9cd71e6552845ba11cb19cb480adc0256558d58a5

SHA512
27de2e040b4cd5f3dbf459efdaa0e94242996b913da7194e3d9f277bd6eff313b79419fb4f2dd95fbe0ce481f9e8bb4bbe92730833c6c0b5bedb588b74eeb969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
674b7ef6554d2d258e1a5d10155ada10

SHA1
3f5079033ad1ed4b5334f1640a0c2735d96b61be

SHA256
b9fbef4f4826492b76f8c01dde147cb1ad9d105cacea65e36873d0fa6b9cd59b

SHA512
c83a509f97b8b337c8698f4f31706981f56f21abcbf00c51a289039c64f4f87e80a3efa322f7dac15f01d325e87a4cc5ddd3ae161db8e26fb50e34d061ff31f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9182622d430a78ee3196e3cea52cb3b9

SHA1
4baed6bce83a63eade620bffa2970bbaa3638b58

SHA256
cc75e0a5219731f37dd8926cdb3198ef925e3f7d304bd186669a4b7acf7acdb1

SHA512
012cdaf00851d0a65c16c9b2582c9a22fcc81ff3c3a89d21443d753787ac30ec9abd8025bef34d1b3d4538379765fed0af3d31f032f952a2ca22aa84cf3fde9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0b94764d6478068c6559eceb4506c5d

SHA1
83bc91b50be7f4f9fa6636aad1a1de1103d14ed2

SHA256
7dfae1255cbab210c95cc01354c985202869f275e8794805b9022551ac90e3ea

SHA512
9e92cea09ec4d17f8b6eca82e55ecbb344a799764e2f709c5e198a7c6c43adf74db298cef145760c56b69df57600bf5c0d9890c4da45d5be63fa49c6a128cf57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66c39ec17174ab0817d78bc3b096fbd4

SHA1
95472a3b5c1b6386853e2f535f31715ccfa0686f

SHA256
f127b5983a1ad00ecd5ce1eeebfc66cc44a56fd8d6e5968c797c950df58c9422

SHA512
51984f3282eceea5ce17d8162a7f75faf41bf7ea3a742666f6c685145ad4f465994e15c295be59919f3564fb331785da9ecb1ed5effb63aef2c21cebc2dec065

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C7F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2CE0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit