27085f1b86bb1b0ab1c5355d214d96588b1f0e4de8c130002627e9f50178194a

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7adfd7244dcccea300ce6e45424b5930_JaffaCakes118.html
Size

68KB
MD5

7adfd7244dcccea300ce6e45424b5930
SHA1

67585a050803e2941e24cabe48ad4d3b264493a2
SHA256

27085f1b86bb1b0ab1c5355d214d96588b1f0e4de8c130002627e9f50178194a
SHA512

c74bf2e2ffc6783b9065caf1ee74a79f5552fcfc1fea4b33c61a01dd9c3c1408fe748994ce38df1ead2ce60c6cf36d867f45146bb07dccffb22e2e4586e7dd30
SSDEEP

768:JiRgcMiR3sI2PDDnX0g6XjBRUGgoTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:J10RUG9TcNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000454cd98f2bc4833a1b83704e59b3765cec9bb4d86898e8836e84abc8a695c408000000000e80000000020000200000009e824d0fe4018cfde4eadfa8586d89a3ff8637144e5eefc382c430fab15ce895900000006f5af0f426ab053ed42f0f137520ca7ad78ed084459e2cdebf21de3b55bd4a53cfdc713924560c6e0a681b412c6477f7574eca430f74c442fff0b2988cd9854c6eb88586c9ed33bf96988a14e3f3ca2e488a353e87470776f273f9958bfa5b6a8428218f1726610bc3ca227d9ec9ff5ab4ead36dcc3f9e6b3f05b947e47a8ad1ebda79b7178d70673cc859e6ce5ef2da400000007d90cb24b0e9379b75b859f0c9071c749c15641e1e80b40366075104aac6906c97af768a31d51d107347edc11ff4e32c0c88e17ababb52dc1fe6fcf494d72acc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46EC6FE1-1C7E-11EF-86BF-CE57F181EBEB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423013283"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d096881b8bb0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b07d445ac67b466ebf62d3466ab37f3db27c8fdc3c56ca99377f0db10ef1d821000000000e80000000020000200000003df1847ba4a4dcc3c9656fc304424d67c6cabbe8ef22f9199e7f5043024764502000000077bd0607ace14d728738a9cf201a7cb57f5f3cefc7c7698ebf32a9a5b1f30f5e40000000cca78c83a3c183677b78a8ced6770ba78f57ee45e583eb0986fd84e6f2a812b7dda17a33d631dbe9286a662ccc72004245bcbda355e2b266aa4d8d0253fa02f7	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2104	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2104	iexplore.exe
2104	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2064	2104	iexplore.exe	28
PID 2104 wrote to memory of 2064	2104	iexplore.exe	28
PID 2104 wrote to memory of 2064	2104	iexplore.exe	28
PID 2104 wrote to memory of 2064	2104	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7adfd7244dcccea300ce6e45424b5930_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf1dec54db3ce04d8bf16363ca1d54e4

SHA1
2106f353f5869fa76cfd196cd507c0f572388bf9

SHA256
593e82b2b6ef76bd41063ac290458bb1a3bf8a3cf7f14f3d4628e83fa452e38e

SHA512
7169ccde3eac24b27de1c6462e7ab9c5c4713362876434a7d1f8f17cd63a2f3dfebbe9a531779997c71064bc59555de809e4354fd5c1c4141befd7d98521157c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4de3a40436c0c6183f0386b41089bc7

SHA1
3125904c1667d624a601e3abd463554f86499ada

SHA256
b0b97c27af82f2aa9e8fae2873d766332f00aeaec3c530fab419dba199ca5104

SHA512
76021809f941dcad7246e4248b0992a4481e5cfd247cb2601b2780eccc1b40b210c35f365ad5f0c2be82ee6e7b29d7ce65b265004c347f36b65b92723c6afb85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92fafc7d96b0a68c53a121978bdd355c

SHA1
07615dad956aa563b219273b1830f8e396177414

SHA256
a14e4f42c4b62e45f4228fa773c4d4dceaea4f82df6ab91d0a750754fc40429c

SHA512
c6dbe6701f5aa1441ebdf30549bde0b8c55184ef9d70912ef7446130d96957aad04054182668ab5902738f942d6532a51a7e6a3c236eb606784676a8b0450d98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a8941f1eae07e1a9b27a822aaeec48c

SHA1
cbb002402bd1d74810af3238cd7443345d2e0ec8

SHA256
8149c633a20779b65eec942ec4802f5adbcf0c855ef76186b0dfe77a5e27099e

SHA512
6eaf00d4b727e4e97010aa1284d4668ae982993ceba220f1342391cbf368860e36d934fe02409a6748be09a0da22e7f73a1a4feca598475380beff6f538a183c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39dd829e84eaa3e02802ee3155cad379

SHA1
5e66d3adcf8dc37d52179505164297f67e73985e

SHA256
04fa236563d59708ad3b98fb67fe38e4cbd340632fbba1c9a75813a47db41edf

SHA512
550740ee19626547176c53414fe48c2ee7174eb3c010ed0f0707274a4e205dcdee01dd374d68e357424448a50c1c5accf55d603a32fc73678641bc976d73b6e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7287d2dcf7e68bf9f18b24940c340895

SHA1
f401b1357cfa6899916ebc135d919fbe47d9a61c

SHA256
2df7605c44b14e73a30a0833a0c277b472336966765ea0a7af64a3db2f3cc482

SHA512
cd0c1c71b5d147ec9d9ba8b85418e2e97ceebcd97e2cbd2089879e1448a25a0ee4eceff3f1cb3e5a97d04701b71d0565d86e5361e7a3c90afafe21c75d173254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc313a85207defae0d53381e2ce167d8

SHA1
b1f2347d6e88d3e8a9e258b9ad75c3a57885f44e

SHA256
9eff4f2c1268a3a859705763d0afb3b3349879ebb549ace0a028db883dbe110e

SHA512
c5b4ef76f7e3c6f0d8e65f83693ac96d4eee478f7a86ac58c1d1322ceec436a2dc35fd7ffc6240658456e869844b6f6af0d563861dfda0a60a0f3755feb0744e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4aac57b83e44111a71850e960f7e6ea9

SHA1
8a8d8cdef988a70e47da2d05df6bcdc5f1b3c865

SHA256
eb6a9029641551335d507813e173318987072e16c4ae21fa16d8e883a8884b7e

SHA512
38901e7d9af1847cb02fd5796cfba0f82aa85a1b32a46cccef7a8cdb22232f69adb3857a2083cd59de34a161a6a6e77b1ba1abad84de0dd75d19b1bde59c4220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
377ffb112621f34e67573d2503db0099

SHA1
45c5fbd1fd659346cc55b97bc2103d8aeccf2433

SHA256
77f5e3d6f6f6401844617529a6aab522f76c8050fcca7c2cbadf06444b466192

SHA512
3ef757a28d8e8c4bbc6b9f3f073081776f93541117f280b65cd8a7262357ce933d1661fd587424c61912116f77bacc4c7b295c83c6d00f421e1aced714cf151e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f9d7e90dbdc593d6e9db00d9c14eef0

SHA1
512c2133240f64d8c5b0a0585b82c20e03fd386c

SHA256
f8de54572b6ce067a233f55dbea64758759ffcc662c31f706ef978e8213c80bc

SHA512
9f7f68652352fdddf52534b5ec0e20e9cc96915e78d6564624df120f381bcad725102a5f1c27cb1959be4d9a48acb588907c2cd400e331792b6e55f3493278ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ca5618588432f220a852a4e583d5bd0

SHA1
ec7f9bf3f1d2f41874f7018a3287176218922742

SHA256
f940af70c89d94d7f9e52daae47bba31603ea43ac71a5105f8e8d954d52cea66

SHA512
c2d589a43b00a9c6b944181eff7a903f65b007abb53ec6953168114450f3f4e645b024beef0bf8f5fbbf95ad27402e7755561bd65d5f5dc4aeb5aa3a766f807e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80d414d883c3de9c708ee2f0c8a897ff

SHA1
b4740f83f9819d0633fad168bd6ec4aec19dba8d

SHA256
9e8e986b2d10065c2884d0607040c7a65f9d7fa0ef761c28ab943fd083018b21

SHA512
0dbc2b824285c6c8c4649d68b11a7c630f0f92e8f67fb4922d861c583d08ade514aee86a3060b48cb43161740748c7ad2fc10aabc9905caabdc54a9c465a6682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47341ec29589647921ac4ff7cb6ba74c

SHA1
2c3a4f290c528a686805ffc8c39afc120c276346

SHA256
08fc2bda0146f3fd90984ca89d9224b54a3c582f6b4e3eafdf1d6181f69f720b

SHA512
06bdb3b0f100255d2f849364d927709b432df576caa78bf01003639b7c2da6cf516cd426bc59dbd130d2d06372b2dc37bf6b4014cd04de8dbe732e0804093cff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
588bcf8507fb08e15f3b527463abc49f

SHA1
272fbc881e3b35ad4656ecda42db1cc8e4e368fc

SHA256
4aec7efe36b7d20387449b941aa3116c8427f39b7fa42ecad14458083ac3b9aa

SHA512
a4ba129119e8f7d1583ed832a2170b18f558f3838a7c93038b0f13650989589d6bcc14075876569575518a89ac55962723bb1963283840fe2e608c1eadfb13de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1a34f50ee77d708958170b24da36ef2

SHA1
8a1a9690d512bb9c4712e79b960e813dd5021446

SHA256
7e4839da3890c7a38c5b635ddd567fe4aa70617f59f33cf9837bceff77908d39

SHA512
72b641de41027483b4f07bc17c23d3aeb8a87f498b00696d5531d1a27e862ef87894ca33b6c721b6d8729d2bb1bf78fb7e9689dd7a94576b41a1f15a9af7339e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a435a0f2b90594c0954c221bad742c1

SHA1
5dc7048b7bc5f6a749946bdd8dca6e15ab0ad4b3

SHA256
ce18fe2a40440e5ce1cf2b709c4f12554576ac6f18b93b7ceb67a00600a94940

SHA512
f9ddfa9357d27bad3f86baf8a5d4a82e4241f64fe2d86fedef497265380ff17e8ddcd1ad1c6c0a67872134492d39419788c758586ad417834c0604681727fa17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CE4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D35.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit