e11ed781ce7eebb98df80b0340974db69c22ee7a4c53eec77cab4079010678c3

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7886191503edbe659389ff0bebae86f5_JaffaCakes118.html
Size

16KB
MD5

7886191503edbe659389ff0bebae86f5
SHA1

63271ab536f67dd1138e8a21f4957f4d121e3c56
SHA256

e11ed781ce7eebb98df80b0340974db69c22ee7a4c53eec77cab4079010678c3
SHA512

e9bffa6ceb4b964c384d7b68fd9e62c5cf763d398445ad274e148e284a75753948fe9fab1aad452d6f46ea55d89186b6fae0984ab2bd60bca9358081e7bc6f16
SSDEEP

192:C9PPMgBEOks1QTxE6av//x/pjUClWa92HPeX29SmO29St+29SGpg29SJM29SSe2A:C9sOkjHav/Z/hUClWacHnYv2lO6dQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9219F8F1-1C03-11EF-AD38-76E827BE66E5} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422960581"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000a8fefbc609c72a97a1bb552471c5894df301353b281b55979d2cccc73492ddfb000000000e8000000002000020000000af3f40b5eed125b7a9dce3b0a9c296718c743d3c9c317210ff4a971bc011ee2e2000000024b2c0438cb50c8fcb0f3d8e2bb513ec8cb7ef111a2cc66276e303e29762cb774000000098c4191cbfff256a724a46dc7ac251d855a1d20c10e2cfe683426d3208f4b746e52f0c177dd52e28fb3451fabed701f5222ba0e5d2d7479e2c72025df4008fee	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e034626910b0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002a33bf607846492371b143aa04fe236acb93d9f3b29b7c8db1c69e425a3c8e4b000000000e8000000002000020000000999703c6a85a0dd073704d4cc9ee34cdf96f00f04c5bd3ecb4d54bf8df920d3890000000e2d9aaaf0036673c8d04717e439f31be705a86550245324b519eb0638bb71b2d2da965027e6bac1f1974658d945c4c90758d0124e4b1b5d1c9e6e4a62750c6f9e57939a08c39f44b0a5cbf648fc3285e7824a512b895a4f1193153618b32a545959c466fa8c832a604536c74b2477f8ff22595b8dab95718a9ea76417802087979555d20d5d324e79510146f6beee5984000000018a7b0710e1f9947ce75af48532fdac10664b889179f03df31aaca36ff43a6ba2afa44d1c49a2390d65cfee1cb9d3c186357d5e7435fbb07680558bf4541df8d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1860	iexplore.exe
1860	iexplore.exe
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2548	1860	iexplore.exe	28
PID 1860 wrote to memory of 2548	1860	iexplore.exe	28
PID 1860 wrote to memory of 2548	1860	iexplore.exe	28
PID 1860 wrote to memory of 2548	1860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7886191503edbe659389ff0bebae86f5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a00fd4281653298027e911812280c7c9

SHA1
e82c410bab74539a8ae109051cc7bade6800b815

SHA256
f304aabb71bf055d15a6c12aa276d5605861622f506906422c5c2705073f74c0

SHA512
dc105d7020a63d614066885032c1fa0e164471520085410a9a2f5d2ca84fd65e0179c9c5b242467171c8dba66b86990eb1dc8fa3cb8544075823bf09ceb6feb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0405f512d96975ffc0700e6df0371550

SHA1
4a17efee04a36815fe4f91e1f92cc530e626b502

SHA256
a50af216983a2be523c4503cf4db4832f3f514bcbd6a534d1e4a18e66cee8006

SHA512
a1e4cccc1968e8116dbc849faf924659024519062f2f5287e8f767327bb9f36c0566bee0091d70bc63278d8e53b298213f45635358a169425ade3c7f2245fa78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2132e93c70020de671f8a9db6307aa6f

SHA1
3738dcffb345cc81e676e4009bf9ababdaa59a7d

SHA256
39f09d5e2797a0210b4b5d99cfac6dea68c6df0323fb9fe0ad39aeddf08888bb

SHA512
367950ea26b81c333f5bbc07e5bfaf8d36e27e8cb7fad19e480aedf1d0e6e632cd200a22cb82a1318729c4a28db7dcd677c66e679f30ee535b96615e95179795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e2608d8de55ac4e6f0700eb3184a895

SHA1
44433c24b4007d18c6c7f425f44c97acb5f1bae4

SHA256
21db5f7a11ba9005814c19646ab740b837ae220330280e70f7193a64d166de4a

SHA512
4230924e6fdb38fb0dca9676cbd84f91f1e397a6615dfb96d6d179f19d5e3e7da6f6bbfa6005753c14df920fea31a23ce36d05ff1a7857e41bb5d88fed1a10fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1df8654b37b2e5d6c3da8dddfb74b5e

SHA1
dbaf7d207cdc04a768a2ed4067b5339414499f13

SHA256
b06fd3863a41ea3805ce3a2762a1016b383260ba5f6c294b4b4f5fdf9c07a759

SHA512
46701be1016322a505a98c4ed1f2167d55948a39cc1c3223a7cff70621afdfbe8042fdadb72ed25d3e418467ad7d38b0a05199cb921de1354eaec23637f4bcc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a73578458a1913756635e18452983f63

SHA1
0957fc0f3d2c301cb6e94b54f741d50c5d4e47b2

SHA256
5f75ed8d3b142e4aa7f84565330d04ba07ddbe0be1ef9383cb325fff6e9fd3bf

SHA512
b58ac80cf753ad67be6eef801d9aa4b455fc158afe134637cbe0e933bef4a2170ecc43c1b8a8f54204efd76f096d57129cd0498ed17b0f5d87d70a182a9dd8ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc496d7fe0c0bd18d2bdf1143f18edb7

SHA1
c08809e125daaa59f2877496f6220b82e02d81f5

SHA256
e9bce752097c9a6892aaa3134adc7c15b7050a0bcf56a569afa2e1e2361e8f11

SHA512
c08b5edcd519ad6d6d5ff582be0633923eac010374194d6827cb96921c8eda7d4b3e362b299f0a9d386cd020e5bbd3618b1183e6a929ab51c25296a05d8e86d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69f71e331430d6fe63115c4bb56991fe

SHA1
ff7635ece6512374cba4027c25d5d6a7489a91a3

SHA256
b4179b4c81fd3f71be262ebd1a6d09841a7e5c1c7935b926543cda5ffe272b9e

SHA512
1baee42e09cba3d43c12a2b670ceacd1b659b24aead5a8952513f7bfaf7c55305b9eb23921d4504cf14e4d99d3a6662cd747e0e64fc0a26353dc872e13583512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff030f6fd3430667d27589b3ba66b890

SHA1
a2e72a504833fb640b7bf67617e136f4cf9c4a04

SHA256
d6487f2cb4d86340570755eaee181cab467ec946e78527cc7aece08db66b962d

SHA512
a718ca2fda619a8d92c1847cf76ff54f6ab6c25e02f67c0e0af416a1acc4d5504c26b4d6a281874f1dd4215471aecc5db211e48fcf3b06a2fef6def2d30a1ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7590f8802129919f84860889774a1c11

SHA1
99a564ad1acc47768542c6aec59377a8613d1f49

SHA256
697c8301b8fdd0137059db81a8bcd9fa7dfaa4d23edb2d692f38604e4e4c320e

SHA512
12900d710bfad5a0f673b7a64b27b1f1a306d2a6dfd381704da3cb526b77ddc1ad5578ef0937c03170016e30bc922bdebacb2fae1fe0eed2914390a1209cbdca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3076dc129e5be40e3cd4dd916508986a

SHA1
a0151d1bc619f7d5033518b4be10e6cb1fbc6652

SHA256
e4c9c5e6b9b60307d49ff85bad6707c89c6261735b340515d7cf33f785cbe2dc

SHA512
8cc00c4348eaa2c4bd416fb1b8e3ff2f65777c49c98dc31fc37012ba4fa5a1d58974433ecf0ee055ccee491e60604a61e2d3f5ed3dcedd22d1d6b7051ac46adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9c5016c89cfe19949c8e26d9fb61852

SHA1
67a589c437268ba476ee89e94d5cdcad98441e28

SHA256
0874ea02e7245f00558404bb131d2a8abe76bc8a13a55869a7e9dba3a7c28e8c

SHA512
559f7e7a6893f0bd7d0a59f473760fbc6e04225d7bc90aaec75c7018cab10be317673487950456fce724ef03ca7769c2fcb6664117e93374dd1d13fa02764863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4fba724b10b2299c7c10b407e1fe982

SHA1
855ab52c7210883db75b945e007bf6c11af69715

SHA256
daf246474681925ff1e0c05596b4f6fe16a8b5a41994781a1e08c9c89c4eedf5

SHA512
524077dba2f4f36d8d1083c4d5c5b1dc429970177ab9a08cf6c50cc56e84bc3c9b2908ed1a40f62cb5db90231531246d7c756ce1740abdb8f0e81d7f2cfe68bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
877c0e9a58366dfb2e5be86bc32931e0

SHA1
36ba2ed37b58ae61a24fb326e43604357aefd39c

SHA256
6038866926445f3e021182607a99f52d17dbd059b56dbcf6427a8d757f8f84e7

SHA512
a6a688c9bcf234824ca01b60da34a228cd371ac00bbec2cd7550d7eb773d5e1a1f4d1d1154f259040d834911588be6e2fff85701e5982e368b49db61eb2f9065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db36bd85a141fccb960376b76b0e8744

SHA1
cebb37d7c6c1dcdf006e72d5c77dfad2b968da5d

SHA256
5e01e0ab385f95b6c9c61417cc4a154446dd99e495c0134a7e0bf9920df2cc36

SHA512
2ac08e883e8c38a273e166e2f3e7163926c1ea697132f36a96b654ef1a77678240d176e4146479bfae073b081591758e62bbd4d2f2a65a6dbee43d08bbf06b5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ebb0d9a3c3d05152148e80695bebcaa

SHA1
8c05db26747fbc8336bd985344da2f1db85a7b25

SHA256
8042d79a6c24e9779829926a7a2168c6c3cd3ecab3a500c97426055ddc6bbb90

SHA512
9febd1586a2f4d1cc05c732ffb5b95c96c6ed059332396b24b5b561a0a6ddf02f134734968643ae28151ef7a5e567b96e36b5e05b2527e90d89d6e61c61b3f2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc52cb1febe696f26c5fb4c087042c43

SHA1
f0d87797d4700bf1a3c83d96fffc45c2a42fa5c9

SHA256
fbf48bf4746b5bc5e5e58f198113101750633d5a05fdf4280034dd8e804d235a

SHA512
037e9f3edb33e2406100b8ecb11aef5757587c026d4316a24f67dcf684bd5de54fb71af80ab2685fa5502bc81280a709677a1da913b7a5682457d2f5f6ea61f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F0F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F60.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit