485bafcbfb4304f7f1ed26f7ae1f52d81c69f8531e259d4111cf90d0a0616a49

Analysis

max time kernel
133s
max time network
129s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78c500220fcc49b55dab7fe9ec57871f_JaffaCakes118.html
Size

923B
MD5

78c500220fcc49b55dab7fe9ec57871f
SHA1

0824e5d5338be609483ec7f77d53a1f40aaeec4d
SHA256

485bafcbfb4304f7f1ed26f7ae1f52d81c69f8531e259d4111cf90d0a0616a49
SHA512

4076c97662b9c533c14dfbcee3cd4939d47df9be598e58cffb2b2fefb7ac34a526e4adcfdad2f0d19339bd8db82c51aee0a0f376e117f2aba97a5a03be301ae9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC06A1A1-1C0F-11EF-AE77-52E4DF8A7807} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009d40956cf13bcc9bd56a612f88695a2490a202131bd62896b57ba6417a38481e000000000e8000000002000020000000e3cdef3e4cb384006abc6e0da5084c08b22fdde93689c21a78c6dddf50c00d66900000003d00a444386da9c9f6cd884c99a5fbf4ee6c77c7393b2546531b2f56a38bca9f88add9adfbf2ca1daaa81870fca93a43fbda7a8853d630cf24db23a10e6a9fb98d9fab2294c07b9a6f8d7a43fdf2aa153a22c9ac8900edc0d69632526f97cdc9dfacc3a6f9b08e2eba178fde1e5863e037355daa49a1b43ba78e7e8dbc1fac6981496b3e94647deb5a79561f4d3cd6af40000000825a346bbac2f96f695bb2377328dbf2f27b2de2401f0b54d41247ece4ec68015e6eadeb3999bf15ed490a463a2049c31a45692a754ba2fc81cae30f3dbcf017	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422965859"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000be94474bbe1a13ba9f40f29cf0e54178bd3c9412e67676392dab8f04ec0ac263000000000e8000000002000020000000dbf5badefc7ce292bbea42c437736e59795b8dbca67e62169cd545c81aa0e89420000000b089a211e5e24366ff7dba9e44f2b43947f498c5012779a3960b002b272294d6400000009c9ea121394a011521f0b7f623ba9c7b8c7157e0a005fad3ceea55947b7f7fbc4f419751fd59576155ad8facf828e76d2d5566aff99caa5c1851425fef481fff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0fc98b01cb0da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2904	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2904	iexplore.exe
2904	iexplore.exe
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1592	2904	iexplore.exe	28
PID 2904 wrote to memory of 1592	2904	iexplore.exe	28
PID 2904 wrote to memory of 1592	2904	iexplore.exe	28
PID 2904 wrote to memory of 1592	2904	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\78c500220fcc49b55dab7fe9ec57871f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e6961977a0a26b25948637b3e11d8a6

SHA1
ca475045217f3a1aebf4ee24c01a48a5ffa60f1b

SHA256
051d0fe3e2ec00780c5c53a2658e0f7eaa679f308f6744439c0ffdb5627d8cdd

SHA512
4908707d984fd8ac25cdc5ad1ed0fcdd5a145b438672a927e55c7d4443d5c7de49fec2b786f3c4073ae6f174af4c9f832a6c2a9f90782de2d26cd63ab0177e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4097eb303e41f1be47712479f9442d20

SHA1
a886fe3175a7f98ebdcb918c5b30707eeb31608f

SHA256
7eceedd1dac07a0db15132de06649e81af827163ceae7dc456fd343caa460f5e

SHA512
253b74c68de5485f6faacc92a05884d26c6667b1bdb8aeb059604564c033ddf2eb28efa0c823a5519574f6ea4b88f9ebf227207649a9e85b2171fb7be9f612be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df27e6318a8aa58133deb3a64c1df59a

SHA1
285b24ab9c0ca39956386c3c460acef313499c55

SHA256
48d954895e0c8ab5073db05cb666245f4f09d42a9f6498f8f7c53baf0c162a97

SHA512
fe0f6f4412a06f5291e791693f7012ed31729b7e06d497ae0e7efc1245d6da6af5924783e5d528cac120ceb65d279e6cc9c999efbacfd54a09183e33fa875299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90e3ecccc0edecfe763db6b04ec843ae

SHA1
8240c4a8907b043ae2684bf813f4e0bffa5d1180

SHA256
892c546e23266d4f38c0af71655d25e83143f5d773f47cf708a73f8e1483c952

SHA512
2b4a1d5ccddb8a4f2911fcc25e81c70119fe8befdb931e53c529f82b1409a784a6c6c0fcf4ae8392fc17cfdfe8f59044f734098f6520a9e23cdb553cff81cf68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d79a2106237e95ad267662fcf838ed4f

SHA1
73677b47862575877fdb5235808ed3bae70815e0

SHA256
f59e5a3fcc9fa10dd7ef6e4190f4cbb8f26b721a143350f36bfcb5a238ceb274

SHA512
9a7ffceb3bb9cb2cd56316c8a4cef15d8dc3e020516be0e2f2fbd4c7ca9604c96a24d79104104c690c998a257fa4e405699f0c4a5b2934e786516b45a5271a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcc36660c4858da1423b69ec6e1ebbaf

SHA1
db6ce9561227ab0b9d2e00667b9aec5f1362072f

SHA256
1ffbeea8ab3e9801a8c8bba1ce6e066438f223a33ccec7b32faa6bdda05c0060

SHA512
b0cdfc9939ff5e519d352e28e2d08d6c3fa6ec9564668c79cfed21c74e806701ddf575106cea2b953a4951e2cdf39b31e49bf3525d1a75901645ef4f3aaeb33b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc41f12de75fdb5aa1b4ea14b55a9377

SHA1
21e4e984a1c1e4b60d8b125f71f0d404515593a9

SHA256
a42667648015cb6efa1b47840da6978189cc8ba32d6d7dbc6d9cb3e4382ee222

SHA512
73a06fd4923d5df878be022ac0ee531fe18ea115ba493f557563b52b2a6d027044e65c083cc3eec534453047c578c1171a2e0b6fd95d5d40cd551442e64bb29b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6416dbd18a02d777c427e41720e73bd7

SHA1
dd0b4ff72b2870230ebdf3c999e0cadb9bc86f9a

SHA256
e631a22348c8ca8dba464cc2c4750f1a3245fc75913864022cbf962ff10e7244

SHA512
425fe6fafe7fd9871a0e44433ad8bec00b0b34dd01e39abf3a78203feab38c02192cb54f921eeff5411f22a0289675c2df6c49bbcdd4210253bccc97d3e56e6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d266880d76bf39918436f1b5f3c55dc3

SHA1
232f1a8d3a0d16f76153a62d25151c4d7fc36f4d

SHA256
29c1ff2c9dabf4e96e5568702f63ba82b4bf4ec7643d715b70f90469d0de9a31

SHA512
50fcbafe74f1fbcccd5f1df30155b6d174412acd176dc9f9ba9433aaa14c6a61131649f6da33b7244e94227591d6f92354b54a24866418c74403d37b970d826d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c7e473f3950d7a9e256252be3933837

SHA1
e52d9a34ea1c367c731bbbc06461acfbdc5bc27b

SHA256
0fa84d6cb7c2761f43da1948fd6181ad0e1da3a87a7c65a14df59d5a0c60e38b

SHA512
fbb4972ef5c69fe2e307b69e6f5e1a80eed5e75bfd265717484a0a1b8674d8df50676a36689d2d5ee1266e9068d821c6bc6787a616ad08cf7ccd27a423b1f214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b29903d1be9ccc245cda20f4f55882

SHA1
70c574620192f74c987e1c13ba79d075d07e3499

SHA256
f50692f9c1538a00bb01d765a190b127eb317ebb033bfa4dd30b1cc9d6d83e84

SHA512
94a4739736710614db544586aaed55fbd152cdbc1a20ef2fc70268f25182021e411f0306403b8f0bb1338e91bef9e1dfc2111aab00b0c401048d1dd610770763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ef858d84ac80d849a1a2d44c8fb025f

SHA1
b88abd3b1b04a73d86bcf834c996b907cbb8b0aa

SHA256
4b560c45fa49e730c678f0bfff5400f91a436d4da0ded948c4f8801da8d0e97a

SHA512
5fb7655d5212e6e2cb44a78d35fde2a1d77bc6166633669a1286accf1e4338298fda51b7c8473f11e9924b4202d8c1b028c58db2246c4b7e627c3495d0530cd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f0c5ad5189c33289a4be96a8c521fc4

SHA1
e9ee35edab4ff8cdd665e22b3d6c1b6f284e1e05

SHA256
b30c735824b0c57090ecc354a88a9aaedc695f8227bf1d360e5d76dab7e764a6

SHA512
9470f66959cadbd3ca2db0186f8ef0db16453d156631ec029147c58fe1501dfc522af7cdbe01bccc564413dcb70655d8e6e330b7319c53e614484d42ef226571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec4582ca8db55e750dcb23262bcc0ebc

SHA1
fc3eef45b600cd98745fd837d177df5d46c11d5e

SHA256
9f93a48e4a3ee637571e1cf1b88e727b262065815af2d26f6df87fba1661f4d2

SHA512
7de6721a5596e4cce8e8f2262fc5c85c24d2900610521367d8cf4b32aaa0564318d85b1d8fa1001221632cb87702b68995e3e1db2af3f617320be84487652c63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a784705e2680909ab7316cf7ae606a1

SHA1
f9dfe34333fe2ed078c0882b565c22bafa732389

SHA256
0eca4feddac67ce2b24536ce37fa9dcc8cac300dc34743bb12bf7c9a4ff08b9e

SHA512
736e107edbe78a60b1ece9dba0a0b4963408d91a5a3538248596c8dcbd878b28936f76c4604abf7e8e5461cc9ff9d89e915ccd1f975eefa82590f366cc0be639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06457ea3bf4e92539e4cd169b12c67fd

SHA1
bfada5c72edc2937b655faf6b603ae9fb94a363d

SHA256
7448001500385faadb4d48137a60fe0ca0db82adc19633f2dda58e03873a0deb

SHA512
fb745f65ff72b59a38d76d770e91599ee272a6670b862b7c92d3d24a7eb8bfcc194a12210a7585fd710a57b421b5b18fae0dbb62004893a791f54a2349f88607

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebba7c30a7143bb32153e11ad69608fb

SHA1
3a7a415a57396a9fa92d573a529aa3669ee0c362

SHA256
e660024acc2100fefcb7d9b1fed06d6fc2142ed883cb0df5aae9e2ea4e5d2b05

SHA512
7ada125693081e4d386429e49b5160b05590398152ac62dfaca9d66ac7876697d66f8b59b91f6f69272e6e4531c16683a0213e2414d1bf5be4023778520125c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21b60ecf5879328cdf4ed6e3cdf489cd

SHA1
7ea5c4753b2b9851658e6fc73f7750bea39252aa

SHA256
a61397ef80815a5e0243c381a7d12b8593cac28c2c2634d9cc9467c0f0fe3aea

SHA512
16e2556e77f485cbd574bb766169fb00c272198b49f55dce7d51a04163f6e3f053a858704ca92602ae4f0e0a10629042e5c344fcee4f139c592b997dec80814a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3160.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar31B1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit