94df7e50b35bd3dd33bc16dc75b4e400fc17b4f927b5c3643d85da9155cd3aa4

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d8c2754b1e3580a730c40f8144ce7c8_JaffaCakes118.html
Size

41KB
MD5

7d8c2754b1e3580a730c40f8144ce7c8
SHA1

2ab4547068f288337cdcdb21695304a4a3168de3
SHA256

94df7e50b35bd3dd33bc16dc75b4e400fc17b4f927b5c3643d85da9155cd3aa4
SHA512

90bf6eb309a84401d20b0a07752d5ab404ccd98c9f7a91c5217a6e56c4a8547b9c7c00ad950974de63748fb2a8d35a7b2e7f5f059ec7a7fddde74e8ead0c8a72
SSDEEP

768:GUFtrVRT1OW/0ZQ1NYNb6350SWMuwK0HsHFR2u7zrmrBAF/BH9XHZz3:dFtrVV0ZQ1N7350SWMuwK0HsHFR2u7z9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000028500d1eaee9e24d916b694161c31bf6000000000200000000001066000000010000200000002abe9628d1eb00c02565cafff6a22baf6e4a9afb2098f7a4b5a808cf78f0980c000000000e8000000002000020000000305145112cb59015f19f7bb4092d24f2e0ff7cc90d8de19cd804da0a80d7521920000000e0b4375e332465df31b52fcb18200603fda76af4f3a0337596c56e64117f9b9c40000000c52404de4e8daf05941baa89413532e787a42e7fb98cd03515cbb7d6c960e929a4a37bc50fa2a6fd0b2dd2fea4a777d8a1391a8512a1e936450ee194564a65a8	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7301271-1D0B-11EF-A6D5-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000028500d1eaee9e24d916b694161c31bf6000000000200000000001066000000010000200000005eab7f6b7d5563384f71a4ea5570fd66b93d4eaf972ef3aa42504188aa948e68000000000e8000000002000020000000cd865c7569634fea1cf0c7b9dc02ac6f4ad68cb0274b3e40a8e65b3873e3cc9390000000ba455b107b721b01b288f5a8a8694c591bb63cb433338f31b276ce9ac711356e8151ead556d500d04a8373d14511253fe082b7441cf7f50b25dcb5d624ff16fae4b5c1e5239c805a65ffce3ec0c9dc46799f34fbcec6a5355fdea2f926c5c073ea9b95349aaeb3c4de6fd0a92b3700dba7ee5b593728c5de0db97e7fd27914cb6f9b76baeb03957d6b02af7ed52e7d1e40000000fe4ea41e99f5c656e7da0ca517a71b592348d0a0b68a61d67dec93567980111555bbb5c5a29e33cb292ae618c2894a0c9923ce9cba20bceb27f9b6a0ea582586	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423074005"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01fd77e18b1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1412	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1412	iexplore.exe
1412	iexplore.exe
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2040	1412	iexplore.exe	28
PID 1412 wrote to memory of 2040	1412	iexplore.exe	28
PID 1412 wrote to memory of 2040	1412	iexplore.exe	28
PID 1412 wrote to memory of 2040	1412	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7d8c2754b1e3580a730c40f8144ce7c8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6247875ce8dd9cbff6733b0c168786d

SHA1
614fe0b3f19a8a153a65037bf6b69f39daf29e01

SHA256
59ffa7bdbfd0b0576933496c08fba9eb9f937430e84f9adfc6e8f6c9c7326f27

SHA512
2368985294a80e7fd2ca5e2a1565e70c83ab795953a6e1ed8bf72203a8e8267f1d8416fbeac38754dd9d6d47cb2240f4290eec87f19904e0e80b1e5fe6fc4281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac16e6f7d0dd412d1db8ed322faa11e2

SHA1
4f96b0dbf8907f457ae7e2782d95da8df266e6ce

SHA256
d6c148d440a6efa68a6df8bd7e73fe0f56ea4502a196f68f6d8edb67dbdd77ea

SHA512
1868a6de56dc94f4f58d7aa75d6738a2ef49db902b1dc241a66c754a054c956ac6ccff40cb71d1b1abe0257323ab153fd69074253678fb4dbe25b878608ac018

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
363345d9379f9e8b87f12315523bf4c8

SHA1
87a58e8a330874325744f03471678420605f269d

SHA256
4fdff3b7627e1d84128d9ad0c3566e1593dfdda8bfabc62752b1d98beca0b6ae

SHA512
1b401ccda8a791688f2430338673bf427441beefaf5f9ea18399a31747346a7ce20d2a66a22d5f98573adeb545f7de0573ee7a6e6582d46c8c5ead3d4538b8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70fa0132ce2f4d280770d1ac8e57ed77

SHA1
403a427d622a98e426b818f37f94d12bd2ecf429

SHA256
d96f64419c8878298e51795ef0be2718e570058d5267acfff9f4d63005f2cb70

SHA512
4da2225f80120faaa813a95ef38cfac99b694379062640260b6e2d5081a83a35e49d9a4dc38d11dd5346c24577ff74f7c3067d14e7de6e02a02acb197e3a03c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72a45bb5ffb1eff3aa1644c3a75dbb6d

SHA1
56f444b4e0f8a1895f9847b3f17311fe3849100c

SHA256
d17ccc555bfceee18aa107246e1e8241021f951cc7b19f318129f4495db12f3f

SHA512
b21535cafaa84c35e84397e54eb535a8ae58005ae5b7d4aee4485f66acaf8135bfd5b03d682957387af24d062612b450d66b064b049aab0e375f196d1feb978d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
962194201738ed1f38c5400f0a4e73b6

SHA1
3c0b3844074d1f5b786fa9020deb21558b7a4997

SHA256
1779c2e98e69fc9a94f9bb77a83a3446087b76bcf6372791abdbb0fd6c85ed10

SHA512
bd1c1bbd57651f208e0057aa3fc46330502d92af0a7ed823396105ecfcfde0d8423f095ea3c3e89a99145c068d462b61357471874fc5294acaf2956372f507e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6b7904df59646494172380834ce6f00

SHA1
be6c357f961f9f120edb95dbc64adc92b21bee83

SHA256
1dcb3ec01b95d9e2f487ec00845045ff20aac8255e5cce9f7572a01f5a35d061

SHA512
4aeb1acea4386d858280363e96c59cf2ba8bca94414c0de653290b7ee1fded56dff51882429d465781df73dec7b32d3c023a52188887e934092e4ddcf7cc0d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7193f1f82b37e41d7d029e30fd65a946

SHA1
152e4b6a902173e026070ced5c73c7a98ad492e5

SHA256
d41a399da2f65b5de99e1280fbf7c01ec0c7352d2352f2185a3555362f6c747f

SHA512
3b54093e2be897cba4362cd33dfa112960b84ddab565e70331824230403b90b97397b85f2f6be4cddb3c5c6f40c73f44ffbe3d8b195a49315d2d5f3c46846265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f40d61332c6a1435f75848c6410f2789

SHA1
a3ce205f5215fda9de6a14904d0e4ee19c2459d9

SHA256
4b81da4156698adccc253cb69062c718fd53e8637cae6857293b0c2b76b3d7fb

SHA512
c79c23c0d32d5187db606a058a792fd2da946c39123ade67b039269f933d2dca55b19a6a8d44a75e4d43446b29c6630d38aed5be51f135c755a227eccfd066e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
386712bcb712c67644cf63a50ca999ca

SHA1
ca9b65ac14fa8170c22019c8adf4a43731542c74

SHA256
6e20379ae62adf28a47f99061be95f2215ba7cce724b0471ca0ad23aad655cb6

SHA512
819d5175681147913e9e574a42193ad2f238b45c9c32d00f8d2587a39917a008f1a6255a72b0cf02739737221bef94cd5c4e82c198102ee33b6a586b51c3bc8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f8803e87a5d5bac02bdd135094d29b4

SHA1
cf96f6d207c63bd1f7adae08a90a3018ff05fd35

SHA256
545d0d300af03565b21d7dd752a81eaf1d2c7d24727a2eb857ac34994dc556fd

SHA512
50629950d8c3af6b0f4feacff156ee9676b1ea9288a063d97b244f64042c262c68ca5f47cb889b93791923271831f94c40453ff9762782f866c3990d65202b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93129dc75124d6516363ac585c6698ef

SHA1
b0469049785828c3664089eb6f52f212facdcf39

SHA256
04b7acca6fc506149eda9ae32f0f5a08e6b3a3b9c05e020b6c5e3128eb77093d

SHA512
20800346c349a977d7f8632de48137d94327063ec878b67134f7b7ece9d325fce2779792e00c0ccfbb9d3ece806eb4e0ab0711c2998592dbc8991af4867c3307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5c4eda1c220b5275e2e54c928ff3073

SHA1
b1552aa1abf443e97907b3073d39f2e6c64dce08

SHA256
8bcac2e4af9696062a44356dda65492d4ba22dd707828b23a490d030fe7ed004

SHA512
709a9de72121ab1c892032ba17e190bc7b63c1d6de0b7456516a86c90f835272f6ee32fa71aece910aa1bb82864956b7f5388d251bf24d71e80726688a76c197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c6bf7cc9f1dd50e328a70cf279f7ce0

SHA1
abed9a748ce9cf516f8d24f6125a568eed9e7170

SHA256
e12799a4af5587917063b20c093be2745d29dafccfd6a3c6de660032e5c856d1

SHA512
f64a183668f9f85b703c057d8bba2fbe2bb64c5ac3e648ba5a0f6b0e808254c830177edf8d4a1c12809abf95b57dad4749cfe60e9284e9629677e99d61016dda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c46ecbd0d734d255a0c769b93805a74

SHA1
72fc516a74fa0722ff6e093048580e6951c8f307

SHA256
0c5dcf07518260a95fc2e56b65856742896baab4c7013e7e7ab84b127cd1a079

SHA512
8b9d8a2c55c9c0019a61a20100a7dbd58ee17b0d9973eef582474587df7720377d9ea5ba0f7c7f3966cdb1e0ced133fef4d8f90351fb8360b67c29bc2951fba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6eb44739b2a772a401f79cd55002efcf

SHA1
7fb33f673c1e21b008337c4413bf1a7035214715

SHA256
568905d8545653cbbed5fc94bfea91819a2876ab1aa9244d8ba9f698976da39a

SHA512
533d4e1fae13298d829c3af03a896e57d421a1b6ed96fbfaba0926e59f6e23be59828b884a13a6d4e034f5c22d0600ce8fd8fee18bd16d8b33ae73ff58038265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdda3a812575ec8ae845da2bf0f3f245

SHA1
c517414ed28857d2de80d2d7381a5ffe53e7e1d2

SHA256
b7af29dc35b36c61993722079e3dd95a9dfdf1880de4fec0d3334ec8bfd2f729

SHA512
9a9ef8197afb0f005b73cbbb0e4d185a61bf0e5fa7d4b5f827d69e82d56f172486fe7767a220b61760b2ec8961af5b08d4c7b07c0ee25da5b85f0b59b4d73187

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD896.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD918.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit