871d05a955297443269d14bc350f308d2664721bd2740dfe6dd1057393e97306

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f395f3520bf5b6640b5766db49ce645_JaffaCakes118.html
Size

4KB
MD5

7f395f3520bf5b6640b5766db49ce645
SHA1

737fb7977c934b87f0aaee05e15aec8dec94918b
SHA256

871d05a955297443269d14bc350f308d2664721bd2740dfe6dd1057393e97306
SHA512

f69b0cec57b91e9fb94a71c8c803a2bf7b8dec0c31b57a32f7993c210d624a405db3ae283c3848643fb358cc29f232b6aa1c373116a7d2ad32b9728c465cb765
SSDEEP

96:ziE1z0jumV4MSEPBDvV0n47ej/hgOKiljMR1QnynePtcTlBZfpB:ziWz0jJV4GD8/h/KiZKQn/PErZpB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF7AE1E1-1D63-11EF-8E44-4635F953E0C8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423111840"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e1ccfae208a5a10ee86840a9bedaaba5ffe0853be02c11976c7ffc1b2b46c99b000000000e8000000002000020000000792bd9c801cf5c4f20a10f50d6e660fa1b80933744a8dabd34b0fc2e15c3a3a190000000dad38f57e4688e2a4a1dbc30d9aba583ba23011143f7f9db69af6baf407ac6f1aa9ef555ac829b099578bfb87393539925cc50dce42a73b90ea6e576ae76b7bf48a22ce097ab567097d3c527338fae5ef7f9c2ec0096847d734138e696d361607ac355ef9f49bd8e50c925e219871117463c3ed3dfbcba247daef91e2d3a0fa8ce036e22c66b7019ee8365bb60b53ef740000000eebf3fe93e374eed06127c760a8298330626ef8fbeb7d976c178eb658941e8120faca23dfc4088c177f9f6b5951fc6f1a17f187a5394573e5ca0abb664914f7a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c02b99d78f046a2a3263c88330fe72adda759e7482f99a45a4fceff278f24acb000000000e8000000002000020000000c4025c2aa51528fe699a018a8d528e0ba1cbf15f1e81e64f131b025e659550e52000000027b7a4c95ad4d7274d8f872ef51b34be564508323b663be5e094dd16bcb26f6740000000637efb00587ce1ed5ab6ee7a023ccb582327d95f334eea2b2259a524cf2b1100d76ea84fcba451de4438c059941a1a8fcb3fdba68dceac63c1b9745ae3eb5487	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d62a8270b1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1688	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1688	iexplore.exe
1688	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2148	1688	iexplore.exe	28
PID 1688 wrote to memory of 2148	1688	iexplore.exe	28
PID 1688 wrote to memory of 2148	1688	iexplore.exe	28
PID 1688 wrote to memory of 2148	1688	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7f395f3520bf5b6640b5766db49ce645_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60745defc56b6a6f9beaf30a672c124c

SHA1
730790f012a911237a923ae587ecc258d5944250

SHA256
c266291f9a0bf77c9609965c26e7196087c5ba74bdbd632da7d1b67492938886

SHA512
e50d2807743265f72028a248a9634fa5064ec39b5ff4db19db3067cc034c4d09e96c8abf3ffd8857cc6a19779367024f9684e121c4dedef6ea3a17cfb126957d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85a62209e70d67724afecbc92f57c737

SHA1
de4b368f0b2a407a4f8527ac8d935025d097b820

SHA256
1be6e5ceee773796d4c904f411774105ec1983896a169b14d8b614ddb9f9d373

SHA512
9fe05bff40c1be42037646071270473ad812a13b2e609ace6133b71d932c66cf217905633612861a1685649b798f8391560475791cb6cd5a0722ee3d74f46be9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
636d94542ca8307fac0ceac8c5cbd2a9

SHA1
aeb5ac46f5180d45cfad7b4197abc8f5bd0570ff

SHA256
6aeead8ab41ce32ba53f4efd6890279fa8f254fcc61d784b3e9fb02a9685dacb

SHA512
2c0691740cb6d8172bd5ff95e2f9daa62642f66105cc18d8da56906c670d8dcde1a07294667c57881ef304a9fc9501fc2da0eb6fabba2f679b07c9c2fcfccece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55382b5336435fd8a0e1e92ac4f28044

SHA1
001f4cb07b7f42eff9bfde443f59d96ade6f929d

SHA256
0792a0cd4827ed97da273d7fd39efd9940a5d9f7d073569d2c5649e4579a99c8

SHA512
ea278ed7e1d1dc17cf330017872192723b9bc821df52e3a8bd7e3f8f0fdd416496dc6e88923ca1c87f445d629067136e7c30732279e8afd1d3be5f5f2beb4eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52855f90875ff9aec2fcc9e52e5bae7b

SHA1
362478424487e067de77a925d3e797007ae491af

SHA256
861d1c48d5f726513c528729f30d391a77d274996641f29505dfbd4009f5f39f

SHA512
c6645c63e629d76e5eb90d40c6baf7843efff097c4bea32b890830541284ad5bee3dac95985f1ac10523872c61833f1c61166ebf236900e8addb4e0737e1d382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc8c957164098a45bc7d7e7c2d374d42

SHA1
db16935f8fc766422856e059c726fdbd78b966a7

SHA256
7ddae02dca30cb426a411ba9e91516a0f84b372a3220fa43f3e9dbbe5be5acb3

SHA512
1076dda7ceedbac3ba1b1328f0f2f0c1f830e6792f9b1587b354e8cb83f5e5e6d5a4d6ee3ece3829332175720e089dada98a903a4b3341cc61ad2e9d25ae5026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3e20e83c4d2f6c19a5707ef274b6a60

SHA1
f844a042e0ca987a15381fd31694a935e0e2eae9

SHA256
d56fabd94492a0ee409c3032211592255ac4890d5f9216c73de4309dee69aed0

SHA512
f5a2b4251c2ce7e23f7ff842c41f92bf965e8a7c5b32d02456ca402bf9668be8894432e316afce5ef56be497c596dd48f973e5304bce2dd3c1125cbf553c2a49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8feeb3390d924b686e8f9e6da661b71

SHA1
22a9ca7ec1d0b2cb82a5a9205d0034f6a0bb478e

SHA256
bc3c7ee99f76b29d1f94c02696632d1f22aa1219f9fb751b5c4d6826695a7a3f

SHA512
5192cf4efd9b9f5e2c4f50fe73e676ffde3b8a28085bcfd567b8ec459e47111abc32003246fb797bd966a5cc4d7f8d37fce2e830145ec338af97d08dfaa30725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7af7a87112ea4f99b03fe4115455fb7b

SHA1
578cdd6ebc4c893120513ad8e4ee89d27c29cc6d

SHA256
9e8a8c7fb9cea21b95eb7b1384ffa9b8623f269b604e73716600ce99e6737c1c

SHA512
5b8318e5ef394113ffbeb8b09a4c8f9c43b41d4375f9ab95d14d05b42b68cba31c0d67f232f48d40a03438565e5c0e92cf8f99048f1d7f270a5fa64bb35446ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ec98e8de8ebd64c7871868af7c35167

SHA1
b804165a6e8cfd087742c695530891e201d3c224

SHA256
50d24e43971b95257797ae5c477a5acc89db8d542ff0ff4beee2455d5f3275de

SHA512
0e3f9149759a15b21ca0bd99c73eaae2cef7f72b160ba0dbb3cf55873a6ec93811e6b77caeb7a8477d9f2fcab0046f1ec7c188f83916a66746f8f5af2b3f7e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebf7f41a0196b4e22ab7c352c651e23c

SHA1
e44791cb2c3820139a658991dfaf01f6d36edf4d

SHA256
6350ee7b5cf1472df86621722d38114ae031c93efb1ac24f16eb0e454fc77d84

SHA512
36b9fb638f9f6a9900cc7b54ed251c9dfa6cc1fe287c93d4fa81dee7416a538cc073b3f2ca91d3a23586a80c3e66632b3903272176439948518e7642646a3428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3d027705b439e9bba0d6f8fe3ba0468

SHA1
68f56e4dab30c742a921e50d0a952b26b2ac3a9c

SHA256
8b8401d66557717eab41c8749a1e45b0edd25d4f89422b2d85e5204bd6fafdf1

SHA512
8ba5bf363fc2473f3ed833cf0fa451d443a3f3545a2dc94cc3526e3969a9ae3c9b24ac016fb4b4e7d2a66acfd343d5c30296bcf91a6ff1d54f8ec8ca8c705680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bcda1b8c7547571165ac7a4ba501bde

SHA1
caca8e770c7968c7a411ea26070c5fabbf54229e

SHA256
d40d9589a8f4abc9f75d848ede5166076ef62c2457d825aeaf1b2868d5efc57a

SHA512
565d63a459ee9897ac19bd09ed6db88bf4af1208c33d6dbe389673d0990eca321388e2131900bcbdf08a1cf6f71ea0569a1b6aa4a7dbe53a41b73d4ac7bd7163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53907f6a137ba64504e93d26e2f101c4

SHA1
d1739716fdf91cf11b55c98e42ee48ccda6b8670

SHA256
521d03a7be6a81b0d5b3ef976ef0f650ea9426e74f54d83c9d8df6baab977890

SHA512
80d42934cd609d91a1b4459680d6de00d5b69311f5a31aaada3262b136cd58467128d03a6185a1cfe367fff6dbecd219ea9e46fb03479eb95da43825d6a3ebb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7efcf79a2712d6fbfff9c4ffac64b895

SHA1
feef204561affc99c68429c5d5d609d4c5b90e09

SHA256
fff122059a2c672af59a3291a55ad335310963cafcb5f03b57cbb79ebb164d26

SHA512
cbcc2a79e6f0c11ba507268d78bc17f322cc29024df8cbd5c46114c30b60be640219dfd21e759ed62c1d50de5f4aea882f880ba2fdc0ed315e9feb5ac450fab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c7be8244ec0fb9c59d1cebe8e866b9c

SHA1
0fb454648c996e42615d3a2d44258642f96acb01

SHA256
94d3ab91b0a49880f039b256f00aeabc3ac9b100ec4fa1c64ba70d3894c10509

SHA512
8a43ea2e907f3373d0dbc9e4d270845ad62c742bab712c926684c5b9b83605bd7b91c24ea9f7efc6a58d6dc3a18cfe490ee452c5aa54264014d4ad990d8e9de4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4972.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A15.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit