96758f5ed959f888148e1f9a17751b36ce6d8469c5f9da297ac23da9bb538c57

Analysis

max time kernel
141s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f916dc2545ddfb87bd0c979ecb8d74d_JaffaCakes118.html
Size

70KB
MD5

7f916dc2545ddfb87bd0c979ecb8d74d
SHA1

bda5e7f2572c40c6c221255e0181e21902974666
SHA256

96758f5ed959f888148e1f9a17751b36ce6d8469c5f9da297ac23da9bb538c57
SHA512

369d71c305d95a1a5c76105cd9124a51dcfb9b6c9fc44cef735c7d51d1082389ac4f22857ffbb924c39b5bdc45b8fe461c4a320761d973108925d3e0c4009af2
SSDEEP

768:JivgcMiR3sI2PDDnX0g6sT6KdK59RoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFf:J76DmTzNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062b3f29610a6c548b47321ff40dceb1300000000020000000000106600000001000020000000eaa4644ec4da74a81b740fcaf6018e3cd8685df0abb55b341a889f8325d1954c000000000e80000000020000200000001f2046199783f34da7fe59cf3555438c7083f502a700e266585912f776b8a10120000000f6bdb901ebebb7f542b38523f49e72d181bf82a38c7c452d313605684dc94cb9400000005cc22fc4697fb6d355bd8764b222a87237019845b71372ce018816bc3c3227319420ab2896e2512c473408b3299c0324a626a6c97ff692e3d0a505226e793423	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062b3f29610a6c548b47321ff40dceb130000000002000000000010660000000100002000000004a149bcf47c4eed3f2d2499291283de80ecc4ca5cba7997cc561c3bbb70b9cc000000000e8000000002000020000000057d78a72d6e6d540048ccb5eb9feb19f50400c3708d59c9530ed379430bfcaa900000008c42df3005c833d7e43321a6b021ef8a9032c8204a20ca37ce448a82a7bb7f64b5d9b700c7a4d8eaed87e23b6b22c86a296cd472a9597f95f11022f4ab52f0b9210d7d52e2967c826fcafb84288e69e851865d2d062d2d8f446d8a12ff6fba1a6dc5d6c6cc0f92294e627b89ccbed1e4ba68e43194d7b58d5c115dd1d7983a4baede05d1ec0fb8d355b949bc923e9fd240000000b46bc046807d740d77fc4ba49c22e89a78c70b3045515196970bbf3214b3592431545cb7a024c7c406d8267b7fee81959edc0c939f971bb0cc05872f3fccf9ba	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423120765"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8605AA71-1D78-11EF-97FB-6A55B5C6A64E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90dfc15b85b1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2992	2440	iexplore.exe	28
PID 2440 wrote to memory of 2992	2440	iexplore.exe	28
PID 2440 wrote to memory of 2992	2440	iexplore.exe	28
PID 2440 wrote to memory of 2992	2440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7f916dc2545ddfb87bd0c979ecb8d74d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff96c9ca4f1342271f8a8eb491f7bfca

SHA1
71f4cb1b678cb9fd9224de46299f67eeaa8fb303

SHA256
483b58b5e7e87f0ef14111db90a5ae52a3e5948cdb95e656296497de67a299c7

SHA512
af31a29f76a387a7296eded5e48445864622d5cb63b00690b1900e66521ec4f323576e915580e92d786be9ef31efe8b6a193947c0c6f95373d11d393cee3abf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4f61de3e08826371722a0bb39aa4fe5

SHA1
fba9c21164c2f7b747bb76f5f9edd1fc6b1376eb

SHA256
3c06dc8dfab7679e25c9f66948bebce0bebb304ca749456d9c6eb36e90d82771

SHA512
dcd947f96fbf2b161d8fc6de829e21dc09944eab98823b6fc71697b25cc352d1dcac82a3a529cdc1706665a68fed52fff7f3e470cb9e06ce3f95df4f475d827f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a862e0c43a652a1a5097433e9ce7d86e

SHA1
0b78a5997440cd3053e9824675535a9357a9b2d8

SHA256
272c00f4e90418611d190eabf1774c0ddb42930e7a6ce984c90b674397d1ffae

SHA512
76abcb144c521acad724fe161035bbfeaf84d3e243ed644ff1ef9e15bbbd5e9afc18c29edd7e5c643d9c08dbd130f6c00aeb0d9bc9dee94f8457bcc3277f50c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecb53af44f6d7ffc938026ffc19c14d6

SHA1
de631e8830cc928b3ab8af10d126c64f8c9fb8b3

SHA256
0db049abc9573b9bcc9f69b391b0b342d4abc8c89654e40e9ff5def9e9a0889c

SHA512
e819d577850f13da6895b7e72e3233246090fdf032d0477c68fbfac3a95369373bdc7fab5310036ecb5a5daa33e1e4459fdc1ba345f984ca0bd0cb0fba848184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acef86f64bd821db95d4728ec8d7e41f

SHA1
7578be1de8369cb4794b5ef0cfd767fa04f064d9

SHA256
53adbee7d119a650f125a30adbf3fad5ad2e4eac3f75bbaee04563572183dd6b

SHA512
54ab804d1a7c5663e2ad29dcffb683b9a7e86b100e9fbb183009d99622d1ed152a5a7da6f74f89aac36c47311d83163060237c082387e6019a91f3155c80abc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e72fd2ca599ce6804c17a689c77cdad

SHA1
47d51f4b7aa67de6324cd1ae10bc1e53a7beb66a

SHA256
c8a2e2d2bb31c68c483d288bc5b031c76b8732b414cba181325b462b400a3ca2

SHA512
d312fd1af6e018ad2f9c2920306f07cfe11af733f47b375fdfd9fc862026615ca85d7e8f43616fd0998882d9306e2893a6ed7825e12cba72c0df6cf823edc05b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d5cc37be7884c33a3c6c607b1e00a2

SHA1
6100c39ac1a692cb15e6c25445fb0b1a5e5097ff

SHA256
ac305baa89fa54f15ffccb92dd4012792e5709a8a3bf0a2a974ab1666801490e

SHA512
804d1224545093d1ebe554b668e19f7bc4b423ada2108735ce6da2fae202ffd2b86bbda2974b4e9e61664f3071f9a6f3e5edd9c136958b690e48c453651e270b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af2fd119f8afdc0a5c6ca38941dbbd57

SHA1
4aa1cb2ecd581d4506848ff5d44a9160158ab101

SHA256
adf0e89369a9fea20bf735c130939a6bf7f95bceddc272888152e91c2668c77c

SHA512
207ac951faac6a602b99d3318172c82e5917c74b93572ae801db6e6af0eeb247b82619359d5bcaccebf79e8adb6c0f7730fdb76b2d222324212aca901e28b161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
336f5385ba04fb563bfbb730f855a57e

SHA1
c5333807f294ae24d6c80111716f8261472e6f3b

SHA256
12393d6ffafd924fad2520c5389d5cfeaa3982382c24ff501d7361cd786fe112

SHA512
234c13dd6dc82dcc0ff87820ea0e187163639ffbba9fd4cccfbc74ad77cad49fb3828334c1db1c81e7f3bf07a613734c26d4862e8edd7ec91a8c23d62405fda0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00e5ad640816a18cf459d1b1dadeb775

SHA1
d7ee279080e6660b215bd9ea11f1b955f4909f6b

SHA256
ed0b8c5b2e67f4cc4eb66520b0529e29fa3cf83e09bfd1e9f0e5d4d12b3214cd

SHA512
e328b3574ea73483b657ad8cddc90b2bcab7ed901b10754b7f1f39293fe3c58e7c2e25bcb3e1b19fd6133e18cfb72994890956eef59f5c16964987ec611edac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70823577d69617d5b19dda28480596e3

SHA1
218c34cadd8835a853774c83c4e7294fc6b0dd2d

SHA256
7b32282427adbebe6ca01a440406942c35d8c3e8c3365c3493ff566ad7d79802

SHA512
04c02907450007dcc75d9973e30ac24278f232746c26d026239adbbc76a29e0a71920e0b0d9d8a66bc7f80ecfb69f82763c6cbc8df376d616179b69e9b848c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
229818aca3304a42967699c8440bb1ef

SHA1
65cbc448de6f370f74259f1f8c868450f75e67eb

SHA256
39ab83dd835dccdf27e2a0f8cc14b4d0ec012ee375b1c745751a92245dd31ce2

SHA512
181ac250cb90c08241b21250f4623bbd162d0328198e3cc26ee1d57888667ef2144a69812e5018b09e969456fb22a8c70e6a8600d85eeba807aab8053c8807d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61e6d9bfc7e43d9c614fdddf73ecfdb4

SHA1
8cc23414197a477b9cfa38c6815a5c273a3dec7a

SHA256
74ac7e47ebad81d2bf7e687b8f37d10a98a76e921957a415f2b54cb24d9511f5

SHA512
7d1565a2ccfb0ac1abd5fcd614356fcd68f7b8f78e53743e01ddc6d156b82fec430b645a2aa34bc34e885b23cabc7b42a1d329c3883c58af0d0de1ac0bcad779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3b06bdc882236d8856d4dafb4bbb718

SHA1
19c2ebf925cf5b3b816d83654061bc799fd30203

SHA256
97ded0bb531545d8c0e36dd0ca3032fc50d98d95ae92d7fd1f29706f25ab82ba

SHA512
0c71a452ed63ae4f9989b0880a48304db8de13533ce5205277caee2c5b6d94871b00abd29e824b75387e393f49e2ea299883964b7b9c7f26eaae94b8bd47861f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
247224916b2001ee7ccfbe6b9893fbee

SHA1
5d96e4a7635981b3cea68a49a7f0204e2313fd0d

SHA256
55ea7621b978ce41a2a4d8d3447c93e3d10afc718dc05e6c151ef4615011dfd5

SHA512
f9f0c3ef421d3847a732f52e229d1df52f9612f8b99d081f0be8612ff3ececf805f8507910b75e6bd49bf4ddc91e2bc9c969060e097e3cae6165403b1e8d8ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21daf73c43f1a54e05648f367f482b4c

SHA1
a0a6b8ad20bf5a5837263cd4dbdaa03dc78e444c

SHA256
f513aed1b07bace456713f0c8d4c504dad4c715c1ac319f8542ff8365a719c79

SHA512
fa6c252195a7531adb14135478ea9c4d0f740f8ecc377c47ce050e4cfb9c5c7e5d2e7bfe763f4349b0d87acc426c300de9850e3899bf8d37bf6f7789f28abdcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBE04.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBF00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBF25.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit