a512706459499540d6f58ff6f7562c2547f04fdd4fc988d9941597a386b2fdd1

Analysis

max time kernel
141s
max time network
135s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 10:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

807eb9920b36582b04d75b8f16d16a20_JaffaCakes118.html
Size

463KB
MD5

807eb9920b36582b04d75b8f16d16a20
SHA1

e06a0fc9129ed27de5f00aac2d0748e31b6d5e80
SHA256

a512706459499540d6f58ff6f7562c2547f04fdd4fc988d9941597a386b2fdd1
SHA512

2f8c9dfe9f7f85fcd68b51af420374d52167c20d70de475049afde46beba45ea581484ba780c5729e8817b5bdec841552338f74b11e15c1da44c0729fd399625
SSDEEP

6144:SBsMYod+X3oI+YusMYod+X3oI+YusMYod+X3oI+YLsMYod+X3oI+YQ:s5d+X3O5d+X3C5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423141775"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70EE4A31-1DA9-11EF-9907-E698D2733004} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10027e49b6b1da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c60776c86f0b4479a65f3188da62ca200000000020000000000106600000001000020000000216133c321980c77c389afece391b49a11171970a9add7ec5fc9c1b9d26f469e000000000e80000000020000200000008264f2e264ba7b65fcf63c9efeb8d1457f9105be6ab5325978eae878aff97b6320000000f3e321c8e4dedabcb2ff37f38b569ed86ff8a5babf49b29bb362cbd518f6e2da40000000f1be841fa430c1bd32fb7a55f822d44d6d4eda098084c9f4c9af8f3a648b3f951990132c0ac2704f99387161dd7ada6795085b9bdd2eafc563f249319a21e3b2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c60776c86f0b4479a65f3188da62ca2000000000200000000001066000000010000200000001ac9af9fa07202d87380c6a92b9ef0a31dda311e9611d2168db41194821d706d000000000e80000000020000200000006cc5f306054a33a0b8fc031a0378bc22fcaa44363cb269f936c45946350a0dbf900000007fc0905abb3b1b9f3a80df591d9ce64442bb2578675dfd2555c1f6085a2468dbe9bf509a11b04a56e6e899404f08b662c89fe5414d5bc8e58d4380786749f406afe1b4269fb0df3ec5be859c049d0c8f8069ccb484a5ec490f81c012779a24343daa01ff4116db4f78e97df2a518edea05f3edea49759f5b6949725d24690c837bbe15a4f7d658a4d92b112c2b016aa1400000003f95a175f4e9daacae03faa0b94842143cddfcb65bae4f94a2a13d250776c011fb8d309ee669b88e27e2e5d5ec4fb524f372ccbc80d867bd36df5ba8ac5d2736	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2016	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2016	iexplore.exe
2016	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 3012	2016	iexplore.exe	28
PID 2016 wrote to memory of 3012	2016	iexplore.exe	28
PID 2016 wrote to memory of 3012	2016	iexplore.exe	28
PID 2016 wrote to memory of 3012	2016	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\807eb9920b36582b04d75b8f16d16a20_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e281f623dfdf4baf7247a295fe94adf

SHA1
1c4501921fa9b4b97f87632ebd0c7aa1bb8f0dc4

SHA256
774afa126d9bceccf98536d2169a49789f6d5e3f8f43db5ed05d623fe987bb0d

SHA512
ba3e117528f0c7954d10472784af2bac9e7fd09f68c29574501a5cf4a3961d9a117f6ec89cfb100075b6c69ec5448b04bff2366840d38439174f810afe7cfbb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7582e91ee9cf7a442648320cea0af88

SHA1
95be189afd1494c22e15704212b435f9b54757df

SHA256
d0b6d14fa0cda90c4070cf9de4c4e62690eb68aa8e0dfba607fe11d8d2b8f4b6

SHA512
01b757488d43af49cd1b9138f1e4ecf849234a44fd9564ef6f205134dde056442554331e1886c7444fd848d7667265dfb970eeebabf999d6916732bfb0ddcc56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
303ed626ec2b0935ff400efe628c9a57

SHA1
c69b4e99e034dd38596da1a33f061a2981725482

SHA256
6fde5ed3d75e2444600efcebc15b175c1a3716240245f02751700500b76067bc

SHA512
a2ef4973434342c733f794112540df267e864a49ebee0564301ad2599b58d295c5b8c2e9c42cffa7c6812c3fd798aa0ece028cd8f5caa5bee7b09a6b2fe18e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c522f797490f197c99a7d513323d629

SHA1
2addca166b561a596da81d39a25c5879133a2169

SHA256
b2ce69a18f9ce20ce219f7e7fa54cf34afea357cb3ce2da82b5307cd6dd716ba

SHA512
da228b2434b81ef51f6d61764d60cd1b1d85fbac9f8ded1d224e0deb4a55651825151f465a01fc08ea473ef9c66ab67fbd199dea6961e0ee99132389098d2264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d179d4c5941d7ff7f5a5ec8860052acb

SHA1
f6f00148644455dae45d806433eab88269d31d3d

SHA256
c6093c04b529dfe751d3205f536f555e098cb5718ee3e5cc67483825ca1452ba

SHA512
cb29adedad18dcd3c6b6a11eb45e058c5c67aec3ea72fc1ff185c2eedb460e394536148ffcfbd2ce93523532e26fd20e45884e82af0b58df6601fb7ac8155ad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7625b08eb62e7fe03b0982edcbfb37db

SHA1
7c8b84e6297c8a44cc95d48f7ad7d904253befed

SHA256
894674709f0165189dbf31f8126ec69bf222c55c997fefb972776dd29ba14570

SHA512
f8f6dbfea4b32e13557f27c29c9dac0dd9200c3fc55c1a6c8e881ada78ba9fbff4ac2bce5e8379a9de17190fd06f64ec25dd40cd3ea66f69bd55d1f5352f2704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb5bf6db514f12867a54f37856ec7cf3

SHA1
5cae44ef1d28226204ec06fcdd5939c2546de6a3

SHA256
77140e208a1d114b4be4201bee52bf16e13327b6d60cdfa9d47bed0a12d2ef09

SHA512
0262f787a09ead7f843efede06f9977c133f3596992ed32ae0ee66f8551b0e4f449c4e3f3f9d79fca52cc22978ebb5f08a2312afca3bf1ea89096f825913a5c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8f94f805d9e41692972bedb6a7392f2

SHA1
0f1ee2cdc54bc2ece9dd98a046e32b21b021416f

SHA256
f69622ad67668d43decafa53be842f4d61b94fd7db14be2bd98c2377fd2c2bf4

SHA512
afac9b5e53c1d1a26a41d2ffd8ea02d3074df99c16923f66fa7daf0c17da8c8d036e94d60ac5b5283678bd39b80f543216f9a235eee6d7cbfe46a439d433931d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1349e8b93fd881426047a6cb4b52decc

SHA1
8d733d421bd80fb8288df34c02c140b1d0a40aa0

SHA256
1be67281b8932b4b6126639380a1bc3f15e08ce574298142a5763f8eec0bec88

SHA512
30a6faaade3314925d2683784d232649483921b5c89d2cc1515a3797be220ac6ed129a08f6ebe55979b7adddcb68a8c7e971e96708f44f85fac91ba38015f88b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1c0ab8ca27445564aefd4bf2442197a

SHA1
b83cba00a59307b87257a1c306a0fc93704dbb38

SHA256
2c94d7d877e12006ee0626057a834afbb1f0690fd47c34f4a0695e1d580e6a2b

SHA512
045c1fa65115bebf0fa68d34fb951d46d2c40378c9206f929a4af063f5c9c3c86621df62dec327acc4c63c1c04d394e30df499b13306d636db5186acf2a34b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75f7f8622763df1f7151963dd135aee8

SHA1
12c08cf54131b0bb3e327ec4d60ed9f4eb82014b

SHA256
78fe84b662d957d5e241c16f11e9a3239d56f808bc7d2e6e673617f4fe03dfda

SHA512
36a9f61737c660f08d152d6ca566cf865f5563f9249f2247555c75a05c67553210fd37d0099b8caaef2e0fb832eee54354d1ef9dea57d73ce48ca3f88904df3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7189db8813574fcb8ce1fd7bfd29b0cb

SHA1
5686c89c06966a7626b03f0b45f5033c28a66546

SHA256
12d61fd349f08a00ba5e875b623697d713e5e83b51e9459f21a8da3a3b875079

SHA512
f54b9bb87f99745e061d41c3654abfb178261c78b94b9e051b9324eb74422d7cbfe20482db52470911c39d2f9e446766ec8b39752abea90a12443201259c78fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d19ab692c6f0e3abf9c835bccb104bd1

SHA1
d88b06ddc2739c8696c44fd165414e6a48bb0ca3

SHA256
5427419a4c0f04d2756af6c39609d93bac06843c6b73feb8c4fd5a9064ed4058

SHA512
344aa75ffe31c2f3835ab2d1e768d5435dfdcc66602536e74b0abf4817b83cfbdd6ebb680f05f3af14c42af4f858d3ead42235689ee48a62b73dba6f18ca3eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9254e1f118a7ea411ba90670a75f9465

SHA1
913b8aacaafff73b8dcd1ed9bcfdc2ff706327ee

SHA256
4039a489ef4fa53b00f311cce2d538559bee504ea32285d8efa129aa81f7ee81

SHA512
7f7ecde134d410c3ed6f82789ba607fa156a5036fa1e778b50130f409dcdb55abae466282f66f1b1f09d85365b72b5bfe281668d2a5f839cdf1a1bd50a22f8fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a78f3bf6cfbef3430bae0da4d66bdb4e

SHA1
183aa8457bf31e95ddd00ee8c7f31202b41fe4a9

SHA256
49a4626f93e071118f2960e57163653609e71d11da678a8d84ab61a62f927c21

SHA512
9755b907a8b2705a794187ee1c39402aae2f83515531eb2c0d0fb12aa1e99356eece8d6b720cede0e9e42194f4c3aac6b5e7c37241f6b2378d68152aa534a03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4990.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A92.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit