36539098f4e34801750863afd65f3f3fcc722eeb26e1ef2f397bc9431208dc3b

Analysis

max time kernel
137s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8163c881d858c9f90bbfaa144860ce30_JaffaCakes118.html
Size

349KB
MD5

8163c881d858c9f90bbfaa144860ce30
SHA1

5585fc75b5a3e68b200ad5668d291fce97e163f8
SHA256

36539098f4e34801750863afd65f3f3fcc722eeb26e1ef2f397bc9431208dc3b
SHA512

2ba1bd1784953469eb2103a3997ee166a11acf90edcce5298452790f1e3d1ff259004f126874ae549f97e697fe9937d9c53aab49c68fee36a3c641658f86b037
SSDEEP

6144:SlsMYod+X3oI+Y1FsMYod+X3oI+YAsMYod+X3oI+YQ:g5d+X355d+X3Y5d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37273781-1DE5-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423167448"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6028014bf2b1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000090e61b7394d8d04ca93a01851b4c75e50000000002000000000010660000000100002000000012f60ec39121fd0c583da1f36c26438d80dc2f1442a5fed962abdb4e4ac844d8000000000e80000000020000200000001d3742cb431a8749474df9319344ae373e3099d92a1dd3e83fcced40a7cb26ae20000000dae0dded7b4f199171131f0f0e93572effbecf481f60fc7bf0deab40dac15e314000000088c6bb29ea7dc2f27f1ad6cbbce7fa3abade92e44b9ed4df98277ddf8ca9b30b9c7516b59d99f9dd95cd329abdb134ec4c1e1cdcfe4db030ec0eca3f2e07b752	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000090e61b7394d8d04ca93a01851b4c75e500000000020000000000106600000001000020000000e12dfcaa0b50125d7c28474686de45b8aa855cb4ecdff1e036266e0e69ae0e52000000000e8000000002000020000000d443cf280f0e99d74181687dac0dfccfb187c05cf176b601566a68a547c88ea690000000974f9e67235dffbaf826f9f9653d52c6a1fbaba2cfb4c3a9fabf80e72427a9a084152cb0687c26c18272c6763cf5c336615a352e977239f2df7654c2690a62a570592028de09e5d1206fe3637dabbe6bbe6001b6485c8c031c53acefbee0e3f16cf22987283f17f4514a7cd96e51147dec1e71692ec636a815bd49286a2f2a55f19a702880bea391867d9f407b66219a4000000037777798481d6ad7d46e7c34c18d9043c9cc94131c84de2bc7c3740433206a139d86dbb2e4b0f6d70d09c41bbf066578ab64b4de42f915a46a1d53d58070a052	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1704	iexplore.exe
1704	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 3024	1704	iexplore.exe	28
PID 1704 wrote to memory of 3024	1704	iexplore.exe	28
PID 1704 wrote to memory of 3024	1704	iexplore.exe	28
PID 1704 wrote to memory of 3024	1704	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8163c881d858c9f90bbfaa144860ce30_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdc2684f9c055fd9aa4312ce4822a2dc

SHA1
105ced7441216e8e02b15b2f1226544c052beb38

SHA256
7883d6fdaff102dda647d0dc692a640ea2c6869acf6e0227e9ef22e1dbfbb929

SHA512
17a976bf888064c3f7b7f3de3605a968e07e89ab04a2b82811ffd900a75ab76fcf7a10f3b6d0c73e90673e77dd6c456240b837c6c66731106781337935c811e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a1c5a95aea7c0e395d79f6aecfc88b9

SHA1
87c129936517828d18f3a144cc394b5f013b30c8

SHA256
065645b00c375dae935df0391ccadcadb2d6a505c5aaa559d2e5a2a9e74563b8

SHA512
22a2c683c6a441150e1f7b9cea984824757f2bf6ccc64e5edd1325f2c4d6676a80cb613022a813eb0029eb58c67b403e617f1b06fe244189dd09efacd5ec361e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9699c732ecbbdf66da42cb6708de470e

SHA1
1181a31fc328907748aaa2d0eca45fc4fc2b1059

SHA256
a157ca9b3cc6227b837d29731fb40c5a4eb8275c36af56bf217e66096c170a5d

SHA512
4f248ee65b6c5410987df065850dc0360b9204d04b81491567c55b62e505e4ded393bd709a3e7b769283f8cd38e0901e4318921438ae32c1e038659ea60bc713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19b4520a7799ba760e30216b8ec528a5

SHA1
517d873d8d9d87bff843ffb956e3852ecfa31d77

SHA256
9b3e706cad7be339332d6be84a5fd58ffe0d714742cd8400c4c957246d6e9580

SHA512
7f492fa5f590cb0eebce9580151f773615914280d89c0c3cffb67f968b8aeb9c1af6830cdcc554af14be5d9d118b63b868394722f88272fe9bc82daa1dfdca38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fed9168a886772377cdeed35c7ca6f65

SHA1
22a267d4c81c6e36bf0cc49130b1eacbd7ed0bc2

SHA256
12eca0ad44a831fd8c38a8d1c08add5218ece31beb81ea2d1ec13ed73bdc15b3

SHA512
6e3000cd7fe18390e254515404ac55155d3e47dbeb3e39f3413338b13bfbaeb8aa2cb9d13b92cf355e875a43a971a401cb4886a8ac002be6ab3bdee827147566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60b5309cc4c65d703c2ee9438a473bab

SHA1
8a55b079424d92d4c69af36f7d7c6ece5ada93d1

SHA256
5afe36465388297138a1a3d7929b45338af80a9906efaf22cbc934d208b3e152

SHA512
5d922b2809544b0c382c14e0038ebf2b2ce3c7809a99f111fc749eb4acf20c1b1f9957491f8427a68c50046dc222913cc716e6d18ef40ea8feeaa1e22c27667d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
358736573b1049fa3a2faef4027016e5

SHA1
217eba74d8705ebb2d9785c3e9b29a201f884741

SHA256
f995e9f27c560762ff31466680150ec3ad31fc98afb50ac1a1a33f26e0bfbaff

SHA512
51372b8beeb41b11e2f802b95eb619ceb34693fe4e324a858d2324b09e8bc60c48cdb39e8dda57a85eb3af2c65870ed05a2ffb0fc330c1c2774100af79b02860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf17ae6f2a89d37a8122c53b61077bb4

SHA1
d2671ba562914571bb4a277961133257fae4e421

SHA256
157476bc1396beed43475d73f34e8bb5f85c76ea0404cfe9f2c0b338c1158580

SHA512
27db43ea836f741795f12db7d963de96e212955900512481c0254b2a0d931734b1b865ce9c72813d83f2187e1cfb2c02c8b02a03d31ed5e13ea5df9f4ec559cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfe206b892518cc62ad45a3bde949267

SHA1
f505acc161e8cf95a73ddbaefefa7eb1acfdaf50

SHA256
7465a65e26bf4b682ee45ab799b247272fd5f8f30b3abd0c353b3e77fa2504ae

SHA512
067810f795030392210ad3de4c270181eba0f6310238aa747ec1ac5a0749ca4028dd9946a780f70f615a2c549b5c54b520d7b13568385546028bb711f2a93ca5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07891f5669b42c68249039faac6551b3

SHA1
816410ad7288a4c30ea4c5f7322c88bd77a49a61

SHA256
5ef595502a661aa5076bef84590936616b975a68122f1f8ab7ceb6cd8f31880c

SHA512
2c1b01925e1a209f21083bd8ed98eb2333224db7c316381f9cdd4379deb346a57d2e91a219770ba96c57e7346ba115b48132d9415834e1345aecc70b5668902c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a613620a17cf57f0f6dcb77b0f6fa0

SHA1
bee0b7f821e8fa01c0a2dc26f1bc81c59c9e6c3c

SHA256
3879d10217c64d739fa213cd71677512fb886b82bf93e9c5b5d36907144e57c4

SHA512
f74793f6ca8cae83d1bf703742462d2e7780917d5600238c386202261d2fad41d893b72b3597447d0528bd7d90e47d6227df2341efcd1ff9b2dca5ba6bc6751d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea1c517fdaf3d917f4139ea87eb9e336

SHA1
2e70eaf2a804c0dce914a2ab707cc92aad9df2de

SHA256
d77950f60fb6396741242c4ecd6590979d95366aea09645213e36dd56a12d60f

SHA512
712f1d6a7d31b6cf3ca1bb49b9f621238b381d0926e7d17c950e0bccf257f87eb9246aadd83c3ae8cdc4e67601c789700221b510ad02d43b7e8844d516e508f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a6436813f61d4c6cb505eb89cab4cfc

SHA1
78ddb97ae631f880fb2e5d2be3263617bf82adf2

SHA256
2fcfd75a4d8304374acc758c2d575e9c0d1990733191b635df5f5a4064157197

SHA512
b52aa979c6f850bddf34bf50cd2899959f568bcb3016817f7ee14acab885f77f22919b75eb3637b05f09f4838147e8d4903b3660d73dd2d246552ed1e26c23bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48e89b67e879451a4b401ed77192b6ac

SHA1
a8840a8caea38bd3ae3a48fe64cfe2d4cb0d1ddc

SHA256
fbe8fa8187eddcd493475e72b63fc38a67f0886d803d0b4a94827fe93bc18739

SHA512
18e8861043cb0774d6651ab7c4bd774fac3f9a45503e1a4b52634de5f683d7668ec7e3aaa9bd3778edca79856cd1b521122973fb75a0ec40b5960b5d60bc21af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2fa5941062caad6151a7c93967155a3

SHA1
e10af3afe5c6aeefc10d29bbd850d96ce1a1a4d3

SHA256
b53710dd3733da3e6ec77f2d3ab612b3fa6b183cbce70bfe379829263bf4eb10

SHA512
4260b06c22cd8cfc36ad620eb81fc2e2a57864744d90b9046214e9c20670e59cb48249f482401b4f1e5b7b86b363a854356145d75b26ad4d5e2910a68267cc8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9031.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar919E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit