205bec0ab81a4edd1a80d2adcbefc21852d5d8707697ec4fa3087525f35e8158

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86e97079d9f7c8ff7636099ec188bcc6_JaffaCakes118.html
Size

16KB
MD5

86e97079d9f7c8ff7636099ec188bcc6
SHA1

481c3e2f295a40a6c63341f5dc8127c072db6c6d
SHA256

205bec0ab81a4edd1a80d2adcbefc21852d5d8707697ec4fa3087525f35e8158
SHA512

87efe8829b7ab17b0580bf07ff6c50f888eba296bd37e684d39220b9e4d44abc24a8afb38255455006cae73e5654ef0fe6c2f1bc56e0604cd679881196417f91
SSDEEP

192:SdCHhx17FHlrlUHdWqPl/WG5nI0WQEJ3YN3HVJhrQdNeBOJbKu3lTSIAPrYozYaS:ZpUnJV5nEIN3F8Negbn39srYzb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2c41c5f2c70634a86552c8bde0a5de800000000020000000000106600000001000020000000897cb3e5cdbd0e0e9adea48fda6d119bb43113d5e130d1e2e1f869dd6c9ca6cd000000000e8000000002000020000000b01463c8bebee5c9bb863bee97167c06117bb0bc395133f1cd6569a93db5514e2000000016ed88cd7deb7e695b29107979fb5baa11436b9855a26b0340871149652a22c440000000b18937b1314c05e16a6862ec0b64fadfb8119d002ab9e17320a8f4f4d7b668adbc4244e6d0fcf47e6f6a50e33ffcb570c9482b5ca17745c23f985f613f6cdb8e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423318371"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D889D61-1F44-11EF-A339-D22A4FF6EED8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0012367251b3da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2c41c5f2c70634a86552c8bde0a5de80000000002000000000010660000000100002000000089deb994163972a9ea9ca622c8dcaac4664fd7a156e3cb3199e2b0b309f50a16000000000e8000000002000020000000fbd1f855abf7a260ad651c9d2b1b60f3a333b60b0b0fa7b266e3719f89a9dcec900000003b24e1acf51196b2bec0a7a3498ea0c6e24d2d61360887e42fed3b1eb45665fa71fbbe0c923706d38666c31c4a152e397fcfc718db822d7faf77aa01cb48a91d7aa73cfb371abec58648d20f632d44a7db8f85655a7e5596a919d5aa0cc8c9e42a3d88e6361c174b893ce55660780fd092e45ca8db8a9f8e17283a774b7c59497263f0fa72022fd8d8af32b6881b22af40000000570345311ce944f408b4157362ea61aa14cc321b48dc4c24878784316ca13d823a6ca7d80867a34ddeb4ab4146ce66ea93319799b45e2549d210aa8cf836d7bc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2488	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2488	iexplore.exe
2488	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2512	2488	iexplore.exe	28
PID 2488 wrote to memory of 2512	2488	iexplore.exe	28
PID 2488 wrote to memory of 2512	2488	iexplore.exe	28
PID 2488 wrote to memory of 2512	2488	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\86e97079d9f7c8ff7636099ec188bcc6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236cead4eff11c6547e73abae9415449

SHA1
170eed79bf49397db998a86fc0a9431172b2d513

SHA256
62ec777d70e88bfdeb12d5492e75411a8c68931cea9ca0bb057c5aaa48507c4e

SHA512
822b2f9947fe9dfbda0fbd5f43d506c719d48f279e15819ae9a9071fdb6e39ea775c561b541e906d45ba08e3f549f9809bbc740eb612f79e82b7720791407f7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9786f515356c03af842a91d613dfc95

SHA1
18f7f178a771d846f78edcf64b9c9e887f747223

SHA256
958d0c308882bb7d0199049d4a16b59477af4c648195d07440db6c56400569e2

SHA512
647285895bdd90ef0804e5a3df2137a9918eddc7ad561383fa49a5a07c68f265ed52adab2dd52629bcca01a1f96614c7d792f241b680579bb6c23476f73ed8f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbb891a6b164ad0b0471ca67aeaef004

SHA1
3cccca6cdbeaf9abdcb0192988392f73593826b9

SHA256
c9d10f3bc5df32fea49009ee978c92d8ed44670e230c6d8e3fa891907aa97753

SHA512
5a76f69372295ed6c5b698297d255c14edce9ecc606cfa124535f75adc5df85de93715b51f0751c710f91bc6598bd4bfd03fbdc3f3964b347563f93b4c718222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
191b5e0e5e91d57594687ba50365c578

SHA1
886c4ee15aaf40dcbe22dd525196e2e14b24a8de

SHA256
e79f53cf04d5fc7a6823953206ad95907cd1eadfdad77893ac956a575a67d578

SHA512
6c6617077a3f1c80c260eaf63690418f474a49995a2f5adc174c6b607424bbd480b882bd0f9d0f27e1575c0f2dfbc344e982e31124431174f00b27ed0d4fc5fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bed7c20f463c8824d181b90e1399da71

SHA1
74f2dc6c3f5a950be39c500fcb04f289d45bd843

SHA256
f5e88b3bc6f385b932c12ea8598fd2adcbc485c091c3cc9c3f0100c8b34972e3

SHA512
bebf7990e6519823e9b506691f527b8532b794ffda0ac7b01e79269d5133a1320180235f18c1cf2f981087cd589fc67bb08a7c0af537d31c1cbe3785af0f006d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6963d31d0ed9692436e8b177b409106

SHA1
65a59b15235fb69178d032c2634241842b6ddbaa

SHA256
8b124075db1c9b134129b0d936936b5476f83f8a2ba12fd2de853fbaf10e9ad8

SHA512
e347a9208a90a395c855f07e21d9f4fbed4027252a1f32c73f6c8fc1f95dced743d031498c500c799f78441dd2e3dabc5a5786ef6606ea808f885650ecce748a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0096b8cee520300abb49fee8b51aac7a

SHA1
943e859bb6c5dede6adc6b86c64a38bb3a84a1f3

SHA256
47efdf091b322692973873a8db8c2ac3642fe9af9248c333d384b158cf65222f

SHA512
215bef9f5091c2a6302e872260b6a08ce71f31cb158b547f7a029c81e84eae9f53454ae61c474a2b1bfbf7e0e2bb045ae290f288d6db86eb01e3dfbe6cfa4354

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bd6740ff3db2cfcfb703392a7fe2cc9

SHA1
14362fa616da4d75387d3426d5d1322c800c03a7

SHA256
1b37dbe1b829727aca9cd46b67f5014149a228a47cf5ebb067bcc46303c015a0

SHA512
aa0ace74b3632066b60583fa22320538265597a1890fae4c81135d52b2f6f1654b93857b45ad2bad3c8564be03ed72ca4c459d66b8cbeca9bf974f1dfe93d0a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce4945368218df9d27a1ff23537db238

SHA1
293a61c6ac68fbd1c54cf6e55f156f5d0015ea64

SHA256
bcde80844666e0af6bf999f05998a19984b39830f8d418a305b939c36d519945

SHA512
39b7801094938b2cae435ec5128c05ad1195fac290231f0c323a0fa857b9921465654d9eecf237982beeadf96198de98e1477ba6c112736fd6b78fb78d4d09df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee9e4513a7aebfb123c165926f9d623b

SHA1
1ac6fded69f58de5f26acbc7781ae4f869801003

SHA256
fe9766f29cffcbbf2ea5e6e23fb68810c7ea85a6939d6e4757d4707e5f1de46d

SHA512
9ae0078cff61e4a50054d131a23cdf3172c224cc1f4b5c54da63e9177370e17d25c0d999c0d1e9bb74ec4e092f938c3ce5819c21b6499cc39e0af965fbbd909c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
636371a9a577e5c58a3087d670cde682

SHA1
bb9ca9476fff6a85927b197818cde431ea2a1ce6

SHA256
102c2a7f45fb6cac9e398c9f5eca64e4a3aeb3965b8a0244fa68af850817fb0f

SHA512
e00dd951ebc63708b31860f8f2012023f75e2d49fa3d5329d4035defa48030aad7e58b99619e396bc1238f5b0d1312b5468fb1eb919b27383b9578317792dedf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb0a9c9c2964f85c8e57b650b588e8e7

SHA1
40f2cd922e3b0eeeae5c7be85a2f6b5a77551733

SHA256
ce4a2be2f5439b010a0fc8ced12fe54906d3209444f552529ffaf6ec7d2903ce

SHA512
3dfe6da7d7554deab1bd78957511c9dfd5b87756158351de02a83fa0533ee2ca6fb8d2db0eca61aeb27a1f5f5e54456a582f80e7a8b69bb7190db5a74ea6f336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d0b51fb488d0dc9d35dc6b746cdb292

SHA1
2e10c96c7d0a1ac8224b4e527164b4f181b95303

SHA256
d8554f9530833ffa24562980120f8d18204e123a5af3d4fd859af926de1758c7

SHA512
d42947474be2acd6a21f5b47bca0493dfab3ef493c419bd213c190e6416b5f756a9f90d53450caa7d390a78399b95de4d4406557588d4534a5a7108f37df5b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de21f6b01855fc3fb32ee145dfc2a20a

SHA1
7d583cbbd336e436abd117aa4d395feb2069f802

SHA256
cfc56529f36e88a80a9eebc024936da72f97746e36a44c0b06a625985ce859b3

SHA512
d6d293360d014d9d79a9962dfa5bf984695e092e20547ce8f3e13f0668e7d926007b64c4afcf9815ea53caeeecc1009393ce1ad47aa1743029b0e2f59c395032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bec9f35630cafaa320722d473abb8410

SHA1
34b34bf8bc675ee43d4a87ed6d5a975cea9bf35c

SHA256
468e08814c478752c38dc4854e58b185a7474ae1a59e03d14fc11becf70e08e9

SHA512
12d9a9a6f3accf4e02d6a29df0daae1312b6a078aacc14e7204d2ee4689d32037a62a712088196ebe3d9061491860eb47e464d491f076ecddd22e9a470a236db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcdcd614c250ae37bf4d738f029e4ce5

SHA1
30e48cad979fc5c02c6a41c3a9bbcd2bcbcd4010

SHA256
49b38ff671bc2beaf68baa95491ffba50943dd0c9c7ff05d4d83a52ecc1ef175

SHA512
f5cd233e8af353889f9a2a08f99855516d935804943db69c334d69d1878e02736360bf1bc04883efd5b0fa0b7738888536b55c75e8bad646729eefec760b597e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15f883b7fbc377de121c56e2bcdca384

SHA1
5d5a177b9af65e41872b7762256475f91a33f126

SHA256
71b9d8efd78fc3f12f2e8e652eedd910f780aa0a901ce64d1df8f99867851260

SHA512
0fcbab0ce8b928ea1f9bc47a20cfd278b015a741b917aa0b14cb4d8469de5334a10baf1c01f0df936b1023c9dac0c7d05eb44449baadbf589ba4b06c54d75d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3110.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar31F3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit