8757c25d9bc2a94b16401f435846558325ce5a256992bbc3065a42c9c50e2723

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87da4d21ed9beb949f78702024f2a962_JaffaCakes118.html
Size

461KB
MD5

87da4d21ed9beb949f78702024f2a962
SHA1

eaa7ffc4bd74f30b0a0b1aa847df8db99f5fbd3f
SHA256

8757c25d9bc2a94b16401f435846558325ce5a256992bbc3065a42c9c50e2723
SHA512

78513b49ef15f917ac7d8d12701c29945fd3e3a65a404308318a2e68d14314e3834cd77f12b80267e87f09dd25b83fb93bf758842c7f51d117cf961d1203c310
SSDEEP

6144:SEsMYod+X3oI+YusMYod+X3oI+YssMYod+X3oI+YLsMYod+X3oI+YQ:p5d+X3y5d+X3E5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000911b55f545790b822b57fc218db5d15d5a259d35d5a6d0b838e084e8ff4e49f7000000000e8000000002000020000000d4c4cb830ba26f07a24227ee9c6c7688a354a13c1e50655eef469d4ca5c0dc43900000001d2c154751462df60ed553e18e227619c81d0fc97f8259147bbfc3bbc0eba36770560e468a6267d1e9ea503693eff6955ebb0fa23ae2e75c31be02a29d0fdee2e045b7afd878a19d50980a7d69fc8e7bc68f964e1a20d1a4a548abaa168e9dba7c29adf75e7e82f40a44cc2ad394553a00a52aab721d1faf5a3beecf3f34facb3125c2861402ebda7dbc40bac0f5614f4000000088ad6e05ca3ea6aa7c16e11ca26344a4a90355ea3dffb7a98035c30b486503d0ed43bfeaa94c03fad190a35f2860434e84725aba9dc430cae9d964d607a81282	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06360c384b3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000093eedc498419c8dd7dfc22c45337ab0054778aa47bddfd0e5356dd57734731bd000000000e800000000200002000000042c01c60cebd44d1439343b54bc9d47829d26470e60391db6b18db1a7b1b082d2000000042e44d7aae007774bb9937236c0758982cd69d3e5cf41655c6187c27752b2ccc4000000046003cc71f233152a57661a13e2a85419ffd5cfd70c62126832eec043e9bc3d77faa10676ab485f48df855e08e1ce58eceb022ae7292e74db3dbad9cdd355a0e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423340404"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAD81631-1F77-11EF-931A-4205ACB4EED4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2184	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2184	iexplore.exe
2184	iexplore.exe
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1632	2184	iexplore.exe	28
PID 2184 wrote to memory of 1632	2184	iexplore.exe	28
PID 2184 wrote to memory of 1632	2184	iexplore.exe	28
PID 2184 wrote to memory of 1632	2184	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87da4d21ed9beb949f78702024f2a962_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f178cebe147d63d9fa80ff793cfd52a6

SHA1
90351ba78eb512b4e1ef43821dd81977e45faeb1

SHA256
6579ed02b9b56f219b4c198fa17df9812dfcb7edbfd199ac8383986ec12327e5

SHA512
afbb37eea72bcf5e490eed090017140b890fc5e65a2f34f15c08559ee8a8dfa3b57bb077ae6a9119f13ebc7fa6a4e24ef589ed1bbf293aab37c34f231e69adbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75f71cacc47f26556af785adb0a6538c

SHA1
9cad4ebe91738133534148499871cb36c86cf218

SHA256
e0e35a6627bb388d9378284a841f657e4e176bde58c932624c13bd2d7c6b8171

SHA512
d392f14fd657623f9492135846ae30f83d7b7f3b3cb3916bd9165a6d0c470237c5706d7db1542f7837a18f078124ed927055cba92fe94e2131ea65640b812493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e3219a845f744790a90724873e9ee14

SHA1
66bea7978735e6f010c054059245a4f803d39762

SHA256
553e4eb509aa01fe111f303259e1de29503b37b2806cb85368203b9c881bcc5f

SHA512
25858a49cbaa121d64e02928fb1786ad164bbf8a287ec58ad3da4d9e9b0f618a43d92bcf3c843191b8dca8712abcb411d6a6bc90b83c8767bba55c1c27b98bb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
416ef9509e34214b89c784937c2816ef

SHA1
c090fb26941cd83348404f611aa2266e9f302e42

SHA256
aa8c14d58678a03832b13c49d4cbc2d458cd8fb696ec1371b61af94e3983b698

SHA512
cd328e7609ce538c996c3ae2f83db6444e8758d9c7f42be82c9da1348a2268d31c80a96bebdd45eb90d93ca062c56c6baae727e595d692514cfcef0bd98bb3b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27929dbe0fa351c95494a288fde7393b

SHA1
3fbf83c0861ea071b5a33f23128a1f6f9ff30be0

SHA256
7614ebd96252f68825fca1157e003002b8c87709928d89bbb56768c134ffd23c

SHA512
0185bc7c377596db8c38df0f085fc55d00f226e808e80b10979dd74e8409748d49ff56c8d744e874a2874ef4c423b6a2bbfc842e42df3fb87e072abbc10b80de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96a965a719cee57f0d53f9b2f2158e70

SHA1
48c27b010511b396ce9028d49d174306802fa835

SHA256
4f222e3320b1fda2a5d6ffc09062f2230208036ac23f1fa0a50febf7d4b7372d

SHA512
bbed42bd49b0e08c5c4e70974ab7e04ff22fbda2e087c0e26c87759467bde9e9d7b99a4603f887c37f92512616a58b69c0f4939e6eee5360b662f960b678fdc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25c537264cb0bcc25bb7a6e77b681785

SHA1
ae2baa09a61ae0add7963169ec5791f7e02d469a

SHA256
7f826aa3aacf3fa6f03ba3011273bfc14004985fea9730488dcc201ead5830d5

SHA512
8850547718a4f72d4101fdf8be173f32d603e4686b8d70043bbc570e729bc8f5e394ae3a502dd535a5f6f22b7dc2a127091ee57da145de2f4e1f2e5301c85911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0641d82dc5f6d08a11b338c9d947d337

SHA1
1527a72c04d6ff32eb78a03af456d3a87844245b

SHA256
7a3bf20fe11cb234658b351eb445c1da6517f76e0b2ce78832d8ca87aa00272a

SHA512
50ca0f8312372b8e7c495f11722bb5ff2c85e896a263e653c6fdabbc0b00db6c5366213ad826d451b16e1ac352a559cea12398d7ea935980c55f00875fb3a77c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b45c05fe4e41b7ec77cd2c0b0b54200d

SHA1
51cf8f9994830a20b97f4b240d635e1887a7ffe5

SHA256
226585ac63d07de21643da5cc09c8cd8cc02446c9185689b74d96ccbfa6c8380

SHA512
0ef5ad01558c93f7d4dcb58bc7038fce3401e162f9cdccfebf553fc9080df29851bef8d0d89c1ab6b9581eaf8efdc5898ae0693b85c63b099bc9c5c63d7068fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4b8002da287af86fd3c03d50a193458

SHA1
12502336a8f25ae07ddefcb194c34400801fbe92

SHA256
0eb2a620bd17c03cc4f98a1349e33bc4be623985e91977b3302b7129824c788e

SHA512
9f001c06439db61f3502154d3068afde215592b367355514d90a54907c19409dd89f4de3aaf6f45b283e9df8b64cf6b40eac9c56b60e4be4f9dc0c0e326587fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da3f43be39582aee8bcf2535a22c8d5e

SHA1
53659774256b7d776f9df6ff4559e95f5e2886e9

SHA256
f392ca4c9e7e21f18b80053f6514baf5e1e86afa56b8c774da479800b3748c4e

SHA512
cb312e517929e242b76646db44b76f522bbec3ee4867199444cee0425ae8a05e106685248372cfea5b30f4f3fc44bb947616956bf186505d4a5933df7d0bbfca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc8afc2cf3b25cd714add80497cb3696

SHA1
93287d64ab23ee8f176cf1fb601fbe7a9952771a

SHA256
c6650ec8f5cb963774c2c275475f4ac57414affa3ec8915c9c4fe6d98b303e0d

SHA512
b822d64885e67790ea9abc802c511830b26c60bd2b0e6bb7dd379104d97994cd1d21a218666ff332d0d1656928bd03429b0fce042c7ddc4f9b162a0fe7ca296b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3be82737d6962efe55d681390534ae02

SHA1
828a23e57df940d7277289e8af886971589f1f5f

SHA256
c2927babbf3c50d5cd9e15388db413e916acc6a5370d87639e8f571334ce9f85

SHA512
c758438be539eb780c6a40847d5c1fb1eb37db3de8b2584b735612a721f491eeaa81d51c896bedae2523ac74278624c23747da2385873bd65ff320c953bc0f06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35c936d84e8d4ccc619fe28da4d0721f

SHA1
aacac79c0f32c024414d33257c21953cc8289475

SHA256
9ef4c2e918c07173b5e75f72a7f0b61da9a8eb0bce6045a602d69d22d7f97290

SHA512
def37a88fc2f75563faa8bbd9a01d1b9b79bfebd5726b5fcbdb350fd477434ea6dbc2a58ec9646d1fa2d14e5704af44f887b5610475b05fe949115d754371b13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
432c4280da0ae930201d5ab68eb4ea07

SHA1
9b9c7dd2795491e5a50202f43dfc2bebf02ce2fe

SHA256
965a16d3f1b5af2b59aa0d245384b6953741e8fb0bb35c860683ac447033a508

SHA512
b47a4717786cde3a61b80f2a3c9cb4e8d613ed3c64265dbd1b86b2dd68900dda062258d043e4396717bac5e13b848cc3ac05eafbfedbfa42fbf5af3742cb8a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5a4c13d4fa20685d6bfe5227258f30f

SHA1
2d61e17d93752f4503263f9149bf68eab33f3b2b

SHA256
e7a0aef280b04a8ca25871a30ba46a7be4a8c63ea2d13239bf13e9e1cae03c78

SHA512
1e1a6093c45e2785790816c064c4f2cd40c5d4c3fb174bf5eeaae9dce8a2ab4a220e8287c0093a857bc219c179cb9b6ce3836b87d10dccd9380663acead31ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D57.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DFB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit