ad105aa85ad00d3e3b5bc9007d89be945b7e66fab2e9ceeca50ca222d1097edb

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 08:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

89d2d4d2dc3febb5548034f3f011fa51_JaffaCakes118.html
Size

870B
MD5

89d2d4d2dc3febb5548034f3f011fa51
SHA1

b790b88d3b2600b822fbeb60efaf586c42edaefa
SHA256

ad105aa85ad00d3e3b5bc9007d89be945b7e66fab2e9ceeca50ca222d1097edb
SHA512

8dd50962990fbcfb40c8fcbb1b41a2a53f6a945479b42a8645c715bfdb7493b640422f46e60017eb7fc532092b441d16f0539e82f5b71938d4373a55f8f0ce81

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423390870"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A4CD891-1FED-11EF-970D-EE42DE2196AB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062cf4e2bb4780e4aa7f43a81c9ddb2e600000000020000000000106600000001000020000000379bd31ee9c1d958441b3e04ea1d4042dcc0988aa9e8cf64e8bd28816367b03a000000000e80000000020000200000001c072a62a44dfa2d2fbd65646914433d9b4c6be3e60798e3c161193be5868d31200000000e180200f7e633da7f2c4c9253eb7364a5513ba8df491461d756a74ec87e573640000000c8d642a917710ffd98cae8823f6e64fe2d603c01e3f4d6a388dc7891c37a26909861b25f94d7c768e64fc784187875f7ee7735dcb46c5249834ce9a97f6c2a81	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50f1c23efab3da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062cf4e2bb4780e4aa7f43a81c9ddb2e6000000000200000000001066000000010000200000008a456b119cfe944bc1f34d08504a34df7bb63651989895c7a5326b2c12a20531000000000e800000000200002000000028ed5e56fefdf183d2480d49d0bdf35db8d7aa62b34169219c873a39e245c7ba90000000dd4ee6f55fa07f7709f997cdfac5874accc926831f775a7eb38f4f4009d3c51ebe781dfc5e86aaac9f6b45ee94fa39e6dc9684d3339b8e8e2e472cae338b23998a7402318015f2838107aa5dbd3b15ce5d2d8918b41603f96104a4ecc10984c88b479e115f125be8e5a3b5537a50459fa154e26d7fa6c58674430fc46e9c8df10a6ead4b6faf781fa9e3e229366220c940000000fb6d343e719eb0b019f38d607e9980bc7c4e77a1068d1fc3a8b8afcdc43e65b595da91a71a61227234b185cf54805c5abc6269d30fd255217bc38b1ca2a33d36	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2100	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2100	iexplore.exe
2100	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 3044	2100	iexplore.exe	28
PID 2100 wrote to memory of 3044	2100	iexplore.exe	28
PID 2100 wrote to memory of 3044	2100	iexplore.exe	28
PID 2100 wrote to memory of 3044	2100	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89d2d4d2dc3febb5548034f3f011fa51_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f67cfdbd5f731c7e5b566f2f8371fb30

SHA1
0d8d1c892916509ce2bab6614411dac487fdec74

SHA256
3eeea5b7730acdf52bbcfca11bae342985dfe24faa8f15130f3ec7eb729d82ef

SHA512
538b90f07ad4d572e934fa5ce02b42e0a1bdbd41ed401cedbd9c7396552359342e67fc3377af2561a27bc608c64ce2856868bdd639567a2a081115cf24bed1a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d40de1a9d4028d107a3d046112f0351a

SHA1
c35a605f31de225331494c297872baa0ade5b69a

SHA256
0a8d75b05acf9934f741e9412e9d86f0cb0a3279a0be8e8f47075b53ede42a1c

SHA512
27b4cf4e96ffcbcaf18907860e80f6f71eda3c0d0d655e1a42609d729fc8b582f34ba32a4f6dc8fd0566439db6e7497761c901567cf34cffe81ca18f0defabd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54b4f3fe6c6c054a0155e094f40be0b2

SHA1
48aad1adbc366bcca97beac09b927ccd3d5d7cff

SHA256
32bb59cf78ea6abb906a29e4c37b8c90012b66ea5cf258c2c2308230be421b64

SHA512
0e26bc575dbc9705dfb55df16c2130ce68a153bcababd14c296027f598063969d47beef36f0d3cdd881691827b47212ff47221f441cf04bec90a88054e56c219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
343a80f4314e94ec3f6586a5609e8235

SHA1
b363ad7ba0de0404abb85dd2aab8a5e3e4faac5f

SHA256
415f251078a7a20ce425861ee46a41f527cba88bf50a228a094c6bf41b63cdbc

SHA512
86cbbb6100914af0e7b6f6119c6b9e0739d0bc74d4d6e9f9005b185f41fc6ca618cd90ff937804d8a3771922a13912036f726e8ededc62b6e4e9285830c0f5ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba1df7d5cf02b627d9beba9912b5f76d

SHA1
826194d27842313c4aed038737004402a2970917

SHA256
24dc1a1f6867b7a2292c0c8e146e5d7fde54cc74e378b0c551e678f426afe162

SHA512
fdf4d619c79148c0086a456ae0ea85cfb64ef55f4798a84618ccfcb4f20af97b47ff0b8f9b2291447e6105cdfc37fe0e60fd4db132b66da74187bfd464eaa197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ff23d8eede290eb0dcec1700dbc2c08

SHA1
7dcb74e7680c75e9887ecd627975738053ed508b

SHA256
4c7a813bde453fda3f3fe1cb713b9314b1031545f476d9029da2cadb8355e333

SHA512
fed3da49aba0681002f35805ea31f3da85d603788d5060d381ac8dc9e8a8c015368b0b82695ef2e554b0a71ed159ce7d50b30537373861037854dc639d6b5c57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de0acb638e7c6c2399afd20d4cb1c883

SHA1
eaf6dc72415fd529d05a6195933b43e40f8d0aa0

SHA256
ae965b822da703859d6cb4ceb3d7a9a1cce20f7542ea78a3ca7bf648ff9eda9a

SHA512
710a4628cbec245062e706dedd29b2214fd73167b763097955d15f20996a69f602a285d27e3c13e5c47b52e682768e2e48f16bbf2d917ddb36358e7aa98322b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88c2ee242fa423404fdcb5a335d92f9e

SHA1
645535ee76640c7426ddf728556ab997584fd860

SHA256
8559da556bd5429a0b789bcbe405ecad3069384bdff1b5b1085b36981603c14e

SHA512
7faffb4e54e637c16e25f480851c725ab15848984d1fd8fa66e7f2ac671a0d765349140dd3f64ee3bc6b4fbcca6a90a6ec5d986d81c221ec7526d2c6761e225b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
659648088fee6324d0038fc4152dd866

SHA1
fca8ef42221966995b1289e8102ed17746427095

SHA256
aeae6a0ed0185d11965c0774e96ecfa2c0c20e570e6cd872f7f23fdb2b89eb3e

SHA512
4ec5a5fae623d5ef7f18432b24b5b4a6ff763e548322b059d8c9f329457690a71d4145d51324753d093807d711797d3d5e074160f4deb5f3d61da4325782ca7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a2044e4bf9c48854eaee2f684e514d5

SHA1
3472b435aad350a9b3b757462b51bf83a115231c

SHA256
6484c9c7a4caadff50718087ec8417f8a2749ab5e6ef5d809d1f604c2c20ef74

SHA512
2afdeaa5d4e75aaac7484f0548f2e42524dd1cc2852f6f13b091c0b5fd2f5bea661151209e3ec24cf775438e9df5d55c56413a671a268f07d8ca75f2d8fbdf3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52e867f3d3f85c4f74a72a916532683d

SHA1
7d8e17a282ea2c35a7b420c213ce9b3b99f0b98a

SHA256
dc1e3a3a42f66d0402691aaf8a3ee72d94c5945e049ec65862b31724b1d3c2e5

SHA512
a99c01cf52caf542f7460c53b6fa90d5b9ba3d4831efc08d655d4953d04abb3db4914ad0b2d19eb28abac4674ed1fe6489d170700520e5d8dbd24bb726f9b078

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ac31ae4f4873e235fe89c3ebba6a37c

SHA1
14a8aad143a6134a779f4dcf508e7719a437fa74

SHA256
6dec82f8f35a6b70430d62d17083816ae46fdc98d547d2b2375f960860244f9c

SHA512
022b6723298d81a3d375c09a5c61188ad9e3dd54fd289cd484d8fa4e62a419d1bc1d92c1f04281f5ff59d293af65fa45863d27459d7eceb840179083715e4e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53254b64553c9e051c2a58730a4c92b4

SHA1
56e239f3e85d7cd308ba04a48d8c66e74df6a118

SHA256
b0e99f5f34764c81a4b409cd00a985448450388225080427b7caac79d2f38518

SHA512
2975edccbe1cbb9bcd113414e571c17e29c72eb5ad6153cb11526ae38648f7ab08b9fecc042b7ed93045c169e3bd66d14e83f1e3ea233e8cb4612a56d6ac4178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff957035f76408c44da83d472b2dfe33

SHA1
cf6b55ddfffbdc93039ece15f18f7b6fbe7c83ee

SHA256
d823e184f801049837e659c60a200e895c222d3aaf3f7da9a8c945cf9eed0a99

SHA512
b967c69faeda8bdc17d6fa4f72cc9b33642d52c63c18a921b811380c1b2009c63ab7cb2be804875516ab164cd913335ee2b056628bb826fda147b45b18d8b922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb98ffdd92166b6b40c91468ec21b693

SHA1
a6b3990558852ebc1f5cafa8c59a32b5ed147b9c

SHA256
5b44c5be60f5c87d43056af2228f514e2054bcd96554ead62d501b4a8b74364f

SHA512
ebf174c863cc4ff60ecf56d92d155dc24ff9d068b779bc70ebd9b369d4c1a6c1ada1a359735a4e45c3ae9b7f18ef22071f73887381d57785a6e091af26455a2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1FA4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2086.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit