aa9b1792665bdcee2d69c23031978c8669d3a082cc01701063498916a3a4e49a

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8df8ec12a27a51f02270785c2306f37a_JaffaCakes118.html
Size

4KB
MD5

8df8ec12a27a51f02270785c2306f37a
SHA1

ccdca71a57b73195f15fbe6c997caa6889aee2df
SHA256

aa9b1792665bdcee2d69c23031978c8669d3a082cc01701063498916a3a4e49a
SHA512

d32ba267b3bde7bb4591addfc3b2d8e49c17beb2472cec4c75ed324ccf788eda2e1c89d2c9719f69f3897f14d415552b6296f0de50951747b609478862e01925
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oTkbrrd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e10f6055f9d58f67c24bd6e56657a84c6f14bf857fee1e45f6cb68bd6811b83b000000000e80000000020000200000005dfd6799ef281fdd85fb59ed3dd8ce22f0184466a27d4152ac6756eb542e8f15900000009344b6715f62c2761fa0d2bd627885965627a4bc4236db435be08de1f0656a6dae74d1f9e24565d8ba28da4cdd91d6cbc3dc973b3995cae0514d74edcbf463ef2a9c355f6a45a256bb0638c232f8c4d2c4179454bccd7bc51d3d8e1d3fa0e5337185abb5c48fe2a8a4fdc118f7510f792211bdbcd00e5901d988bd8e4c5d1aa2794b2a4cf5de3de2bc89fb2d3e3cfe3d40000000dc71f845d6d070155e0a5cd8370e9d4838a338d8a59ceb32118962197fe4acb66c7b8fb836700f66b3605c3cb46df3c84379f4e2ba3f92e8db1fe19694793b85	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f5e90ff48954086e8f05923fbe0ce1327c96312c0b9830f9304c7203f0c32c60000000000e80000000020000200000007426952d7687b4fbb7594b48f8db2cb8ca534c8981a5561fa67ea488eba25b7d20000000495439067581b49562fc02a825bfbc6d40d0591a8148f78dd7d98ce43e6274a1400000006db3c1b3bdbd3ec6d96f524d5e4e04305f29c5edef260af6b357e70b39dd9400e6e1ea9e6cfe1bc31356bcbcb66b0338e32f52e510dabbe0ca00ddf92e4ff4b8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02f66e1e2b4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CE09E01-20D6-11EF-BBEC-C662D38FA52F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423490785"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1084	iexplore.exe
1084	iexplore.exe
1296	IEXPLORE.EXE
1296	IEXPLORE.EXE
1296	IEXPLORE.EXE
1296	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1296	1084	iexplore.exe	28
PID 1084 wrote to memory of 1296	1084	iexplore.exe	28
PID 1084 wrote to memory of 1296	1084	iexplore.exe	28
PID 1084 wrote to memory of 1296	1084	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8df8ec12a27a51f02270785c2306f37a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38d665e3b9049554b68588c6aec1c8f9

SHA1
194143893a14bffbecd1c0978b99b967260ca6f3

SHA256
8d022f2da6d9e27cbe2c432acac179df87aa545e24235a420456dab9a7c80202

SHA512
678d6b31ef7b7073ae1d675794391bf4e99a890a198c989ecfa1c48ca0f78da6767524e4bd565102f743a206be582274a81274c4c0260b62408d4702096cd3d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ab8a67c7e7aaea722779d1592b2f601

SHA1
babdfbf6a5e1757aaf8a255cfcb0b4adcb1bef1c

SHA256
e669a65b15d3a2b67ba6b3a860f9ee7cf97351c8cca22aee68f85d7ca90fbebf

SHA512
6bcfbd3fd718b80a07d350ccc88c77901f42ceaad610132d8d2561041dafb893bebb005349d58687bdd36674f58ae925ce47acb50d7dc25a2ba1cb14db1379ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdd91771005405b534a3d77964c2f1c4

SHA1
9808e1a1cb7c0150144ca7a1dd629c7766a68f3f

SHA256
31450ba8b86b4086fabc66ca3864baed0d41583ef2c99588359c996c4d5416c5

SHA512
bbb9734c9ad3f027dfbafb2e292d245edd46f7cd6891ffb7b7ea7b2393dc5d346ffb25ffe90fd6b8e8083b4870e2326a493efc13177ec50b5f37358b6ca4f169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cbafadd12bc06a2e9532f63685863ea

SHA1
8bdddc7dc20a7f7312813d2ed809d956a4203b76

SHA256
f103018771454f6497f4b81d80e42858ef3bda02d6d1d77910ac8f7cd0c41b69

SHA512
c3bcca90a5e6909fa650442ad5fd705ae8ce35ce1c48252c0275dca2306c22df930b4b32384e1dfcf32a6ac2ff7b228c056dcded22854dbbe04c6098ca83934e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6215479fa076613986342b369306f80d

SHA1
8ef4e257354a64e3d23f48e4de2413f941b0f374

SHA256
03e74ce2c1457a24bfbaf9701d66801cd8cb2995d2321ee1afaa22e79d362389

SHA512
a6b50b1ec765ad3ef8c30432a201402bb34ba87344dcc13717c77629cc93db62ea9fabe8b019c29beaed8f05865b344bc68a715c5b6b7675793d7287a89f87a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4a564a17dcf3936f60fd849435d1905

SHA1
995a27a1dcbcbda9cf19fff2b48d0542e06d74bf

SHA256
3fdd363827ddbddb0f3ebdc2c1f1714485f3b0fcb2240bd39e820b96a564019e

SHA512
2e6638473d0d01db8af712cb0642881a1aec4a571a0b0f59b3a86338496337009906ce4b6aaeb54596b0c701428375b3e0f1436a10e69bb159c67c2bb23b4968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3666e8f7be3a8321ffab5e69f6533bc

SHA1
77d0744769545ce397660a58f3c955665c83fad8

SHA256
359feadfba301db9977bb9796da02e93413279904633a447107730a3273cf11d

SHA512
3f873c3aab4c86b632371b260cd549f69c44a61ce2bc9cd6084c48597c16f1708b1f7553b643a6321c4e9477250e6b0d13424babc99a4c13373cfb76054622b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fa7fd8c9c458d1ca147fc6337e8aa79

SHA1
4291559555e58ea93ac186b84008080fd3c08b2d

SHA256
0b5d81650d0582fb87ef68ebcd8061509c3e931eb3e2a399b606c0261277e7b5

SHA512
5d5193d5c55189eb80a99668f8afa17f511d7017c7c7a10e9743cb867787a916e2c22fb3df88b960ba249d54051f26131f68991f8ef50139078933c87253359c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d95b2af6f2d0c20c560f41749eb16e85

SHA1
c5b2a1b8d0d59493f62ba39bb8d76f0320b95b58

SHA256
3f3e4ec4424ecff7295757d75d6ac2c070ad83cf2b5de7afaa7fa7ee2e7e42b9

SHA512
a89c1cd18de2d72e5080bbc5457e20e5bcc8e35360dca0fc0c3de9848319e81c197e2ad114ccd5aa709777f91cb874ac1dffec4c0c1504ab663519dee4ee50e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4289fb032977b568facc24709080c55b

SHA1
29b2d5508c0e4a0865fd7ed4803acf65c41245ac

SHA256
d858fedde0f6c4891aaa4ed2470e5f3b4c23ac4b1c8ee8e16ed3067c9893541f

SHA512
6c4abff4c12e87f9742349310af2415bcd7b90c931a3c3714d484563964fce5810ee2a4d5fe57c9f37e1aac8b3b4b34ba603b0f9ff2e2286a6e37f4637ba8c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f43fb1b6bb9b3afc85d5d91de52a25dd

SHA1
3c3f4e4c589d4e340f49cf9489abb7ef4c1c07ba

SHA256
489954044a925c86c5804cbd59e5978cabbd97727913c47bcbf3246d94cbf760

SHA512
4419daf614aabe2e03bbb87fc30f7ce3bb17f70c54c86bc97e2bc47c1a859a761771266370818fa4ca3006a5c7b68db0ed7c15400169d1b0b389c8607b62f5b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c603e12fd50f0c4c0fce46fe6cca080

SHA1
5f4f675af80cadee5ac45b2d920f3172f18d4578

SHA256
7ca5bcf1befd8a2d4b2df1036a81d758773e6586bea8a9147e66e2a222cb42e5

SHA512
67c3d80e58bdd26c31431315cad9623eae2f99e8a9eef740eee530a0838b1c6f7af9f1db549e2978c3dc41fd6d96ad3dae3336e7c409e6c2b638861ce8f95dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
526205e5bc16b384cba29de42cd9f7aa

SHA1
6cb23b9d85dd240a62a6b871a6e2501700fe4b48

SHA256
188f39fff72addcca47891c072f377b55626951cd61fea842d368fd6f865810f

SHA512
6b2e07f311268b6a2eeeefbc29486b31b37d9b2846bf6adaf7504a793727dd66a31e233dac0cfb3a571e70143af8d6250474178c9100b2ad29cc54c09b8aeabc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a88177503d6de0779778903094f71481

SHA1
cb3969de82a7aceab4fc9ff37a15355bf5ceff15

SHA256
8d6ad7a9152af944a890629bd0c75bda496fea87c00e45d65e1ba4abf6655d36

SHA512
7ada48cc59bee40c0871a608b1a6ed5e88eb948dec3b4a367b1eb93423caa3b03fb99508ea93aabf6d5158e21243a17d93b0eab41c19681a906c68b6796a8361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a0d67ff857c41331f1e6117b6541e73

SHA1
20ac3dbdacfe1d63a034529ca3f7615229e1c386

SHA256
905955f7469512fa6e7539ae4ac8ffd8f6a8bdd35b29829d4afa3f9b0fc5f178

SHA512
1f793783ceda29df08af7d7f0802780b552bc6e327e15ad80c7b7d96ceac7df194dbdde19d60606062eb1e5bbf443cd8cf7957b783524800ea5dbffbfca84de0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e15cab0563a934558a159d8539fc3f34

SHA1
f646db192adfcfe02cf0a7794852c0e0db77d482

SHA256
2618c71718dd7877b59d547358c220c7d8b2b75ea096b75162423cd337e01e0a

SHA512
864cce5823152bdce1e1e8c6d647c475cccb09a37c8dcbcce8067b995b62827b9dbfcf487668dbb11f780c40aaf7eecd4369f0482e69ff40b018ff61d40c5648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2EFF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar301F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit