5e27d2702c82ffb21564a42243270cca70ab87505eab9cec6d60609e2dfffd38

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9124f40934054d17e2d15130528579e9_JaffaCakes118.html
Size

30KB
MD5

9124f40934054d17e2d15130528579e9
SHA1

1ed1c185690b6c1e14416e9e41261f1c9378e0a8
SHA256

5e27d2702c82ffb21564a42243270cca70ab87505eab9cec6d60609e2dfffd38
SHA512

9a311986a2cdc6b04ab296129e9a7004dce1fc449497175120c86900eb97a1fd0e88a75b0e84b139f025bd9f3b64a7d805960dd41dea23d33d3fa5612c030c7e
SSDEEP

768:RpUjM3Dg8RJABJFHW0w42w4cX0E0oQQThc6Ua:RpUjM3sZB/2JZBtoBThcLa

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000586dc1f4de3a07d0c82eb61ef74bc05d5d4aa1ece97eab6f3a5a43b9666979a1000000000e800000000200002000000084e6512b1b2cff73e42805c8f8e658b79d12d99068d0dcf58faa74990222c02690000000d440bf629eb2464130df099d287d82917933baafef85bcf0e409ea4063e113ccac6e5f8d18fbbbc830645606bcdb555b8d439e3ecbddad3ba7f9a27a8dc8d027c9bf79f7314edb37412c45d456a6e08cf160497d2f4837dee04f88c900a9f88be89e892aceab24412bba97f4eb7729c6152ef7408b14e9a411a9b7db01433bb56063598cd35709a0b0acd13289be64c4400000005c354fc486192cdf4a79df95329c3b7d41c9e34a86e6ec1f5433344dc3bbef39d4d0e9af46c9dba802bce5d89e82fc00bdcbd0cd7c5a0c42d026a651562a3c7e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d03d2343ce6ea724752a444aa334fee0633e1fcd85e13f807d1dbe461746c4fe000000000e8000000002000020000000484152d21ac450a57b299a2f2d6527a1f3a29272db8575444fa20eaa654095b2200000001a91df5ec6760aafded3c92fa42344b90c9ac4506e2a2deac48fb7beaaf3892d40000000eda132d00da12ec474392a1ac0ee0ca5fd62511f2ddb1fd6b1a5886c6507eb2cc83ed5c6ea97ffefb3af2542893c0aef0215ee1467f2806fd34f59033f43f5ff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3022672d91b5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423565645"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58EA1C01-2184-11EF-B587-FED6C5E8D4AB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1240	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1240	iexplore.exe
1240	iexplore.exe
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 1608	1240	iexplore.exe	28
PID 1240 wrote to memory of 1608	1240	iexplore.exe	28
PID 1240 wrote to memory of 1608	1240	iexplore.exe	28
PID 1240 wrote to memory of 1608	1240	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9124f40934054d17e2d15130528579e9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d1022a4651420e69f524cf20de2fa46

SHA1
068ba6b2f66589942d28eb41f10421a90e0b22cf

SHA256
e0a76edaa2f723b5c1ddc24c3f44f24d01451711950c67d93cbf51a5e7edfb59

SHA512
e1de3a7c47c8e34e1ece9ef4f1ab49930567407b6c7fac4c0dd17062ab0efa42071bb9157889e2e31119f3c7fe451d0642a6d659c2bb3c458ba82cc5e9b21347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7928752b2c89b8f16b81a0eaa7373ee

SHA1
bfb0679435f5c562f2d061057307a19b6e27f0ae

SHA256
a990d1f994052fdca994540c7bda21c9ceec73650aeb279760197ea814e716a3

SHA512
63af57ab6364c7a404266a5e6427b5f90c936f17218f5cc2f57fd31d773dc049c4b641e15fb64f3235a08070fdfd2b476f87a9dcfd9d67d96af328f2bb6e0c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55dd9450c6617e0ca2b1ce995db21bed

SHA1
06f4005b68d727e3fc34e183ff01f8bc5054b025

SHA256
cf12b4f24b938dba6f7db7a9e818a385116e58d543701072d92e1572960ebb52

SHA512
a2cca0633c78cc4f41cf348432ee7245538dd2253a7a1e5cd23e2d22cceda60d84e57aba800c2c3aab1cba11bf2f809fdc7caf623ff7c61a99b69b356bbd46c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30f63c5cdf91e7a854d81d4de48a1c6f

SHA1
cabce94c01674e5903463e1933bdf7d309b449ec

SHA256
95b4fc06a41532d9d7018014aaa1fb4017889d67efb665db541f35a2cdeebff6

SHA512
abf057b0de5640d96798f1a4aa7450a60f549911e9a9430c08fba9ff4be8469389e85201cd2c6b4974389cd4f5a4f904980eb1cb6082b1af19669228987e0d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86d960cc50743667a236602ce46b876b

SHA1
918e7be43e68df30704e0d6647ae16171d2e57cb

SHA256
bc037813f885dfa28d075ee602a64f935c69dfc08cf651e88a81a0da718ae82d

SHA512
29e9dcb988cf9a891cec6500ae8faa6db769ad1537ddddf8a8b8e4fdcc56b158e25c00e2014d0fe783063767d1fa989efcc1cd7c5ddf0389e12695dc552165a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e7915dd707ab91cd6247c2ad70c2cb8

SHA1
a4e3d8db8124a07fc3c4e51008de33f87dca0938

SHA256
cbad15c0b77e4763763baca6c6ab11c5165a55d58ea91718d539d0302b0638bc

SHA512
269d6b099f383212aaf24e72d43a542ad57f7a4346a9ef6fdda9f7f4604c2791a56ba589251cbde6672c8e14919cd11e12c1ff6decb8b3fa4038c6c9866bcf59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40646ff4926558d65a153d2e125cc0ff

SHA1
dd027aa661cd09c2caf005aefd446465ae173834

SHA256
448e049744d64a5cae2ef08a769402e28c9345ee3afeb126f882045240a0e78e

SHA512
4724459d0e8ca5a8de4a71d0337090ffe022c92ee3057e7b19850beba57ddfd904673d2cb8738d28203c517228c45e11fa4f879de8c9d6ef74d009bc8df0ceaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
127d763ab904517c80275a7aea199c32

SHA1
59affbbe811124f54842060756690e86126569a9

SHA256
47c2b6c3b61e372105b2a6858a4e13269284b04f9a3139061637ba0be6d50bcb

SHA512
53a804087aabeba272993ac1920d96ef01974f14a022ea18d2199498324d4c9d2f5d3ec58ac772aa90c8c74a24abdd8cec40999b8bc1ad974eb8b5a0c8f473d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c76b732bb2e036fbaecc7b49dd89404

SHA1
a1d07b376a9b79c58d3894cea7d59e6ca91b6628

SHA256
965c020fce9b3d17b6d167b0fd084994213f18a38ee4d4179aac9c86e8fefbc7

SHA512
93fedd7c7c3740364e973e5ddd12c23d018ce36537b3964ac19a6df6cdc2a3081f9602c54820cd4f0a847dd79ff0814654971f23572dd088242f27f7def3553b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e719b7f05495c86230d33e5cbec76e8b

SHA1
90465f585e1dd69fc9f8572a6ddaf48797f1a47c

SHA256
13a2371e839b696be396fc4b324ac0824d72d4e23c8c627a295b86a6d35720e3

SHA512
c5c81e7554dc53e2b47f21eb65859fe36324502d7fcc27f6b263b0920a6353605b438cfb48653e3d28c287fdead2e4d104f87e22028a442b347c4ed5aad46887

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a71894b447bef641077abc2ef32529e8

SHA1
7f8318d0d1e514b3f97837a1524d4423a9d7477a

SHA256
00c3006959fe11c4b2aae79a184fb5cedec31b830a4e32d0343542d58d6ac7ed

SHA512
55c8cadb42cdc51069231b49a5fcf7740e577c3d4a7fea76863517bedd4fafd027fa937828ff147afafa60847d76c884b543f9fd6e163fb728ec711f062e50b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2be6efdb0803f9e1adc5fb5df9e5000

SHA1
601f85081a7c516cc2a625e09ecad4b66240cfed

SHA256
073ece09fe4bb0f58a481fae25586db00dc3999e7a0722b760618c8a35fb9681

SHA512
236d2949ef322a5ccbf3136ce87f802b3fd35ec3563bf61c41cdc838365f55c12c95e75f1054c45ce128a6aca8287349bd27a2f251f9725cefa87bd085575f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2de168edbd53f99645d96ce64f98798

SHA1
c2217e5e803744d9c7448b83f61abfbe66d1cf14

SHA256
8124946f24ec501d651322bb3498597a70afecca1a37ad62ea7023b663cde071

SHA512
09a76ad003cc27a7a5798d3a8cc611b40c41212cd568f1331c0d8f4ae369044e8de0b43eb996236a037ea10e5eab71365a4ed8ff76371a9309711d50b36c14e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a526e2e75bd8b1ad94c34c0626d82b4c

SHA1
0bf978ae6cdbe8c5a179182ff41e358960dd8381

SHA256
3bb367ebc609470f2e491589ab139d206629936628a7e88ec5919086c67cde88

SHA512
2d054593d454d25bfccca2c58be1307e4ec2b5d8be0ec4bb35f981155a9eccf802ec627c28515335ec787bf3b28f789aba0b2317e5f17c538db55813227bf1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55e2f443153c124b90580bcbfdc99ed3

SHA1
e058dbf458ddf9b88e0362749554d91d34fb26d0

SHA256
eaa0d804a0f383becc6d1a8f49715569a000efcef9f01c19770d1e1cd8f030a4

SHA512
eb0de0d8af8afa5736eb1d942fd4e69145aa91aa0bc3facc2b42836bc617e40a66c5e29a5dd8165689ba1b547b252e262532cc2a6a987435a7235103412762c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
457fbea311c4da8cee600fac1af06e98

SHA1
b69562c5f97ff72d161ca785bb3e7243d0173abb

SHA256
5dc642aef56212750d24525660846c8a8edb3ccebe937ac527eeea76cea4e785

SHA512
268370c7d966b27238eebfba979d25b52db1e99016ebffc7b358aab260118f4ebc2afb3e15b6558b92c081656aa745c274253a1f5b3c461dfde7596eac1d7908

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab47CC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4860.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit