081408398132d4dde8377387d9c2294bf19cf905d9a65f6ffe525ee4ea537e99

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 15:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92546ccb65f510562ddb2635855e27c0_JaffaCakes118.html
Size

2KB
MD5

92546ccb65f510562ddb2635855e27c0
SHA1

9d163b85f688fb1fc39fd2b08fea0e7dab7dc13f
SHA256

081408398132d4dde8377387d9c2294bf19cf905d9a65f6ffe525ee4ea537e99
SHA512

285339d1ccc07c7bf70983afd9fbf9e5f9c7bcae34fbfbf1bd1c37da8c9a5dd5a0df8c372e40ad1d36f40fbcff269ce7e2af23236dc91fd247086d9d7075de4d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000ee9d985dcba8afcb65917b6a13cd109fa279ffeeaef3f91f52d56d344df3327c000000000e8000000002000020000000d6f5b1bbc55bebbfa4d1ecc19696159f8dcdceb4cb6339acc58a9e4d938509b790000000ec551bfd55c00e2349a5dd14e1105c4d41bcd273761e2c44294d0106ea66dd350f2d2cb493fd203f8b82a77e0dd91beedc14ad2830e9337d222d761c27857c0f24dc6de58b3f070e204b0357a06c444ef73e0412d5f3c36b4a021c3112c5c79b9ba11ab2d286342026f821d2b67975eae1f4c08e8773d81468705aa3270d4de5aaaa5683af359f96604d7a454c2182fc40000000f016de980eef1c0e2d523c88fe5235f3a5b11e5a23a3422a6136863c48ced9167a6b53eeffc6dd609a8001da0582a412f1320f209bca133ca9f59388b5319c70	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000ad21040801f7c4d3e1518e1925d3793e9e8b0be102005b305ef122ab2138ce6a000000000e8000000002000020000000f69d4bfd0c73dca3f9cd28b565c3db513e3a63d9e3ef2e62874a83cf4adbc36a20000000c8041b5a6e95ab0218b0947b1ed0b07f8e7f6814d2d099768829604384c396be4000000018ea19a9a0d7f3019d8c88ba48a6e559f380496ca7d612eb13eb3891df113836c681811c62b9a95a7ba086a09bc01d32d3a0109ecc498c9284bc7960e2a3246a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423591663"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC4E3AD1-21C0-11EF-90CD-4A18CE615B84} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a09413c1cdb5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28
PID 2084 wrote to memory of 3060	2084	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92546ccb65f510562ddb2635855e27c0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02e805ddb6db524b607054370aee6a03

SHA1
5c12b69cbbecafe7e9b70fa252fe6e881b3b3b67

SHA256
5037c825c17aee516858078a33e878e585703f0474189f57ee6e13a3970c9d09

SHA512
d4fd2cdc740116f400d6841b745e59a15bbf109d1b0d08494ebb8f007108824255d86a61da691594e8cbac290d2e2183801d6ea4c292fadef797a301cea50c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
517776770fd3dfc5a6a23b313e61183a

SHA1
b472132a7d2fa2e4c4115fb74a79635467bf4e66

SHA256
128b1e990510c48e3c7f1c6d2e6e02d7980e4bc38da78584e7f156806435e089

SHA512
68bb3e7aabbf9e212e961d897dbc8924f4a04186198abd0b7fd92051bc507c59e852bdc2250a2c3febd50f82757e4afd1544b676165d478017a541e44622ae99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a24995cf153e9f19af21d49e8671ac4

SHA1
f9a9db134815d542054dc7152c1997ad0c7a810c

SHA256
304c63453b4cbb7e502a503acb49655dd504b3d6e5252c44be3e48a9d676ad0f

SHA512
aaba9e9863fd0feb25da53287eceae9920bbb329cf659e76c9005cab77691635fcdf371f0ae0217864cd098a171a598c973af666dd9aa32c3491274f5646f6c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58f9cab076cfe6ee53b559852a663d44

SHA1
18a3ae49894bb1c554601afd74a341e74df59612

SHA256
6e406af69d22cdeb3e82857b5c0c838908ae07d7b0a808f77e095a96c7ee159e

SHA512
b7410d6b7f2a7026920f54bb48c9d9c6bbcadbd5fd8d97791ccd2572b0f578417b6b65ee29a3e05d54cb08d4e5ededd803ac998d86a1fb872ea1f66e393b0fb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfb88021724a766bc9c581e116de6309

SHA1
747e4ac96c082a6190e2b05d8a1d5488f5d6ee1f

SHA256
1ae6aeb5d543a2d552b6297caf95534cb1718e8330167b58b1b010ec2b292e35

SHA512
b29f4c46a9c4e872a49cf85aa1aee3557c76dc0d51592f92dd06b6a67bfccd9a697c990d26c91c8a84e198d4e7b67f47865d190b58cb905ba211f31ffe7df8d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9c4d9b2aa3395ed06edbf5461bbd26f

SHA1
dfdc03a0fb8e9b28f59375a08039bdea6cba74f8

SHA256
ec9876fb4893ea796504c58eefc1ee3ce4446be787bf3041cc66ac930d8d1a28

SHA512
02af114e62c6484582648a376784c266af2b0ad39a69f65e95b3806b9b6d79ce24ae5b4d307cfdc0f7f43c01a366956403612ab1bcbde372a23933780c568189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f26cb62d17f0ec0eb6edd11fdb447237

SHA1
f7cb223c8faf1cbb8a19a14dfb7502d02ca71b3f

SHA256
9414349e44bc0d07719107ddd17757144f277ef8aee396e873753545856cccb8

SHA512
03d952d8865aa873c9b177cce03ecc01aa7a741c9a9ee71166abdcb272e8fb5fa69e8fbe16612cd74bb3708edbcd7687e25a0586ddfec09b7d7705744dd185d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a5a818a9cb36773f43edebb1dc1c6c6

SHA1
e5bb5b51b3f27c3e271a67de790164ec6d7bfd2f

SHA256
2bbc92bdbcdda2b05141a661b7f7c4cdf02e0562e54a368120dad5e545d990cc

SHA512
c95f1c9ee4477567b9f80793d696c03da27717b12669406afce410e3ce764e6264f3b194ed03244e39618af0dd93530db71c573f531bc5e6df7c95f59f4f75df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf312d176af8a59c2a60ade9185953d

SHA1
8253478bdb76bde7547f071b730165c63125aebc

SHA256
48d36cd89565a1a517bbbc7da03ec90f360e7160c3a0cf451f204aff2d046c5e

SHA512
947c54c15564a0dcb11efedca7b9deb21df3015efeca0e950842266b574066cc4203cd7ddab6337df63747d2aecfa5679d210c4c74bdfd4302c8cae9332982c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e0a5180e71ecb5ea0dbb3a01f5c2907

SHA1
a8ad1aa90df1cd7c6ad7f8a71b9384f9e36400b6

SHA256
16129ea4889ceae95479267411f97ac568a46ec97b3f02a843d8514cb1662e53

SHA512
85a61ef4ee472c58c666343da240cc0bbad94bc0452860d5d9d96a1be52bdacaa1d26cd450ba5722cbfdf7487858a9feb75ca93fec0844b813e4b02c81f3a470

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9877f838b47dea939e438ed67051d698

SHA1
6a38dae70293b169935c7a45713ce91a98ebad12

SHA256
e985d0acd4c8c6ae080f78a76f611a9e13bffb2564295dceeb2b293288a9b306

SHA512
9c74a81a3785c61f027c0e43f32513edd4887a90f84fe94cd24e5b30b8b79f5d32d2b703e61a8740a629773b864197a3315705d288954f7718a3d731dd20732c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75e739c8055fe9ffa1fed575d2b40ade

SHA1
116b969b10ba4aae66818e2315141c5474317a86

SHA256
8d4b6775bb2beefdd45c28b25dd44dfa1aceb6e09fee69b0c2e76ae4b2606462

SHA512
e16aff46091394e5a3c9e082b8e1df0af25461d088698c8d9cfe0dd795897aabc5052a5bd994a4fef21ff370cb457cc4558f2e75ce9882836784e26a82eebb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49686cfcf1fe2d4e000fa85a0d18932e

SHA1
5d00fa287a040f5d5cc8e292640fde79b2ea4620

SHA256
ed700d7642f8982e4f295ad546e027d7a8f98d173512c44012f72cb00dc3aeb3

SHA512
747c8c237943aa5e7bfbdf6c08da4ab523751024137adb1e51f58913c0be36ae9d5d6dd546599f7a06382dafd4e4a8da4dc996f7afc002f3a2bbb0f3e7b153a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e18b61703a69077d021aeab5f1d5d8f

SHA1
0ebeca14c6ed4217e34e9476e84d8298ac025466

SHA256
4dcc4882025009f413da85d1c52b229f037a7d32c374d0e4bce201a442f4d535

SHA512
bd3d7e6305e1cf23bf59b534967333dcabd54807b97608ccd909ac4756b42a401a14a02cd8a92143b152135a24545ff9815956d9c7898524bfaecba9f84f0f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59fa16019de5df995c2d1acf2dc2280e

SHA1
749d14c743a4d31e66a57a260606c2b73f538f72

SHA256
a810ce13fbfcbd944908bd53893148f40ea405cf637f53eb03eef028219bf25e

SHA512
a90fae1481dec25195ce886cead24e0d56e6137240eca8f242d06cecee17263f1ccc41b00b061150f20b8fee29a4757ca42b06816d68233f9a938f37608f529c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44e7ebfeb596d108b66e91a5c19f0116

SHA1
05d0fc5425388f71739b8ee65b6e307cf7ea038d

SHA256
3961571902212d55b92143af24f45850db107a15e19416585d4cd629bfa256e3

SHA512
8563b6530cd19788c8315276b5fbd68ae4ee0d9e97819fe90a709ffea02cad70d7dee7b5b338daee1410a77e22683e4a968e5a6c64d20c3f691b129d7af3286a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab24B2.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2611.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit