2c44b862168633482089201edfc2c22adc6dd9c5595483a81732b6d1fbff6db3

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95ce16d2027fa96630469e8f0f6720a6_JaffaCakes118.html
Size

3KB
MD5

95ce16d2027fa96630469e8f0f6720a6
SHA1

9cbe93fb3a12504de1bee3d06074fd82d9da5fd3
SHA256

2c44b862168633482089201edfc2c22adc6dd9c5595483a81732b6d1fbff6db3
SHA512

cc1aca204e4185958f9381e59999beb47e3ca3bd3757eabc3cca382bd1af534c44b8c3df41ba27ba211198b5612df41a5685293cb956e4f0657331cd995e90a6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000005711af01b908aa23341ce7bbef13dfd65a1e12181b6243e756417b4290661044000000000e8000000002000020000000664b31fa0b6af82dcc4b4792c1f82c1ac64d497c6f612224d71ea77b064a4d2490000000cd87c69117b368a2c02dfbbee875f78c37cc1ef6fb989c1d8e152e2d5dafd65b16cf6406ac315033410c2eddff4c52ebead58c3da44510a4a65c9c4cdd9d587b443555ad0b5f711fc8ec139a679af0ef5266e0027f38f7b0f8877839ff19a69a9c40b905fb5ce5df40eaa714248e751e05e8854721b70bca16d4508f12d25ad8857993c51b6d90f852b73cda6f1ee07c40000000c34df5d570563866c1eca09f3409ab93b8b65ea13c265525962773a97327d5945fbbb70f05a85041c3048f8881f749c83698a1954c95347fb20798d8bb854d0d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20bd41e4aab6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F98D491-229E-11EF-AA6D-D62CE60191A1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000f7572594f7211b220597e9ff5b094cee33b7a3a62a99886c31e3c638ec3d45f5000000000e8000000002000020000000bedc1912ed92948caf79a235ff80763897f99e860dc923206229d171e930aa45200000006213cdb5a6b158b4e0c157930b9b077f0cfa27b018b07f3b9e8fffaaa25d697940000000839525c04a2adfd05fc1f826a2d222e45aa3261d89f0d697bb1e0385fe1b7ac17229c6eadf5972afbcdc46c7c2b776ba428327101d73d12d944c2f9599116493	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423686641"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3016	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3016	iexplore.exe
3016	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2700	3016	iexplore.exe	28
PID 3016 wrote to memory of 2700	3016	iexplore.exe	28
PID 3016 wrote to memory of 2700	3016	iexplore.exe	28
PID 3016 wrote to memory of 2700	3016	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95ce16d2027fa96630469e8f0f6720a6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95dc2a6ce8d27e65e5e8f4a11510424f

SHA1
de4ced6f0113ebd1be72af3bf21b1fa88fde166b

SHA256
a1b6bafac43d8951a9b31f5a1c6e27bb9f19d79d3f6884fe494ece06ef0d26d5

SHA512
b1b364ec0ba5ec7e919b0c28f0964998111ec2bea3291a16c6d3f83f939026f5fa3ec8fc35b441423751fb27764b29629bb7e80508e73485cc851310a25e8ab9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
640c1bc7f256dcfe6e45d6b11fca7c2a

SHA1
b41523a18be217ac931fc667e4b5a1c6bdcba1fb

SHA256
3a59107d07c08d896452bbdbaf48d761109ed40394c63d9becfd08170d893d5e

SHA512
01168d70814a8284041149e9452cf6fb0e89e1d7835aff75007094c785575f85f1364827a96231f229f729fe18746e7b5cec1a0bb7bc244a3bc249f8e2aeafed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64ae234b3be7020a56f7996ad0f8c65c

SHA1
0a1b6a5907cadcca22dbfbeeeb848d68d0569d59

SHA256
5844b0863d4a8ec0b7d807be706b0af17e67754b1db1099e6adb9e3676da20b3

SHA512
4b5e6b0fcf20e973f6f88d21f009e57d8866c4053340ee69e48875c206cc53b033c05b00b23880a61c1dd786adb75929ab151fcd129a02999e0b6dba693f8dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cff908ed408121bd0ba9bc5f09d3cf11

SHA1
21cc0c7d0aa9d0dbb023021448f6dd91949c02a7

SHA256
794c7ba46b9a0586af81e4a90b59e024a91040d1489844399929c4b6f280770f

SHA512
c52ebfd86e05c53bce2500ba1bc30f5031488adaf3fb59bf589244591c9aea932fc9a1ebdc3f82defe840c0aeba0a1437477d1279dbba3aca6a622299c5e8749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
697614c115729e8c710dbe2fc2c163a4

SHA1
aa799ed41cb18477422bed6608b5f177e72c3a82

SHA256
d4de4bd2c1bc01bdbf8cda558e98e9b46f8b1d29a8a7cb605e99150b170febcd

SHA512
968f8c511a367dca7092d06b92c6466756eb25a0ffc5f01a7aeeb988083eb4a92e370835a75a41b07a45bc6be35543412f96d94f37c20cd6d81d821eaa32fe4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
befff98fa0343ae34c1af12c3c39f4cd

SHA1
d870632012e5c845baa6bd310a0fd5ab6e8f5b4a

SHA256
4bad2d298221d2af62d698f7e743b917df63bcd5247a53a164348e271a37ec76

SHA512
0cb1d5397564d73a0f8e9bfd52ca634f10ddc3ef22067320537d0e1ce3fec7c564b14335a24373c5f87e0c09040ada8856ddf37c3e587d82954399951c65ca33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59ac885acabbd58dba4f180700c6f9e5

SHA1
3ed9231400d082c2d7e4e57204dac962ee567a97

SHA256
eac3dc12b91e1050773bd5fa08e91a24b806f42ffce9e827c23ddf182946e48f

SHA512
78fec39eb9b01801dc7023eab5bedaedea9b976bbc52df53b3d86be5e162cc3da4b5c0945aba37b7ad985cc0a6012a46a05c89cc339b6cd33dcc7eb84ddd3fca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77b8e31636c0aa930349164ba17d412c

SHA1
ba457ab5b836795e87afe3e2d7cbc0dfe771653c

SHA256
077b048b59472f44786762349315cbe5f23834b1cb8b82e959e8f11f6db4ee4a

SHA512
9456b0a21e2b4018310bd5269a0e4af36581ae7fdf10640968789bf27061007e364408673b69eb537b7a153db7ab6ad6fc939dd2d54ff0d8b386e5e0b5ca8db7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15b8f422c71a2150c2d886998902ea55

SHA1
0b8da80de3e576ad7f99732601e59c704a4b3629

SHA256
4d60facf6c6f4ed7b3338286213a57aaba273785f6d8fbb7eb000961c130f7f0

SHA512
2ffc63973247c69d20bfed1c91306f9f2e0e54ddde5942ae0463a523527fe13c864a2d53a27728802f16567874322cf039e994f9c8f0ccf8a01ab595d4dc4776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee1ff650b8e0eaaec3bf1cfd84033dfd

SHA1
0e78789f0103eb3c0aeff5fb26393921d75a5e94

SHA256
9801a0a7b59b1917ea71605ead764b6ef49166ec4e190d62867e0d8e6c3fdc51

SHA512
2e8cdf7f82f4d551e60ceac98b6551cfc83e8f4a375565ed63230ad593ccc5739777dcd9e8001f918adaf339ffb59a3aa513d6e06cad0f433be9b6b6dd5f9e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e0d87881063bcf8c968cb5c420fd133

SHA1
0e0a2deb58e275d8d2cb789ea62d8f25dbf3fa00

SHA256
f692a4be1ada717168dfff83c5a444e8b9dd8362777d2ed58a3ecebadc19c5e8

SHA512
7543f6f6e18defebe400a0844c0805f18fc65137756dce3c995d05e1e89f3cdbdc124b1f3b5a34ce51db9ac52b8b9f71a3eb1fb173f7157eeae6fec58b42d2f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07977cbec5d6d465de18d793a2e45c91

SHA1
17a4741aaa555a8f9dc8afb1c4d22d37cdd724f0

SHA256
d39179f8cd6c31b1c481d0bf64358f8d8ea68929b209c0d3cb776e48e986ce91

SHA512
dd4e71c218054a473f4a60b7b568c6a848faa5c2c48be23d00c0ad9d807afcc2635a712c614bebd45562c9ccb1e9dcfe485283d35e9d1e575251b2f2131f4675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a8c1376ce9a6a1b2cbff5accd127bcc

SHA1
931bd27f487ab23339fea19a88d8fcf77d8df0cc

SHA256
ff2df80fd8c0743283f492fea25c9c1885f8696a610355c437a410f747678396

SHA512
ba0b8b201df1ebc7f16c7496f3c597ceb96a6bf43407547d2b0887debfb1e2f00e6cea521a6f30a725b8498ef1dac34bc01e43ca9ca99c79b7512c6a0c9f1f15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
230f52234f84e94a1bc459833d2f8679

SHA1
c819b1a75c2d52a557d50ec6176b0d9f61d10ca5

SHA256
18f0056ce13d5f366cda296acec3f566502f5495ef3c247d026a1410a00508d3

SHA512
bf50993dbb780cc726a4718362743389d90588cfea5ce1e826f9115d660f2cada673a13c1019baf62f3b00aab680055cd1a7096dbecffc1a0a24baadf107efcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ba6f9e89e65b07850eafb01cd6b0b43

SHA1
a965752979d4d92902ed1279153b8f691e041ad5

SHA256
04ee09d00826f4b9667316c7853bc24f2c0a12cec5712b8f9b7bcf7c4295b763

SHA512
a4f7c57aedc9dc1d47caa0694dc4da4b86b1dcb80ead3ec74d1f009a861d1c88c79ce9df0fdd44f9d94b87a21f7bc961f827abb81881266622a08d68d5c88d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4B55.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C46.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit