42261bf267d041e8b2420e4ff4d541222a03e8a1c772827a359624bef21a48bb

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c3f39f610d8d601394847644ce520fb_JaffaCakes118.html
Size

460KB
MD5

9c3f39f610d8d601394847644ce520fb
SHA1

8e898ad007fce06925b090eaaf9cc896ccdd5af4
SHA256

42261bf267d041e8b2420e4ff4d541222a03e8a1c772827a359624bef21a48bb
SHA512

bc07591a37df13d29cbe4c3a1f1ad4152ddf80b4137deb123df125e6bd8e401408f45a8d25b98c1f3520e5aa35efe40f8c01353adf6a24ecdf5d13f3f1b106e9
SSDEEP

6144:SysMYod+X3oI+YsQBsMYod+X3oI+YJlsMYod+X3oI+YLsMYod+X3oI+YQ:p5d+X335d+X315d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03571278bbbda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424222760"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000022f3a8666a16e949814267ec446bb83d0000000002000000000010660000000100002000000099629c4d4fc9e6b18c0c53a4936ebe79c4a58ebe628cbfc371894e2958e8ef7b000000000e80000000020000200000007a4ab28a3649f0d75ce8f3fdadc94c19c35ce480bc3d1b94611199c96c90fa9d200000002cadd416af50e5f209f3557f2cbb1c141a4ec2ea2e8d008904be5572e1443fd140000000ae2e211f09cea4f6dc8947a2bbf63fc2597b1eb2f1ce873d56ad26e0c3bdfbf5e0eb8b9644f85b5da42b4fcd358fe074e6bb32845103186741a492f17e8b87a2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000022f3a8666a16e949814267ec446bb83d000000000200000000001066000000010000200000002d1bd9fba6c09701170cdc5e24d937d9f7e507f3c7e7b8c74992e6c5cb36d58d000000000e8000000002000020000000c3a8cb634b2594b421825a3af963408025fa76fbd167301d1f821b50bf5beee79000000053fa003a205db66b65e4a52026307861a40077de95d6c17c60c2fce2b7428e8c74977b7f8fca921e2d41e683f6552940457d516bd5f934033c3cc52e2f1adaf9a3cd98b9a93ce318aa671560d6abd2a2a4b7ad758ba886c89dae274bc372d79dc6f367cb78aa6475bc67bfc6320a2d3688adb82c849b94c5a5bc4c8f5b3379cfb79011ed2c0eb5ab50750f94adf98d7040000000333143d24c6ebf856c5dc4b40e0ed1c7fa599ff21b793fb7ffda8d7793cdb86ac66b6666d5a3a1c0c623ff3ec82b28f3169e531c6f0bb801a2acb31d0cdbbcf8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E798CB1-277E-11EF-9CBB-52ADCDCA366E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1308	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1308	iexplore.exe
1308	iexplore.exe
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2916	1308	iexplore.exe	28
PID 1308 wrote to memory of 2916	1308	iexplore.exe	28
PID 1308 wrote to memory of 2916	1308	iexplore.exe	28
PID 1308 wrote to memory of 2916	1308	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9c3f39f610d8d601394847644ce520fb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c0b56a0cdbd5efd69bb8f117cd2096b

SHA1
25a73c57f3d651b2a38fd4080d6b427fd68b28ef

SHA256
798cf16c0779feda4abfbc9d1fb7680efe88beec7f761ca201b077c892ef3918

SHA512
bc5089ed8991ba427573a4ce721537c809e43a08a78d407efa94ea66ef2a02e95751c020e3881222cf05404c898f5a64e5bd88f260fa7eeb8bd620849e9d368f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2411a9d9bf92e2f3a17a942201a411bc

SHA1
7fea8fd414a9dabc41a4bdb40ddf5bc3bd2e9545

SHA256
a3db4f0000c4ba6160923174b43e8b8ac2de1dc2cba3abfa2fbe571183efea64

SHA512
df5787260914707a01e2b54d16c8035e08dd77dcc4f69acc48b616f71acc29ddfb30a36a4c76a8d9194530e4b598d594d86a82cb29b1391b94e35841e61e88c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
952a8be45759056457f2f3630ed40f97

SHA1
1c5a4828ddfb01ee5f307172925d2d0ca42c3a60

SHA256
a9f1c263c5486bde8addc289cfc0e9e9a59d6f7300df7914d4c7bbf25afbf89c

SHA512
41c8bf33b553ffe054a89b22f5303e74e420d972bb0055f39a015df74bbc6ffb0bafd88b11cc8cb92e2f8baa1e7f9d7da5f8648d126a5c7b3283262328d3fa8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02fe126e6db1b0f7141eb21a0e4c2524

SHA1
254556a37aeb25ee94e03620467d8bc58e3898e9

SHA256
db057f79be3ade82e54e58050bf91fc00c1db18b320426d1a22cb88e4aeaf5f4

SHA512
d39ba55655ca67affe30c69b59474bcf018fe55a10c95f8509ba0a9e4a917eebc43c878331f1c89d8e161de50ec88c390db9ef84a3d2ef98d61c27c094cc0f1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a7c8d454c85242cc4c1549d8f601b53

SHA1
78c7325618ca9368b88c5f87ebf893896c444b14

SHA256
25a37294ed25cf7b9129883799b4926b412c1735cec550f88de4948c6e84440f

SHA512
4296f83f84cc6f5128ba7c2e0e4f0ee84599a3c288d8c0cb14d676ee5e0b9ebe3f1f538e2b2d2c832babdc65360cc0373c56a4bca19aa3aa25dce98b6e5006f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50195dfaa451b369fdd7a3f12455170f

SHA1
6a8594f048d12a26afa18d6d7d7ce1aaccafe9bd

SHA256
9782221c3fa5a6497eb34d8a0954ffc297da819c0fb3e2c66dd5ba792b673d0b

SHA512
f32be84d9657e8acb5b7ee6cc99595e6b6c90ba446840b262e0db2165fbf67ab68588fb07144854dc8a5b6b5faf19ceb75835c9184a26e77c1543b00f2378d42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a88e4f4d57502d5db6ad97afe0a78bd4

SHA1
c88c11874dc9ce4f44b866f9aaa7c6a7e4568fff

SHA256
6898d328ee114318af4dc48595721285b4bcc5e398054a4f7f3d6934ef05481f

SHA512
5c5f5c019b3622a531ccf6a81b4c527d4476a8a1d2b5c3b7cb9aac5714c14e071e0c2a1b2fcb6ea57923184ca0236e5cfe869408ac73b04c5b8a2584f750a99b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
151673c947a11659c994cc0b28df9506

SHA1
1b3f75f2fa56f3eabf87dc5afd4de1dd2d418945

SHA256
2576f072fb49eebc98896bf221396017ee83372956fce4933565ffaf873beed2

SHA512
5aaa6be0727362f165552e788c7003969232102a0509711832affb941e87551b2e4fa04558cd5cef8f3d90bbf751a301dff67a8f9bbd0cbff357d2da38e25f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20b3fbdc6710195860b053b9b91a5c43

SHA1
f0fcb991880db3d0c68cfd382f640514779b372a

SHA256
8927abd869ee7d0b29fb5d3373f2a2ebf2bb99ada1c49a565bc41f335d5266c7

SHA512
7b0d34b99de6bc4840bde1e9392a82568f102c4846b480c96ea73f500ce3d68df069a1c0c0ebe69bf1a59a6676ccda553d09aa024d27f8a3eb8ab25dc9004612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e456a61dcc0403d2d3fd2578b3ea8e1

SHA1
ab48b33ca3d259d1e05fd5531e5f80026fa7ed56

SHA256
ffc7034a166e11783852a7b58b8796788d0543ae5755ce6a677001ba03738208

SHA512
58a88a2cdce75ca716ffd22f82b1644c68f5dd1623ad3a2d68c45dc3fe51f70eded3f2c75dcb6b1aadfbb70780a1125f0e782aa5e7a68fed2a169213e8cf6c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24be17984ccb41d957046e3180842e98

SHA1
8749cab669abfa0d5634cd1a99ee67d22e7fddf3

SHA256
a3b8f280aeffbf32a8a8d019695ce7475992005817e9975b689d85e63df96d83

SHA512
8e28970a1e926af25274b55a759fb3dc003e811ee562526093e5791e2e5f1f17646a1af4a1e7727108a77ad2b6ab65adb3c8d4a355cb6154dcc1cf642d16ebd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
046d7da4f537fe4a150b1705491072cc

SHA1
894287b99ba7a50adf150b76e1ce19f494cf620b

SHA256
650199a497c77e93c8e58c0e574f13812ccae5317ee65e2ee54eaeae1ec3772d

SHA512
fe7887d966a4c606ce6f138ea376c96390b28d486a2b2d57bff0c03668ccf1bae765415b93e38e53842652e599fd72ad33695961337eee294444746b1ec07b6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a01ca41aac149f7778a1bf12207bc546

SHA1
2302c5e5a866943125f19d6c5f8948b720043a5c

SHA256
1bc0cf6fc773ab92b9806f25f40f61f65566c97d4ba4414bad7989679bc934c9

SHA512
7f3d99b5ede85819923c3c97b08352fa6863ab1d7f35b2dcedb1ff68f24563d1cb9dccc64ee1a35a15902e2041a5ce1cc6d57fefad53071f5bc59337726811a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
733364a3575c27857472e85fefef9ec0

SHA1
71dda76fb119d02dd1bbadfa7c10b801973018b4

SHA256
b0b8b18c263559b258a93ba13a6e06106aaf7e6d274df9d67a3524401cc39d5f

SHA512
4ff6cde319d6802d80e80073d196e6b19f9ff76f8d61473678c98d64d58913b2e5f416dd19e3d9a154e85d74fed8feb736a01656e18dd6c47a406192148f7042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54e94c7e7e929170b501cd49efb8664f

SHA1
fb2ed5bf08c2e3a4a7e84b45e7de34b6bf487c07

SHA256
af74915941b0c0618337ed16bb3fb232bbf149748574e7e67b2974ac82e7f175

SHA512
8eca9fed5ba0ccff98545e1c216cb75478c2d5d2cc407e7f2ea1b5383c6b717d4d54f35d8cb13f887089189d5c86ef258ab55692f656fc64277bc1f9d80be0fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC314.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC443.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit