6dca22752dfc7dfb18c57b2b2692c6ddbe83f99584f571f17822538f1168642c

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f7c5159b36724490558a4f29027b0ab_JaffaCakes118.html
Size

461KB
MD5

9f7c5159b36724490558a4f29027b0ab
SHA1

ce5538f5c0bb11d40189748288023365e0578da1
SHA256

6dca22752dfc7dfb18c57b2b2692c6ddbe83f99584f571f17822538f1168642c
SHA512

ce864f2fc91f9d2ff4581a19b18e20b6fd579bfb0e831febd44cb5201e0234fbcfffb8e1c38016081cad1a692bb9d23de70ff04ee2449c922ebf22afddff3629
SSDEEP

6144:SdsMYod+X3oI+YusMYod+X3oI+YVsMYod+X3oI+YLsMYod+X3oI+YQ:o5d+X3a5d+X375d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb73eb8a759bd647bf6716d0d3c15a1a000000000200000000001066000000010000200000009bed297e250e4614a8c15aab855a19d7d5b0772fed899df32a54d1d337588988000000000e8000000002000020000000602c6436e27bd0e131a13f0e288dce22af231aa2cc6829a47a7fde9818c3cb25900000005f5a75ccbc7634acaa3f0f99f7e65caf4b0d4b49c95ceeeaf35f3a41846fd76b79658ca9f0ff3b14b0e604abe650416aa3454a1b4ac8e5e2fc21dbecaa519920ce6d0b44d88c07cd1fd05ea146618edab1c100ccf2ea4583d7fa9e0007e8a1ab5caaa15f11780778f7170971a95e95f0a161e51d183db3dd44ea731cd7a9f2ced985e8be93a27dc7f1e614c179eacff140000000a60ac1b811b65e0957be3ce1f179d6335840345e1ab6255fce8a698289e7c27a8c7a42c4d1637c64ccd056fe6da4fc11c62e19220c2c743b66491872a03278f7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb73eb8a759bd647bf6716d0d3c15a1a00000000020000000000106600000001000020000000f8d152a208c7103741e92f05e621836da6f9388f705fccded29abcffd24b8547000000000e8000000002000020000000d4377915ff617883efcf94bb5c7e637227902468a0545b4c512e0b69440624ee20000000d34ee829ff03b5d24b18ea9ca9b5db8081a5a98d13dba86753521bd172f296b8400000001c8abd8a7e3c983abc2237dc7184c0291e8819b17de242461384073a34985171b688fe738a57f069fce33f12e1513dfb17037d37ac0dbedd6a4ea06d177e51a4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFE616E1-2834-11EF-922B-6E6327E9C5D7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30337ea841bcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424301144"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2400	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2400	iexplore.exe
2400	iexplore.exe
2028	IEXPLORE.EXE
2028	IEXPLORE.EXE
2028	IEXPLORE.EXE
2028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2028	2400	iexplore.exe	28
PID 2400 wrote to memory of 2028	2400	iexplore.exe	28
PID 2400 wrote to memory of 2028	2400	iexplore.exe	28
PID 2400 wrote to memory of 2028	2400	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9f7c5159b36724490558a4f29027b0ab_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7f89dd5495d7fb2dd87eb04465d89b9

SHA1
8dfef6bf69d0ab89fd4b5c87cb4311791b68662f

SHA256
68122c85f33ec5eab24eda101ed692cf5039dae79d00bf3b31ecd0c0e6842e52

SHA512
9a2998da15646747db7e8bcafd1bd2bbe7b0c70c9a0486e2e6df608a671b5e2191526356c48e5762bd383276f64384748ba7a47873aa84f5fb0672df37b69c64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81fed031cca2caeb847a20240531381d

SHA1
5afcc63170a51cc3151d37a96388bf32f7c2ad2b

SHA256
675da7dea32bcdc396449ef1515b8d579c016b9bdd1db648ad666d175bbaf4e0

SHA512
1073008451e4411f0084f13091b3f60faff2daa4f5bc8c2a69e58c1b1e851a3cf4a8f2df02d4fd512e6084091e292f07cec86d6373351557ac4073bcc83f3c0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76b1dfd1c144daca1eebec062bdb71b5

SHA1
aa42a283f2bb1859aafaac8767161b0a21ff609e

SHA256
eee0034922b198d220f2bcfcbeb360156424101bf90ebae816add224a6021727

SHA512
841a05389678f6595aaa85c5f8cf6796dc4e585d44ecde432e146e4348fb8423062265b429c113d55015d0667b4cad8e338a6e5ae8dda6f1851cf54bb1fc8298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af3b3c4eb3bb4c95369919c905001e36

SHA1
a7a7a30fad13b1917ba3dce7ba28864e99fdfb1b

SHA256
53d01607134657fcfb7ff0049310aff9e940364a1cfd1f1702bbbb99dfcff488

SHA512
aeb896e430b4b0aae00367bedd41b8371a2312509e7556860a0e539257b351d1d2c613d5dae568d242d4bc82d73e47c00ef399db3faed850d7bedf20fa6d534e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993f64cf7b48cf3d15014c9e0b3ed3cf

SHA1
d91ca328d4c08ab201784fa3ae804d9f65cda8b2

SHA256
6d2edac20341db80f5717a92fe9c2f54e45c7de118976199a4785af8e0853d50

SHA512
fe7ecc63c247ed8ddf5822e29bc87c48781df6b01b65a69958c2f2acd1a3e1f61846e2e121b555b3a1c5d034331d87474288ba7d7e9fc4be58aa9f7d186ea955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
810c886fb17049ea34439b96ce91e70a

SHA1
52f149750d42a9cd61b0ba2fc8bf4233e116bb45

SHA256
830d38329f705f912dd8fe33d6eaa2b8ae79e2a712709ef78c559fb93b8caa6b

SHA512
a199b6472b8e3a433a210fa212c7a0deaac2fa31b6437bb112d9c6cba46f8cd345ef52a5790e0420185cb56d28da56d90956f15f86a624f977c9b2e36dc874bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a24da13d98dbd3469de11bd3ac7924cf

SHA1
0fc63d6015237d027a323daac5198765beb569a1

SHA256
44a574ce3e17c5916da64ab433e9c6170116f82695469813ea954c3c79f01b4b

SHA512
95ae24df93f78fc3ad84fd375c4949b3fa72ca77fc72ceee8129888fefbba58a5580a9f8bf6cddd53a22b924a35b9bb82ef6e3ee252d1334edba9898307eae1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f506bcc05ff4114f3554228c754905e

SHA1
c52faf900447eab6795e30042f3516c6fea631b0

SHA256
afbc6c03c223055a200796b5f312ebf74376e3e69260af0294fdabf2f5833e6c

SHA512
2c13191be93ce0744592d578bda13852b53cdcc22c988edca2ec1ea81b3ce6d7e9ef1529840e1755130b1fde40b43ca4f80352653889eebb08690d6c33090a78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3759f00b606bd521dea10e351c630e32

SHA1
d697d70b9626ab272b88bbf481767915ce790bec

SHA256
3e18630c72c862772ed0146e2a7f89ab89457ae11840ae6445e124a6310ebc41

SHA512
a9c456d90cfc7c4a9f47d4aaeeb9683d0bd71cfde25f36b72539388e7b0fd19a32a5f959b605bac5f5dde1ec93791ee3298c895362a7e91dece876b0140f0f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d98ae707e43d006492b2a71a6a2863ed

SHA1
47b4acd4d9ea53083eef8c553b7b9bfb99fd9aae

SHA256
43b9ce4928c4b2c19bca5412f99649bbde5bda1a2c96b0acb1db8d1d3489af3d

SHA512
1d853f6331a987cf043d306efcad9805139ce1553aaf768d0c71c375af74e23cbeeb751a2ae1169bc871dd7eaa8b2f1a45af7d53fc251f17bd2653d2f7b55947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f506fff11432b49d751e80428c8d39b2

SHA1
ccd38ce71f0bcedce6997ebd05c1464ddf84822a

SHA256
5ac3d6b4e0d56440a249b4ed84297896cc1c8f2cf29c84fdfbeb4ee1c7fe4581

SHA512
a3106aab78990fca88e393016b959795eebce6b9cfa8b4987eb1e56426cb33c8b33388756526ac21bf11d25e96a4d158700087ad652226f5b4004c8f0349da25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6e81b91d8caa3169c9aa93fafbb8745

SHA1
d6f5be857622ae05a7f9f657e4b817400ed0c7c2

SHA256
70a277c04a45bc750f3aa932512050a445e9e6ed7cd1066e5967947f8b265dda

SHA512
ff299dbf0b65dd6698ee12bf5322d7c36e81fab09f819ccb885384d982eefa0282669123dcd673e4910448f76a289d78b1360b88c081efeb085c7ea4d00c2684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
547e3b64d69c7a953d8d7546496847fb

SHA1
dd5a0db8f557c19c932e95fe8985ae27bf8ca3d1

SHA256
27d3b9dc31c395484fd89f87d4eb8f05da586f7c39dfd5bdfe4aa0d8c4c4a0b6

SHA512
ccf0ab4d69b4d4df12073b0f29fa03829048a68790fb442d31712bcf80adabce6bcd2117592918c83e32a2ffd9ef9e4fd535b2025f49a28ba033d308b7cabc06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f015809d9c62ded110ea82f6341c553d

SHA1
a1e93f7f246da2beb1006074eb3a841d30c36b1b

SHA256
bebff175d395181c56afaa3c8bcd0f111a3907df81091770896c81c60ffe79a5

SHA512
6e668df4b5d09d9dc3c1ceed9ffc0e3cb4de470a6231d40afd206fc7c0a5054c2197a3dff281819b253b6fa3c85e0105e587bd712ae8556b8f3fa3b3be3da99a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26c8eacfdc5a59fc719221df5122cd71

SHA1
57b525cbeef15909ab7bfb4381ce3e576d677499

SHA256
f0c61ca138e78678464513b9dc69768f7239650160db1dba0ae261fdb533601e

SHA512
c3e3f565603389f4748ae12167d2e830b43209f3c56e8ad0d6d3a46b636933007cf449ace4297c5957d454f04d0680559c1773bcf7687f146dd1239ed0c9854b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3334.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab342F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3444.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit