ad4a68267b4584e3830d0736075a7a38fc92416c23f186ab3de5b2d4a4c57e76

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2b2e6d0dd035413473e79b83adce610_JaffaCakes118.html
Size

461KB
MD5

a2b2e6d0dd035413473e79b83adce610
SHA1

8696e850d32d8c4ca151b39bb284e2bbf87e8b1a
SHA256

ad4a68267b4584e3830d0736075a7a38fc92416c23f186ab3de5b2d4a4c57e76
SHA512

a6158ed6d53dee086c83d4dfa19e3dee598574bcf4aa415d6b04b0fb1f846ac76ab1dc3f2f49a97e6fe7223e80698ec24ec5f387a37fcce7eb413fb07784cc04
SSDEEP

6144:SLsMYod+X3oI+YrdsMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:K5d+X3H5d+X3g5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ee21f517bdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424393186"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C6A43C1-290B-11EF-B918-627D7EE66EFE} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004f5987a25f31d32968a0b004815581b6db05887ba143fa02ada3a19430ce9ce6000000000e8000000002000020000000465e9227483a7c5adea43b4ae66e595f1ef7dc6e72c3292f7dfb2c727f347700200000003c130ab206219d3d762a1ce78f4af5c5b6ea3f0f1ba3c8c7006ead0eef13508940000000a31268d11c02a285d95cd7ef5cf99f624e3db47e276a82d7d8090a9b80db364457edfe897106fdf42c1bfd33171e2ee2976bc96aa129d85b1c4813c970dd925a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004606523ff97c17489e43f9be2f2327081807b6f205ba2ec29193ddd354f5e50a000000000e8000000002000020000000273580512aeb7539a6157d3ffc469d19615ed3e4c34a0167bd0fe35cedce3d1390000000866d33ad5ba9ab6c1bc249be3d66635d957c8a91c36acc1ede7886ede3213a23fcda117e3f45624fac0a1879a12aa4b3e17a4adb1cbe55aa11445fc3416f6356f6958b83b9666e46b4bc34a9534a41b96bb655ef407835fda1791490f1b8eeac8262c0a2381cae554afe1623a5141de19edefaba25725353d63e20fcfec5aecdf1a75fa5854fab44c8c4e087f94d0d4640000000f8e506e2c89a7c112299cfe543a610b2120973ac54b3e6937f00f03eeb3c6666acb4b69dab61df233e6edc6269506b4bb1ce843bbb5927a3bcabd4473590760b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28
PID 2440 wrote to memory of 2776	2440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2b2e6d0dd035413473e79b83adce610_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db656a506bb3b1b406739fb1132c29e2

SHA1
890ceed5dca2c3a02456f7a09db4afda761f3415

SHA256
4d2e15a03a1be6c51e147f38b20d2e64695c4aed9e955d1a33781106dd37485b

SHA512
0fe7b547e0b73ea56b155d5e26bc6bb423e17051a7a001ee01c24a0db0f65d559a61db88be9c677f82b2e43c6614b0dd5ab6d2ebb1095a5630f591409db53eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
297914afb38e87fb9a5d0d31fd9a3bbe

SHA1
f9e3bcc48bc44a13d416abe7c869dc743f3477f5

SHA256
ad2b7a7f705b7bf75c709ff591be47e40f8f3a18b4f0dcf2651ab30a23a51e17

SHA512
1301170524457510356bb9d204770274850fe1b92892f64fec027267d03ee0e0d9e077dd16ea0e014523903d5336d0edc7dfcd8102eb59dc5470fa84c412902b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
406d9774916e649fa945b025ec6b785e

SHA1
f67e4aee0448f41794ce75e874c5358e6672ad97

SHA256
b1d1176be6095f0f4ef1e3d1fda7c3dd73bb2a81010da7d1252f1adc30b4bd9e

SHA512
474b02eb29f8cf79e900cbe95e077af8eb70b896433fbad1357e13cab97e2862d7c7341b6da445dbf3dce203041c96b2e3bc4f444e5d14ac7dd3580a526c853d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01ad04a6449209d6a88bf902d438e6bb

SHA1
6ee30283d1bf897910a43af282cd611afa9cabcd

SHA256
37c28b218b5d79f7b0a8595cd8756551b79b048e6828db7d086dc3fbadf6d72d

SHA512
ca46df9cec1095e750127b9de82a3306a830885a0215b4194fc8bd05da5602af91671dcbb4ee1a4cf876ebd629b22ff6c22e8c01956cb5912918a11a732b0e7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98077df5818c1c2174c2476bba9b6665

SHA1
038b2ddc40d231a16c458d71f38dc947dbe27c0d

SHA256
acbc20dd3f6be9061721d86f5d248e132240873b5eedaa3917c557bfa17548d2

SHA512
3e34dee03900337a757e1e5bc4f366a87d2cc3abdc4f532a8de520a75449da7c55b48f4a83ed578c7e6dcc8abc39334dcf4607f318bdb8df17bd058a06bdfb97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f0445a7168082b11c6f400364776642

SHA1
6a3584b7b03efc84743ec785ee88316dc774d9a1

SHA256
b0b7cbb3b318ec7287466a7a806cbf01dae54594e97ff8bb0d407cd460868833

SHA512
82eac49746977410d1ff577ba87913e1758609481aa05df1c2640df59d3c278514896c6919946cb551334aa4cfe4644e1dc14af3f56d88c042a2e93032285906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
494d8336177ac781e2bc16f0f360fa26

SHA1
b1263439c060f12018347c234f0f312bee5e3f5d

SHA256
ba1775d0e8c60f55753b3e908a0607ad32e280bbcf914676aa329e662002fff1

SHA512
6f306794e63bf50d0beb4b1286269f6bb01af7307205e005bf19662439173d684451ccb9e0c3c8a749f7393bd33d400290b10eb255d6da8dd72d1e1e0bf1b879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c3990817051998e12a654a971162125

SHA1
846c0e8f11ab6896a09ee878379ee475c3406b4c

SHA256
6730624e588e16907f325195f24fd45899584a8779f810909c6dc795825b5228

SHA512
4ad35454cc3e1e2db65dd78b4e35660275a0cd130b235be288b291285c7a12f17b1db51a9ca08c31505186f555b00dbaa2c433fd30aeac455e668db4401eea2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fbc3a8f5931c94343f4afeee50b48c0

SHA1
7063116c2fd7785216d8f91db821d96f5f091313

SHA256
6f048748572f867f8fdcb835af6289aa8333d75f4e71098eb690ff4183da272d

SHA512
a6af2fe05a60d05628cf2b63a25b74af61afc8d5d076b3453d36c35fe804f7ed7d9d3890e10a503f1a11b01785d2fde1207270f6c9aa98e1543702416f9ddafb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b719c6b1de0783ca71fe9d10bab0cf0d

SHA1
a462bf1c207235185d31bd75d51a5e1f9ec72165

SHA256
c2950ad2d5638e79dd0e5f646cb8e1b06609dfd9084070cfd697ee3cf1e42acf

SHA512
6f4068079dc509f00b691e3db51cbb914b6227ac7fb923008709b6b370c016e824a5e9878cba73736b014a22da3cba488852f903268a599c56bdf628cd108828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
551cb78ad94f71aee4d20eb73b4e12d8

SHA1
44d1da3fa436f3832d1e14d81af7fa00efbbe693

SHA256
7b9bc97487633b83fb33eba843adec18049aad146e3fa03311a059c651e0ec39

SHA512
c27f26e9ae75b29db940799e49763146e19b541593afd962c3cf84e8d503e9e2756b080a2c1f007abee1612deffc4fdc2eacd30737474108c0af9756669b1fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c5434da9efb92533397938cb29c768c

SHA1
3f01d587e6a096ce695419cda7fd9abd34858bed

SHA256
8e75b2dfe8a840f07f54a54a632fb3c2bd17610ccb11f163bae2fcf5689a50b8

SHA512
5b34272bb76b00febba4dba5c78b668cc404d92e12ea5b640c97db777378b0bb70bd55de0f18ebedb4553e7c8ce914d8853c176ac84c15549e8aa3867eb813af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bce27fcdaff61555ffbd93c44888c87

SHA1
f96f27c15326a9edd33b3f9ca948d3b8246be58d

SHA256
623243116e1fea856e0b91f9d4c49352d425d7d42d0efa20f10120838e50a7ae

SHA512
b04b2c3aae28218d0833693dd137a3aff9c8c7a6bca82d57b2562a059c67712709a40ad202f51aaf447ca81755fce30c5284c9edec80863b9aa649a657e778e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36644d8113dc641f3a3636e5c88cc70e

SHA1
b198b88cdac4d6dc890b660930f2fb5d09e756f5

SHA256
3af6b8aa056db9d37c5e3648efdb3643cd6e18519a264f62a21dd25d143261d8

SHA512
2952f0247bbc31f33d20b9ca9b7b4e04a5fbdd0a7269f76a806cc102fd7bc6d90a4d884a12a731c38b71ea31749ecd9dbdfb9fbde1c2e840c37df30800af9d04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cdccf7c6aecd7f7e52d1b1c8322d0c5

SHA1
2a8b35cd4e8239d32bd0b23586ed6325455ac081

SHA256
4727a7a3463e99829f8a76dfbefba7160f02f100c0351bf6fa77ffdafcdd9fe4

SHA512
8a5340dbea434fbdd669314e968ba64ca51efb85f6acc726f8459e269b0fd88f8d9f8b0e8f69167c9f1da6bc46fda23c6736ecf294ecb87c44c3d13fe427b9f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bd9f66b3ea381b0b08a35ad929d4a10

SHA1
9f82f231ed35f64528b315ab26d9aba2cb2ba4d7

SHA256
e02d4ba40c0a8856f95a2ca78a09e917d94064b8a1ece523b86bc7396bfbb03a

SHA512
aaf4edaee97ec383cae2ce882524368d1e210bca5b4338c1d04096f5f83fdf71ee5f78746f9a8d47bf152ba25e4cd72d68efe0393b129688bb467898c8b47738

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D2E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7DDD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit