0f1f9cd644c64b0ca0f64b5708b39c07c3d6f66b7fcec0fa10ef420a4865f2af

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1f67931d667478966f385a5cb8ada41_JaffaCakes118.html
Size

32KB
MD5

a1f67931d667478966f385a5cb8ada41
SHA1

750398660270e418abb531e7c50424e23156bafb
SHA256

0f1f9cd644c64b0ca0f64b5708b39c07c3d6f66b7fcec0fa10ef420a4865f2af
SHA512

7afa9ca77e72dd92ffb613cdeca9142fa52b4c88420959d52908842f7a30328695adba1691a53a7ff4ffbfe8b93d499f1ded7c7e6a8915643e011d431d43c33e
SSDEEP

768:McYuWx9Li6Eq2m/8xYB4nZo6dj29Va75Dp76:Mc29Li6Epm/8xYB4nZpdj29Va7Zk

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dfc4246400cbde4da737703ab6c0e87e00000000020000000000106600000001000020000000a511472a8566f9e33db259902a3522e58371b32c457fa8d76e655487a6425454000000000e8000000002000020000000f13358ac4599d9fbcaf19d87a150a3646c48370c561d9874799f7aff7a5ee4d420000000af33a10e6046ab2f6b5ec777152d516278a2eccc6d6e88e6d7f26afc88d1a7c7400000009ef01011711d4e8281bfebf94f000a3282013a141ab119c51f22290233d11fe689a89038fc1bad7a535dc4da3d13656cc17b2aed62f53a84169a05a9bf0e72cd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 305921ebfdbcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{169A21A1-28F1-11EF-AD30-660F20EB2E2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dfc4246400cbde4da737703ab6c0e87e000000000200000000001066000000010000200000001df734baf5741d0d17433a73f0021e7092d55df3844ebcb7c0daa89fd86a256a000000000e800000000200002000000074969cff816190aac59b9b642e546c7595f6be9341e9a04e95693096f509df399000000053e2b73614fdca014070df0f28fb352608d14a5009ab453c58842a219eb90dbbfa38ef537cb137f74882d081c73eaf8c9af7cb07f3ed28f127c49e9096a2b078e065bc213246cac2332f7981c4e8aa3ba3c496b8ceb6fe88f3028889238da077ce9ad99b1e53e45119065080277b3461544ca0c403418e9890cb490e4e4b975be19c6dbdc1bbf739a18fa7a9fc0902ad40000000aae264e58115095a2b720783b7b7b315ecd218aeee56896258ec15f96f43332242c5ff23a28b1b855aec28e5a8e6466cff585c8e4804dc63d47a439ff0168396	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424382008"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2028	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2028	iexplore.exe
2028	iexplore.exe
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2968	2028	iexplore.exe	28
PID 2028 wrote to memory of 2968	2028	iexplore.exe	28
PID 2028 wrote to memory of 2968	2028	iexplore.exe	28
PID 2028 wrote to memory of 2968	2028	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1f67931d667478966f385a5cb8ada41_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ee4103f9247df1007d756399779778f

SHA1
f8c9a4edb993dc0abbae4b6fec4a43aaa31e73dc

SHA256
cd2c8ac9af9699ac2445ff1a05bd552af98ead412fe23c6cc38dae2e0f7472f4

SHA512
60d5849b60f146d7541eb79f03df5467a19737b891777d61e78425ffc28eae5fabe81c53750eb3ce4d75909898496d1e3c8dbb433acdba7959e99e3e3842f929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70f9ce44f11dcb87f7a760fbe84aefad

SHA1
3d423b29225a4e5a3462a8ff6cb84d2d1b897e1b

SHA256
ef6047a6ddfcdf9a6228d485619ce64ae79d0ac80a2d124cd42fe8e8b632ed28

SHA512
998d9e5c8c5935555d1d51587faf864f1ce04212f7b6c39b4923cf35c2bef64475f881aac1d1876b2d99cf5a86d3dd7be353b4fcc88abfd6060396fe0850112c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21d6ddc6d4db40fb6df10a25acb07018

SHA1
3bd26e2d4cf64873e1f413a1dd042bab142f56f6

SHA256
ffd00a0eeeba4edcd183fc1bed15406d19f9f3daa055df8bf7b9242edf46c9d9

SHA512
62e8c4d72b7f05c4d3a1bcdab709edde35563303171d4a1320d1de48222344bd7debe5c13629909a5183493613bdd0466e152d0e4c4978c8dcdd068dab8c043f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64ee0bffb63bbedf2b7739d14c4dcfae

SHA1
ce27504cc38e03638ed419b553a921e98661db49

SHA256
ee802794d920a92b6bfd1913e0dd40cf47d06ba7bc121317c755a50e4b1761f2

SHA512
030edbc6be3ea3c77ad40871194b633358dd50df81bb741cbbd69e0bce1bdf5576131fef626cc011b4fac8302b9f70bf479640818d9f06527adc139b7d0c1233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46bbd292e6b0b60dc3eff8cff69513dc

SHA1
7ca4656f87195174ce29f8f141c0a73cacd270af

SHA256
a32b571090d453cfcf0915131e0179770d351eb8a014a4996d3aeeb2b8273418

SHA512
dd4fc9f1355275c92965d53b23e846c4aea582509f30049e2a2ca9b862db4cd33c36485b6e05e91512d78a2ea5fdec152c1f2fefeb4f6428153380e5b44e45c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8001609f28b1ae92b23c19cc774c6bd

SHA1
ac684472ebdaf78fe9bb23b10f486d858608b1fd

SHA256
b21e34d32a8444be32d91b369cea10997d9d648bf45913ba094d751bb00fda58

SHA512
d438f580454f412d3d8c563e7d2b043d0f55d88e27f0bbe8b4d04d725d391a4a0c576226e7d7eddd13e52e43203f5eb32e3021b1add154462eb1b2214ad3aa73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d935c7d37bdfc873e13fa7eaaabaec6

SHA1
47980124d9175da5718a8858d6f2b3295b7a2fa2

SHA256
4fbc3e1f2187e9351d9f16ef6d7c6e75be16afa298d0b87966a2314e029039d7

SHA512
5ef23d00559eac5e9c5db725499c47f2579a1d12890713df1412585e3f2a2e1bc917dc3604018c9df1ca91bcfc45271a046ecabab61dd4c56b3ba2c83ab4bb6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14b3a9931faee22879f93aba705e6ca5

SHA1
314976dc66243eb369151676cc675026e4e02070

SHA256
7a3dec5dea9bb82f8f513cc568354244f39f5b8497df7b78233b59b93d3dd43c

SHA512
7f059e780bc2aa45519da89bd78196c12d38fa76476de695a7513c43a8cdf4abc44affe975350e594b02dcf2ce0b62bae5a580745ec5d00acae40a5e6fba146c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba1b1b4f2d2dbd7e8ac44df2026b3b5b

SHA1
88c7e73fd23e71a7141a7e137578efa4410ce659

SHA256
070d041a552c42e0d90699cd8af1b876b73b994981a8351addeef40ff04fbd8d

SHA512
ad8c6081eb25fa8c12c0cd0637e59093297eb408213bed0c9a936230173475ae8b24045de7a6ac45d6ccdc50873765cf5cf0da9df5b0ea56171b3f98134163b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bbc1d3f909438f81e548a82d1b2d04b

SHA1
061ea0ae3df61474b11b9d016f0e63f67d13c68c

SHA256
fe9e246f8a351864dcb71f7f613690b440c2ff1ad7a6b5e86a5cfd055314eca0

SHA512
fce117798ff46d001f72646c1e6b5c284e3a24d6bb746c14443da0bea8acc7effdb890741405aa50f57aef887c75ef1edfd22182d451b385e8400ce9f74768d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9377d4f7903a2af3980c6829f7c2062

SHA1
36812a4ce00ade12bfc9976c42fdd89d2227295d

SHA256
6393f0392973d151f5a12a2157530f850f5b430f54965a3a0cb501f8314a1ff4

SHA512
abe968f32373b0a9f0cbc79d0e1e01cc9b1e17da906236f236ed9f1e75ec0789ce12e8bbc2d206a4428c712e3bdc556203921788f0730e81b8c93ce9b79b47e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c64cb5ad372e0deb1cbcce45982096b4

SHA1
bc9cd1c7cd758124e6892a074d3514d15f98dcc7

SHA256
f786d70a0e7515ab5754203b731d8e4bfc99a0b52dbc517c7408de56f8cd20da

SHA512
61fef6de20516f8aee01b6caaa8fedc127c1d1a66757f615236290c46a9832019ef2adda899dd86ddc5f5af45b2d582e66bc60b87f8ba65dedf1a70a13f4b1f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3618fd2c5cc7687a968b40fb2ef94fc

SHA1
a65a573a3d195f3f72a50750ca073f0d24f6b159

SHA256
ffcce7a9cb4414d1454acac87fadca6aeedc79bb226b9b8967d81a7da90e182a

SHA512
aa684f2f6d5ce4c431b53d2d66c1b000af3520b927f554a37797396ae26bed49fd4c1a9327c3866342f7162b115a95045d2ab6d2f94dc7ce5665029dbf83e11e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8f1e491f49c4e1c08a14b005bb1cb76

SHA1
cc14861d69e54ce6a7537244b7e0700baf349ba9

SHA256
26c982cb37025de3ff4d2b74d49e193b689760550d702b3db1f33480840286a2

SHA512
d0071670501a1d6ce1e847f652c8c5e3b68eab3c947213a4cb60d989afcbdfc6e1520109defae1b8f680d589c1fc8d8d4307e60fc77c6443e1993cb14db90637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcf17f767fb508e6f865a006b3bac854

SHA1
0406f3c02d6dac2613d2353dceb7a7f3ba26f161

SHA256
8cf605f44ff981acc068ee59f3c99beae96c18f557683921b12be82f43a16e0f

SHA512
61b2f19dc47c0bbe8160533a070c8db7e7e3be0e7484fbcb746def9855630aa39273b410ba25b177e26db8f6c17bd8d1ed9d9013edecddbdedfd6271938d0326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7e7b84e98db103ae884f1d7bebb6dee

SHA1
7ee92cf63fb7be884968523410335be72a365cb9

SHA256
0416d53c5ae2fa6480d564256f9adc629c1a9d7889b378744fdd53a64dae1f58

SHA512
5ff3f92460f0b91f527637fee355a2fae918af97aea94e4a6fc80a8ba4fec2bad7683e32034baca3a1b70584561b20bbc514ddf76f934dd6ff66d60aa1d6b341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab397B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A2D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit