6195ddcf5424a4b964c0a22b83c58b4e35141ab499598316b532a1ba447dff09

Analysis

max time kernel
117s
max time network
134s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 20:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a225d63424fce49bcd811c75a212d090_JaffaCakes118.html
Size

4KB
MD5

a225d63424fce49bcd811c75a212d090
SHA1

3a30305dc838defbb8f7f85368d9c7371e10a2d7
SHA256

6195ddcf5424a4b964c0a22b83c58b4e35141ab499598316b532a1ba447dff09
SHA512

f74e194b3516acf6b06ce61ac73802ec4486ffdd0b9aef94809de2cebdade486296b741782d2063d5501bd0b1f8ed6f9cab6595d9745f8133b88c518ef3db6a0
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oBRerQbd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06ac1b204bdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD492C01-28F7-11EF-AAC6-46C1B5BE3FA8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007734754cbc8f7c311f24e02321f30bd0866eb65c3b0fc0ec6066b0188494da97000000000e800000000200002000000042db5240a372e7154a50e5a5298a9e9b56c5a9666afc8d600a0175d09598e9b52000000052bc024af06da9cff3979b1c51e2acf536a78c138079643e131217eadf8d495940000000e228c197aea25194569052dd6b85e46fd657efe2db9d60934afe54e898ffbf9180e588ad7abd10d1fb19edaff984fa254bb1e73ec4aa87aafc7ca567b8a27335	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000720f6e70a561cdc36668495d88d2ebdfb44310738f850944725cd728dd1e10c1000000000e800000000200002000000089b855c2d4500f26e9f2e83402da353e398914eb40e53aebd955a1c73f32774490000000654c6f8ab3bec65fd8d259bcc406f1613b393e31f848f205f33b9bf6c0a77b0567c6af1ce749aaf82348861463c33aeee32eb2ac2f9d69ce9c1989ca542373bef0dcdd8a65c9014705fe5d399c61a30a64eab9900acbabdaff2ff8adf5121bc93a143bee9598b63413836ce1af8461eb22eb1f882e54a40e7560fde0c89b2a9f081bae061185ddc7926070b9b504e07240000000fdefefb7f66c79397bc26ca3e499ab75b88ee5337f5984da773c167bf0341b91168bb903d5cf86ee4df82059980c450e37d91e47bafe81eee2caf074ca124bca	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424384919"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2352	IEXPLORE.EXE
2352	IEXPLORE.EXE
2352	IEXPLORE.EXE
2352	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2352	2420	iexplore.exe	28
PID 2420 wrote to memory of 2352	2420	iexplore.exe	28
PID 2420 wrote to memory of 2352	2420	iexplore.exe	28
PID 2420 wrote to memory of 2352	2420	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a225d63424fce49bcd811c75a212d090_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1be3ceda802926ec788bb81658cebdae

SHA1
28eb7937d2fb0528379b0a4861c604e4af0d8717

SHA256
9eb82cd30eb3cf2d5b93cb81016aec8547e4c81dfd77a90483e077976be77d7c

SHA512
76815f3b5db933935f42d2f6400661515136097af6e1ecd0bd82e4c65f24eb191383e60a7423c3a8a5a98999fa4bbd612493fcbd63120341414755546042b7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58d929f676e9bf8a8f523f21b2cc6572

SHA1
8fd5b78f13ba5a396bb07c10f6ba600f11e55e69

SHA256
cfa58296a8b1ea5c7c6b744bc6bdaf6a33c2ea7af7e433b391faa6c6587f8ea8

SHA512
bfc46a6e087f75a963c940083922709c7be97fcd4221bc2c9243c9574ca6a98ec113e6daad015a112b31f13081a16cc97b638207e424cef9e4e8a2c3a2b71259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a3c52c2cbd469deb7354d8475ac7b29

SHA1
8a0ccd443421ac4262103d777e70647725c47b00

SHA256
29a28aaec1ae7d6e22d8f4ae8349ecc697561e2e15cac86978dd62b73d4f1500

SHA512
b7902451d835a2011b0963a52bd8cc5a744189de2d359d79125c96b4c79800c3f4acf2b10173c055691dac3810a3eb4068c2cc4ed4f878cdd056103f52f5e360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2a66b305d78f6b6a0e9a11d38ef410f

SHA1
a010e41ae400e98b64e44b2f2faa6f39af324f5f

SHA256
ee288872a2e966a7ca4bb5b574a2fd940b13ee3723323553cc3c90a466cee12f

SHA512
b9c01121017c5051ca9f03eec503ab3562615064a3b971c775fd6ef3a1d3a12de7c5eec60a72585b0b46933f7a3351dcd77f78a116e8b8629a6f6dbce8b90ee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67f847463f78563c82d0a4841aad3cd7

SHA1
8456b3f376828c10aa27163d13b2ee4c4c313bb0

SHA256
38e87c9a4b5ac8f337310b227f1fd9f05dca372e073ef9e49d0459e898d4794b

SHA512
b014609646959d12885d786b9e65f3bed94aa496b7f8e831c548ad7726858bfabdd38a5048b68b5b2eb4c02b559e9755a7fb95223a2ad718934ea24cfcc4212a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c2757547b51695330d07ed3be906f7e

SHA1
ae9069054d92d0290c1fa39ef2d2cbd3b8eee3f4

SHA256
8e7aa8a4ff5b8f693836e184d23236996580d6b6dbe8b6c4d6c28d1285921c20

SHA512
00e08d3c9d87267904c0be5c89327f1b0c7ce5783b1438dead7cba33388191ffff77f693b686cd7721bf43bd67fdeff48bc134b2c671b09ef4c6404192cd77a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d78b208891a0450ea7a26f28c1b37bac

SHA1
5f31c7fe230f824400e45ce912e5fa1e220e7cad

SHA256
11f53eaed7fac5d652a18aaba18d9eaee17bfaa4faeebc302d0c82c3a2295743

SHA512
c9647307144ccae6cc93b85adc15c02e8128a70e5588a53262845b8427ae689668e40aab930e5c3ab9b3a1d9d4c4aedb8475cb4f599b1586f44e30a1a100faa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfb9054ea26ee1f7e9d197129fb7fc10

SHA1
6a54bbcb82ea616bb926d41f92b6440a9dd5eeb4

SHA256
c5f04a06ee3f38f5db769bf381a3fb8548a887fc3e2539fb71409e5b163c22f0

SHA512
212f819b370f880675e2ecd9f47d8fd415135d67f4dc90fab8b77c30d535752549abcf52ab58880fcac05f12a3d799200701ac3e7dde985e73284ed1175d580d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d870928c4a66b13627f4530ee3d4c496

SHA1
85c09420239e809204ec34cf1d475050ac4e3af4

SHA256
0cf81bc29a223d5a0670f3d758aaeedb57d177fdfb27ff2db2ffde943778fbea

SHA512
cd9dab1f364368947c7c95c06b2accf2239a772d0a5b3c5b3d0cbda1af5984bc9bf6cea3d95668e2ebea03b4983f4f8c50b1ccb37544790d21c25b752548d44a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7857de0f0906f55432b0739f3a130a6d

SHA1
b34db953a78912548949b3f13eb9979fe0ad6da9

SHA256
e2d12737b92bfdeb7d959e48be0467dd6b50068e729baba0a8ab54adf1419786

SHA512
7892f93ef8804c8ada401cd383c2e1ffc2048b81cfa2842ca47b0e9d76696127450bbd10ec411019bb298907e99e38b2467e0675ef91e8f4337275062c972709

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fb0d9ea5b05d050bd6d020024c7f4db

SHA1
05f469df39eb1ad923344940f856fa9a5fb75ed8

SHA256
3435b56e748ca73fce8c9b3aed30a56f02a1b8d05f7771ee9de3bea23837e118

SHA512
6bd5e0bf2d538f35e7f3d6c24f898b0e24c527545cb848dbc5ac6756646a8880957edb1dee2dc3b41de3bfccfc89b148d88cb0407dcb0761157c6a37d025cf45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1996d9f0c9c85f3b7848c0cf2e0c9040

SHA1
94b581dbd9a256e40ed88da026d7b885d8ea25ff

SHA256
8a03cc45d5244047253a422d7c3a3ca283f706de6934ad7ad8eb111714f60be9

SHA512
0ec6d9da7abc95723bdf0090a8c5aaa2a707cc2f3979404b507c5a5a8df74dab255e91a5dca8e4102449e2227fada39a15f1cd35e6025ee075fd0c3269816332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f49bdd60f43decf2305e8ea91095bca

SHA1
2937629e4803ed39fbd024c18717cc59573bab92

SHA256
a8a3d76524c140dcdc40e6896fb2d9a46b04551d6d138e4cf5f4a31c2aa73fc3

SHA512
0b81b0e3b0976e234ce02211bfdd5251d5dac5c85871ad698128f509d913750d41a9c568dfc637ae5d9f4905feb6e6846347d2d6ebc6d760225623739e7111d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0fc913b36500a9f5c94b65c1a6b203f

SHA1
a78ccf41ec1e23edc24602dda913dc5964fc86f2

SHA256
c9dbbd5a763bb652fa33a77bf7fb730ee3068bdbaa0fd09aa6ae983d40e41559

SHA512
bb0ab0a41fe812c8b38863d01129288b90accaaaeda4872bccf63411994eaea038d4ba50805af7e658375bcea8f221533912ef04fb2928ae9b53311c94f9999b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7B4B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7BCB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit