104d1bc6d8480dc578c7c4e46071459ab34a36a4543e01209964009fe4102628

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a311f7ce3921a03288ae0103a9a43f74_JaffaCakes118.html
Size

51KB
MD5

a311f7ce3921a03288ae0103a9a43f74
SHA1

3ebb7e6d1b2bd9e713f06892873a10b0d38e1d1d
SHA256

104d1bc6d8480dc578c7c4e46071459ab34a36a4543e01209964009fe4102628
SHA512

b854c6ab2dfc2c7234ac86a9e50e6e20acc39b52a43647f7110de877bd0a94d7efb9a99697087d1298241dfa54be35bd24c07adc325c581eaa3baf6e1d1acc2a
SSDEEP

768:SGYR49z3ZNh7YsxuaFvG/Es7nmu4eyTP9BzTJwLY6uwjg:SGl9bfisxu8kmu4eSPfiM6uwjg

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC0B2E51-2918-11EF-8156-CE03E2754020} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007851fc02c84eea55a6a2785288bab674e1236bc42657505755c9da0cd7f18f4b000000000e8000000002000020000000aa1a771369a54c627c0155186051df687d299f6060134b6977b265b0f02f0ef1900000002d143e4b41e772a87a9fba55fe5f41e5e43be7171c87238fedf00c6271f6b04a865ac32f66f9734be63d5e7b90db8d3eff9d3ba35b6722b3f48dabd93ec8d118a120cf34616d4706a348a0e8d795867b96473fffce32780ea9e2b6cee79ed7ba020ad71bd337900e9708ef5d2e67011965d861cb909193eab4c830947b2ff0a1ab4ddd025ff78ddf9384fefe81de1f8140000000f442eac0467317cd3ccc0b9d7631e1c95ab0fac56684cf3348a0ead7563cf9c463796a9e68070e6c2eaf96d599e0566d095478a5bf95b129e9ef253ae00e8c20	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424399037"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50eb509125bdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ccb6c82f04c1911aad0f43edb6f78aecab890f4f5b3643e7c8e35ba2ec9ecb27000000000e8000000002000020000000c2a725e78e350e34b81ac445f2754ee6d7e7f9c4cd91e97f6234bdc687643c102000000068623cb92c4c9f0b0daeaac90040c252cf77d8a57018f4b807a40a48806532f240000000aa5dab0c9b537f45a26ebac9ff7f42fb30a6a60b9e9953ee2b3ef20aa40db5e252f3388b3fedc51d75ca83f832c162061691a6166e22cfec6de2c80e9a40d773	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2236	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2236	iexplore.exe
2236	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2056	2236	iexplore.exe	28
PID 2236 wrote to memory of 2056	2236	iexplore.exe	28
PID 2236 wrote to memory of 2056	2236	iexplore.exe	28
PID 2236 wrote to memory of 2056	2236	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a311f7ce3921a03288ae0103a9a43f74_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b0182e3f3afb72dfa597c8a69e552ed

SHA1
e5c86c5c26e4b220f0737f21a4af745232683f2a

SHA256
a6396ea57a98643e3db718c977cf0b4d47916e6aadfb05f24bcbcb56687cf89f

SHA512
8ab17f5cff0bbeead9b0abf33f08dad2d728141c75025704ee0654fcfa43e95872e81b1b6e96a3a6d9010d1f321b4d36e5bef1939031dc259e78b08552a8bfee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41c147fb90345c97edebedd41cdce3d6

SHA1
eb290e0c642a7cf7a6debe032ef0bc240509bffb

SHA256
2fef1487f8f8a95bfa073954d4ce940c397b0ac67a2be10d096e02c8e43088b9

SHA512
3145f417271244e2ab45271bc48259868ad3930071962b594f9ac7cfa81fc09b465b5bd6602e3f4e98f7c1673cfce32c29acbfab1ce10f7125ad84fe3d6356d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da8a60dcc334536aa4e5480fc2083353

SHA1
6b97683f9e74c6e25916f11291f61eccd9b7a422

SHA256
15b62841b89baed6e51ed118eb1f1900b38827287762843ea2723caff36f0b0e

SHA512
73ad9d64f48757583d0c6f698055ea27b08a0f739c47e935c5ca78003bf90848e54916ac81c7744431f02526aed0c74451658ba914689752113a207e6233fb84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e245802277caf279ed6d0390c9037ca

SHA1
b58fd085f4d34e652709b29c3787ba52f1040153

SHA256
9d4f575b69822f4ae17129090caaceadf8cb40f3536f5d82b8153420f57ed14a

SHA512
94af984801363ae125d351c01a95ec604e255c5153cbd97b9d974a5e845fdbc7018dd52a32d958d237f050ad3374033acd4e0e3657804bd73ac1d8ff64bb1812

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a295baed0b4bf2fdcba09a5ed86a038

SHA1
3abedf13170f54d12817335ab0f244b145c38b1a

SHA256
2d0f6621e6fce87d3ce0bb13a80961a53daf4c72c4aac1e639a1c0f3d5b174f1

SHA512
1e9ff89432d8276b0af9782b076e3b6612367a471713ea4f3048eef948427c9ddf46075e4158df2a0cc75db02686770667c60e4ae5bb965d5b4e0f7f53a5afe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0464de61073f9f88c6414859b6c1c36c

SHA1
6a0b64bad438a4b17f86cc95ff4933993f51d3db

SHA256
7e82b7d15abb17d34bb4dc998753b296be0fe81456fcb82b8d3e86fcee4c2ab3

SHA512
8a713e68ad2d10d4c9129f4378a673606779b98902e2a9573f2bcf5bc50df7b6d56e23eb4d91f29a5fb65bbdf13a597d7b70c0bcc9dc38e15acf977bdba25740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe753a4d7296cc305eb77ffcf5fe0f9f

SHA1
d214860630d4c7d5dc2e32dd220e85c88297536f

SHA256
5d162bfd08c45e7b0676f9de8ad8c79e71ca3a4e52a8fee70e568ee6bd30a56a

SHA512
6cfed9b6365546e682cdd2f43954d307854a894bd50cd5b8fef05b25d81a2810aa844e51fd51ac7aabeadc9c0dd09b5229398a4089dd041c993a96b543ac57c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e654b2ddca13858ad8f4288a6b58037

SHA1
e7360ed225f38afd64c930ab3db6d4ed75b90fac

SHA256
f7187a74e783d88106f86c8cf998c86149d269c34952cce759a87b76b4630b50

SHA512
1ac6d29aef070c2349f44f5db3fa4310bada02c01a6db2516307a1555e43a4db5f26753af85c122dd04b8affd73448f06460591837aeca5dea01b7c034069a97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6713a0bcdf9d5f9f594bc2230a350dc

SHA1
9dc601f155a057161594a156d625b33051543b3d

SHA256
27a112626155b895e291d7121be9861e8f76b7217ff472f0c7863694dc3a8855

SHA512
da1448d2d7af18b1a40eb85d5b86fd1f90498f7ec66254c83d74c9b3303958f867c205e3381c552ee1bd4c843e59f7bf19567e0a62df18f594f3db1e30bccb89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e7aa53be4bc83a94d7d535ae25e689

SHA1
f4181bb31a73e46757432ad943001ebd6aad92da

SHA256
a5c0f0b0a035cb42a82d9d146331bed505de30fed483801742be8515c3d8f954

SHA512
4d2cf222b2a885ee4857f58524a009bb289cc99e5caa45e89de6874a6ab741a4c966d2b01236eed17a33b61260e6d2f4e7656c9cc88f695f8afae07012d09420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f453df9b5788ad9bf0514af1b209b4c

SHA1
231610553d6d83db4cf8b20006db765d00ca3952

SHA256
09d99c2eb79a7fa75f1bf8d1a0c2753fae2add86b95125409d593cf2fa1c3172

SHA512
c8f22f973e4bb39fad420e1a3723c9ca6b78c01e6c782d59f85bc72fe6e4a258b68eea8e5d268971a72c53427b4734cae58deff319a43e622905a9246b16ff08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a53b6e47fcb4daa0670d167215576d

SHA1
19f1dd1105e7ff73cb626a3fff115ea5af78674e

SHA256
9a4feee1d856316f4d8b6d333fb85b3294440601acc0fc084ca47c23f0dc821d

SHA512
c2c6c9cef5faea9761f3aab744596551d4f06e69a1d61e5dd01e6854c8d288428b2a3ed135989d80ad1c1a5227b910209c2cbba61b17b700176fc130f87fd231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ba2d77279044044a47b256b6da2dca9

SHA1
2f826d9af55bf0749a7a84474f5a0fd6bb0e12dc

SHA256
fd1aab3ad5e94b80befd2d7f12b8dbb94282a6b2f0247364e5701e2babab59a0

SHA512
c641385be494d31dcb2e2e9494f97e2c0bc804052f481e533174f0d36ac13833a84307eba930d0c5517815b6b3f676d508c81227c31007b33792ac7a5b57a4b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed2e2583cfaf8c5454799316e6092f43

SHA1
95d406496dcf6afcc01bbc0d3b7fc1469cd1bc9b

SHA256
d63cc0a7324c8ea442d517207b70d3169d9fdd9d994621d6f57255ac2eaf0390

SHA512
2f4cbf8684177b51a3a1aaa76632e03f06afa7205a8a1957bc7135915bc5215e1f5e9e082f7a171da12f0175142b9aed0926e151f4af8698e22c3cd89db0be74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
194e82ae60038613a7ce48f657959420

SHA1
960f4bd7d19390acd318cab126129e06bec8c651

SHA256
0e10acd4ea8703a524bec370dabfb4880731be6d6807d331197c438bc5f7adbd

SHA512
9754dd87de90187622191e332c4392c7c754c11313ea8589f3296b6bc748582142ec1b0ae7aa26e48492c3fbdd2052633ae1ff3ea948897fee16b0eb67858122

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB628.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB6C7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit