0ab87e4a47e6b230aff5e5aba7c8d3ad68e2766610828572e69ce1ea52818502

Analysis

max time kernel
137s
max time network
146s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a350a2e780349325f917db790c82a306_JaffaCakes118.html
Size

62KB
MD5

a350a2e780349325f917db790c82a306
SHA1

8200e640dd084445575ca4b29e83738e30a03d16
SHA256

0ab87e4a47e6b230aff5e5aba7c8d3ad68e2766610828572e69ce1ea52818502
SHA512

1396de2588cab359bfa802008e581ace1828b5516989ded325112621e73eb800f1de0608ef92b8f295e07644e2ff0e33d5055f9f0a521f054c83bdc0a7a7a193
SSDEEP

768:JiLmgcMYUcXGeCSXuhnXuWXXIYoTyZCZkoTnMdtbBnfBgN8/uQcc8QFVG8sP/Ij7:JU2R1Tbec0tbrgamchNnWC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b6a334a89d8fe74ddf876d5f743b7d5523c63d24a589cf41c78f6db4308dbd08000000000e8000000002000020000000c388f179164936d9f0e56a22b14f47397a233cf2b90e8fe1e75ec094a588857c900000000d22d37c0329a7a2cfd98b936ff891667964d90f0b2b5f09c3e0e6e533333c3d0c7ff142871182961744b8c20b0d83d966df189c9914e6ec4b90cc0fb8d7f76b683ff751cc1eecbf052cd310eb853b568e547b501547edb33f4e043ae76fc45a25583fcd6b45d9d60b8caa10632b3b56de702cdf04fc60ca8c040f4d0e8aca3434ceaaa165eba806f25f53a54faec5a2400000003403fedf724e1a13730e1015b98c0c727fd83430532762175687e36ae8b53056c19a9a34056feb38cf64c9fefa4a797c8d99a6194c437e9ae04e861126dbfe1a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403106"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000cbf18cfccfcc4f5f08139b988cd4f3f40a4c57d0dae3313a70fb8272f016eed5000000000e800000000200002000000057c97eea60986c95f3812565fab0150873150795c8935a4f8e110c787ffc77f4200000002690da439daa6c7fd4f5f11972a0dbbccbbf9cbdcea00874d23f187888a825b8400000002dd680c57b30a49439405bd84865ce454a3b951f8368c8d45e434f530b934b58e0e5eb24a19cfa648788c5e411ef69d47f46e5f760816254c771e3f9e2e4df6c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308a360a2fbdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34BB74F1-2922-11EF-9E55-E6415F422194} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1440	iexplore.exe
1440	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2840	1440	iexplore.exe	28
PID 1440 wrote to memory of 2840	1440	iexplore.exe	28
PID 1440 wrote to memory of 2840	1440	iexplore.exe	28
PID 1440 wrote to memory of 2840	1440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a350a2e780349325f917db790c82a306_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79f8af217b7d7f131551a59c858189db

SHA1
9280a501199f21053c0ab65d273d529f9d9a3bfa

SHA256
3cf4c40f63966d7105cca26cc0321e5156be9b4fa17c10097e7cd579f78cd27d

SHA512
d7bc636f16d463ef35dc6c2f865f54af2acd3672e1df385f94b1732eb73c535646273fc4cfe93c3b4dda89c4ec86b2a3095d859707d8a22fc5743d22ccdef6df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18ecf5f5187f548407685ccc77d58f60

SHA1
428b34a757a01942f315829526d8c83480137495

SHA256
0fa6277a3147bd6f29e2dd61638854e0dd067988d2311cb9c82c16d739bb0e55

SHA512
4dd8a4a399c8e27cd89b9e0e278032815e09c8601a08c140bfee3be2e73930fb3ba0f8ea2247e16809d08670c86b3e2102636ca18f52d6a46f637a304f4782b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a1fa8d29b97d41f3dedc4a16df60b78

SHA1
952ad901a70df7b75a07b7e1ab809199a8e95035

SHA256
e3531b7b7cfe8334caeb8c51422ddd738603dc50ecdc8b1422fbcb3abda049d0

SHA512
ad9bc02140bddd8ddbb6d3906dc290c7350bffc73cc4be45579ebff06c160ba816eaef11658fbfa675f6d46d8922238123c57e19a853d0bc2fadebdd4a038c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9151623288d7c078a4f9a371a8adadc

SHA1
d3642c9a9cd57aeac372fb1aa33edb2641f6c334

SHA256
679c30d0498ca6e092468ab151c2210051e95ec1ddae01c2acc03bc665ac8675

SHA512
ff8bfafb802b0414426b234a908dd63a6380ab586c1c37d0e6d0ecbe0689e1d0e32bb3a2cf052558ff6821a451be201f854e3fdd53c831c148df71b7d20e8434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
760a15998fa788c551d5ea935750b101

SHA1
3336e89ea968382eaaa0aab9f059969f224c8aaf

SHA256
e6e56559f0304acebcf9ab619206cc6d39968fcb930363f74566c4c5caf852ea

SHA512
98b77bc59c3018cdccf15f0ebd65a6a2a752f4c50ed5aa6f5567d226f30be5b7ea1dfb22bd32c823767b169fff0eaf7d2aaea4a702e1126ca660312a6dd81118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c564592a63fb388e8983afcae340449c

SHA1
0d50b6adf905880aac250a1630755df1dcce9f7a

SHA256
e6debf480a4e224066bc7aa08d44f958c97e6a0d7408fc9ea2785dfdda788c4b

SHA512
32fb89b36693e6b804c196c4494cf77aa80cae2e9d443efe3db56110b0509596e32d610bb58335ef65b8c764fbf54a77c16f92c75c3eb4a215fbaa94cae9e10a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d6ba7efd9d336c0f3b23a8c06eec11a

SHA1
607853b8c9a53b7ed3741d92595af0d64770a3ac

SHA256
d2c3a9b228189221abd27c79bf5d4adf778ea142c7a79ce8d5af04ea76b35411

SHA512
b1017504a68ab4c67e4929fbf8eeb64e932beab89591f5a3acab31f4c41f36bf7125fb9b3fb3bd9519581be970507e2b08d11bf8e3a9e134f70143e0986a351e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53308e3ff3410a5bed94de5ec0136492

SHA1
2a18295686b579fc81380648ea06dd8d7e78285e

SHA256
8483a8c18da8a6cb7e76b7f4192df42d3ef23f41376d65eaa498b8aa11afd2af

SHA512
73c0b7779557b6cc29006f9ec5ba9d9d076f4046ba7503af5b0191e793a521813b7492c4cb0bddb1dcf080c16a844256aec8ca1d03b840b752ad7099fae9e75f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
549460d65a8865e4f624ce6abdade703

SHA1
a3abbbca91bb08028abeacbc087b2f89834d1cd6

SHA256
0b4da7e84e8821272f2f085e9af1f4346c5f4c901580b5a052daddd4c3960f65

SHA512
4e652872241513f3e1f3fe9fa79247821b3baf1cdddba2a04bae70a5a63718236ce806e2dd36bcf9b75cc90fdff64104edd74625555c97072106b11d44c2d8ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8e3f5c0281b7f826e88ad855698a64d

SHA1
51e9d1fceeca5f362328f1a6fa9db68ae1119565

SHA256
cb62d8418166e14dcee641e3e7bcfe0ba1810875d793b5aace7e311252916822

SHA512
183922607e0d04c654f01afe40b598e66a75aef954e9797c3f9e873e9805286c2d149c5da6324a1919681be6b5730283b02dea5a026905140200fb4b9e852fff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fea3fa58d7fcc5a134c16112bcb9678d

SHA1
92d97139e5b91f69ed8237df764efaa03e6a0342

SHA256
1c9612c7a2d31ed6b4d12a220c916e83645ab51ff4086d5f4a6571470244f807

SHA512
94d6dd0492b2c26d8908a2b1c6b32d38d1a20f20da847508a3914f7d4cbf74cf1a8006a4d71191081144b85f25a285a876508044bf03f450b68dbb8824a64b17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38dd2887917c7c80f323d44d8a0953aa

SHA1
4997ba1272fa0f968e1067de0387aee45e83c021

SHA256
ee925a45a0c6d685b695f3bd553a7a92a4b04f7b1e639f41b0cfd5dc66486b18

SHA512
0366b4c8f9f38d29c6005da62f0f544915b6c27d88875e678d801684b29ed45576dbaa3e94ccbb3e50973243e0dfa5059546861bbd55740394e3e9e6d4252da9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5450c08c82d9762e11889435f840e93c

SHA1
6cf148dcc0e9e38bc17c685add04f5ea16bfd5ab

SHA256
e652b93eb3fbfd8c0049c6100fd4c01ace5f67443261dc9f06800cd24c918e58

SHA512
3a2d1824c7d8271272b2f1f302753f8d3c00b7bd7b0db5827f25b63418b4cbc47d0f9f619ac94e104816e978893fe533e9e16766af171166a10550e1dc6501ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
666bc69c5698c66d62da80a3c4678560

SHA1
8d8cb2f2e0e6ecd4c486eef5286dca24f13a60a9

SHA256
6b69a195db104d91bae9926d197275101b37b9e75c2fe692bfb0dc043cd358e2

SHA512
a50d7c60ef7da2b1e81358d67b1b7f4d8ac0a60e8a554d1075831594ab57713c7be6dfbdd9d8bd1cc58d6593b48c81eeb30e33a3b15d88bc61166cd1948403de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
937bd4368d6085fac5b807a45fc256e3

SHA1
2b029f5a94cffbe010314da399f77731bf7ca7aa

SHA256
4ef7285cbd514303e1c565e2ffd03a05e2fffd14724f00ed72821004a5168be3

SHA512
641abf888ed5b90ae99b38fd9ed44c10a49e787d5e84cb079bba7bd11917b5950df1b0bc1d0b9f96bb8ba2c7bcd2609a6b45cafc40269b02d349ed4efadc027f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8AF4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8BA3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit