2b3b842619b27a0c8ced558242e8bf1fd610ff1bb65501ae47e4c19f9288ae0c

Analysis

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a40ae2cfb793145194753ee78465ae8d_JaffaCakes118.html
Size

884B
MD5

a40ae2cfb793145194753ee78465ae8d
SHA1

e9f17f019e4c90edaf781a561620e25e0c755402
SHA256

2b3b842619b27a0c8ced558242e8bf1fd610ff1bb65501ae47e4c19f9288ae0c
SHA512

c2670f2beb2fc5bfbc2ab6ab19fd10df8f8e1e48feaee4dc0d264fedf19c6c4ba9a7ac7a462fe8f721229f24ad86b73f70abb5aa6a569637100328184e610c89

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a49cd054bdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007a2050f35e7978f6a51465981a2f7453024c930dd561be395c4f572056b3e10a000000000e8000000002000020000000782f8c2df207d6e507ee6b81ef7a74f28a05acae442d5aa9871c3025811c7f16200000000c7289474c5ba56c08bc48967e1c60e22afaf6c4371d3d26d5cba455596bbacd400000005b70f2a163e187b4268153370db330bcb1cd931c9c2bbab9071dd19d0bb22bbd647c0c0d2546101f9a6f11a293e66b170149765d49c754a9b83224cfbedbed62	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FAD8E531-2947-11EF-A8D3-D2DB9F9EC2A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424419330"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a09f2e7f1d17faefc4fd560a762c98c2da234e69a219abd1bc661dbc715f6e22000000000e8000000002000020000000329f786c8548a54f8ddc4196c05ce19b4cd2b1d9bb8dca10d0f5f1f318be7de390000000161b2043e3da882c1eb46321c08d4de494924b775c8549fc78a71d2aeb9adf931b5a77835d0a98f3c0cae1108f60af531e14e3d9828331a3c1b43744415d8ebf29a63ddb13fd596e2ee355718b15a114b1a76d7e54e3012a832ba5e62e566585be82de3db354623a27514ff6f94a6d309291a8b8cee0c72c18a952c00e938407fdcaf4af384d1e75edffb6a6ceaa15e64000000054bf43262519e7efbb6005f16f14827834b3d1cb7297d2e207a1f27875f28ef27b2fcff52cde490c1ea9b4d8958c7ddbf8129b327d279503f6296aa35cfdc8ff	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2192	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2064	2192	iexplore.exe	28
PID 2192 wrote to memory of 2064	2192	iexplore.exe	28
PID 2192 wrote to memory of 2064	2192	iexplore.exe	28
PID 2192 wrote to memory of 2064	2192	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a40ae2cfb793145194753ee78465ae8d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b52d3356d1b6128235f7dd022ee3291

SHA1
259e84c57f7077bf8867e69129090ee70bc621e6

SHA256
61a35bae2bfff427748692162b86ae76137691583bb363c4bc5bb67247fdd539

SHA512
9ce9d29ccb1f0ba651d02cbd2e7bdff67c46009c362bcba6848b09d32ef20c7d1bfffca79f1427f8da2bbc19ab2d3b0182210fb64a567fb92b5b26052b85067a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9a89a042b1e1fde223a1f6244bef895

SHA1
651c645b6ca9b79651f36fd24644789f507c4a4b

SHA256
2c2a91d03eadb47632bf0fe064ee27aa8ec77600412f9393a482d08104114d3d

SHA512
843d90b3ce4a883d654fe1717f531587c05f2b08d2a5b17fcdd0f87d139721198f2d9cd78cd575e7cefbb930fa4dd89d2197e6facfa03dab1a42286cead59583

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5257df8d5ec4b5c9f1a1b397dd478ac4

SHA1
07d231721fd9ff3882b855778befc2808eccecd7

SHA256
d1665e4296bc2be71ad57a3944cefcfc9cb55fb1e77d5928ca043fe8e4fb556c

SHA512
b4fa269e6e74c91186cb6927df926d3cecedc23342f0bf5f2c8aa5c4d8520104797d59d0066c57e15bb5d920895cd76963b186b46fefd0692f5f4d9090226a9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04a955d5a2fe9ae531da6266ceeb8875

SHA1
3563936a89a96edd8bb15bf6d4903ffe060a9c33

SHA256
9aae314c425ebbf3555c50e1c0d61964983c4681afa543fd52252babf1896d40

SHA512
a1f2e0313f5f92392ec2f700dfb87932d6e3f9f838509faa0f01fb99abaa51d1a4ee37dd5f53d96974edf41501918b9bdf0d8766c3f621443a099a4f7fb2c304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
192594c70f7c37c26cd000924434518b

SHA1
586bcc18915fdaafceca461aeccdc362f4a2614e

SHA256
409a5e8f3b5024776a8c6ec0ac33103da64c37759e6c2a215fc1286d5db76df9

SHA512
45a95327869917525cf46506cefd284a10515922d84d87c13e0489cd62acadf2872e8fbccffb24afb06f6f1bd116cc050c37432756e2bde9ef62b6622f908c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3734a6a195d1a925b27f97778c58d1b5

SHA1
6b16a281044d2904b2803b5fb2bbf5a1bf0d5d08

SHA256
1426b1a6da80a63fc7fce89b06ff8fa44911d89235783906405bdbce063476cc

SHA512
e40fd0dbe9f2ed48f7672c75ee994a64648843154620d2e88269ee88ba0ca242df33012d24e7bddb73a773cf7be555c12bc4ec02d195c135c222013316871dfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f4d88d56c6e54c55d2a6a6e9ab1298b

SHA1
9f084f2cffbcb057b47a39b0186c580bac442ef4

SHA256
21ec04173d61a8e08931e56d52430bd8172f5673fe74105ec2766eb6d317e2dd

SHA512
95f108200059fd1a35b29827dbc0085c9c62f96bf499b1224ea347136bae8339ef0d5ea11082259c3de68b4500c15b049e56405dde6dc9427bfa03ac31c20f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a18204cf5d80aa2e86b8fe1c6367879f

SHA1
56b69923e83ba37a03e83e748b87c19b3d501d10

SHA256
c0f305fc242959a1864315a9a720da4ac7d29875dc32f7f58ff373b5842b925a

SHA512
fcc2682cd3275d84b699467d1c759cc846ed2cd50327ac690d264e583df9a433730c36aab87e658aea94bdf88527ffe277e7f935a6df05cd87d7d9b01d3bfd69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e46cfab4ae3dbc8641bff4f1d9597eef

SHA1
90f2c0c1e855b97da3581f47a882345220042a78

SHA256
f5335915eee7d3ded435ffcd9c2b19badc4b55e2cf562ae3de0687d2e33f1512

SHA512
61f1fabdbb9034a8bdbf5cdbffa14768b7beaf5510557a93654f0af53bca616db4c564428f2e3dc9c57b724b58deeeaf053e3434d476cfab56de126303516483

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6366551c22317fe02cecf01fe05a79bd

SHA1
a4be360cee153e1c9d744471943495451a8aae91

SHA256
eac9041181b9cf5beb31c7fc6d095681695b4b157c4ed58e206f874521f5ca3f

SHA512
34374c6c78f8d13e1f91547f79342a1f433488806de9633b2c3c7ed7501819a9bf5b9d0e001927a86654944adb2dbadf55d9fa7970bbd41d4422e47eee2f3822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
456fb9132fa806e5fca768f3e5add891

SHA1
9887296beed7027bcb8996633dd59788dff5ac04

SHA256
9dfeaf19ff7c5e47f6dbe62938469546d91d0806611065809b5452292902abc5

SHA512
e6fcbed30b8d1a40544f058ead40efcee3d5f961021556e04b16d703e27e79484651ed7988ef7072b1f5ec59f647d263eaaa41a4b05444a30f00f2e462c203c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc47df486cfb0110081e0c249c60fae0

SHA1
c7c40d83b3bac3bd6c5a615064029599406bf117

SHA256
b81967834b9c7f3b10f1582dafc75c9b200d9cd50a87a445382eacb73818c4ab

SHA512
b6499536611e551635727026740ecc67182a6525d544afab4a7cb57adc600e22136490bfcf06a03d75a3965766718b55af50f95a636bfd367a37b452cd58a516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e0c2c15ba07e898c5c869635330c0d9

SHA1
c1fd7f28348f4c9cb1cfea5d8d444d88381498d3

SHA256
9c25f7601943bb9777628ff90e513a324d5ee23fe8b7d45aa15e8f007e730774

SHA512
5fc77eeab08b922bd3cf527a678e88defa757b2711a8a8ce447e10951faa7dcf2bca3c02e837c60b1e08765ea60bbb68e9a342cb72e31a922bb001f56d94514e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ace8348b53b8b722c67bb12d468c32f

SHA1
df1e2630978b1b094ff4c8d2d2c68f3102c7caa3

SHA256
03e042e6f6881188012de59c670ce5ebab2dddef1640d0b5a74aa68fa9c04d6e

SHA512
ebba27748dc8ceb5a3fc9af28faacb06de6d644d128d76d9b6525c39aab0c6e3c68ece9761243ba796fedb4bd23ce38fb36cf95164073fc67d12e75587ba582d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c93e06c726d11834dfb71dd76ead78bc

SHA1
16cc0cee0f9fd923adfee46d4e4929d0a9957ff7

SHA256
d6f24c9113751840c746ae5a13a59537cf1e15ed642e97c84efb93b84d37f135

SHA512
28595f307dedc5bb331192b6a02603bd000f5b0d13f64d44ba61ea375b940406541ae4877b9a1ecf1b4b00f3078b6faeadb66392aed059b32750dd628b4d6892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1f426618504da03cc677e1fe6ea67d3

SHA1
f16974aa98437a533b1a22055c6ecae4b8201103

SHA256
2c8480e7b52de5e602e310bc8694b5c58278c812750716261aeb5b8522b286c7

SHA512
30758ea97025a5afeea473a09288af4d2f89132c91e7325a202c4378dc2e8d9aa299e51b180bf27867e5216a1b6efea08c40c7b0d95c9e82d86995eed068049c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af7ce4e141a022e44d89a77807400e6d

SHA1
e157bb48a2f9aba8e7be912e411adb28e7793587

SHA256
dc367ecdde9c76231b01e916eaee9b9a491883cc24cd0f4a937da822ada56002

SHA512
8dfd034680fa82d1c8d0357aafeaa5f1219204f3bf85b95667c1f369f1a4c9e798114441d3033f8b5cbe5eb0c97d2ab148dfa4203486f9dc796b47853e8286f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
889c7bc6180d52c655283b6bae999e98

SHA1
56456abad70dae635fcc134c04014a721e963227

SHA256
2ec098ec64850edc93f0788f77d1f90f83f4a13762d71b14ffafc7c3a1a8c6b4

SHA512
2bddacf46358a070d97c903786647b598edf30cf0f2210f424ed907d87839865805a2a8751f3f0168473369555ea097364c637d648c56849644632f800858d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6C3D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6CBD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit