1801bbdca3dc198ce27708e50fb93b49ebe17026efede40084f37ec0be8d054d

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a58998c21d49202c2acc06f7b7aa7138_JaffaCakes118.html
Size

31KB
MD5

a58998c21d49202c2acc06f7b7aa7138
SHA1

1070b415adea213112a34dd1a0f23752e2266198
SHA256

1801bbdca3dc198ce27708e50fb93b49ebe17026efede40084f37ec0be8d054d
SHA512

80c2e2865c04d9f0868ff320695009cb41685a7d1c4417b0208d8f238aca595ec2db05cf76f5c0d3eddc7cb5c4b47f5618f976f4f6f88f84254797068c3fe6e2
SSDEEP

768:2rAbPPCtIISQ2AzFVPWM5IhdHyD8D22AnL5lSjw7Mi:cAbPPCtIbfAzFVPWM5IhdHyD8D22AnLt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002068ca0532b7e744b2e56260c2cab02c000000000200000000001066000000010000200000000c5cd9670153222c603125a96fef4427c51b21a124530e8d841f57fc19463ba0000000000e80000000020000200000009d59fcd8aca3d4614c2b60803cf3ac9ebc03ffe76a70f6ea7a6dbf57b716f68a900000001dfedc311e6a2f2c967adfee6b6d9af575f0b49feb1679f5cba935d168ddb2d68bdf4c4baf00c9e8bcd4864d9553aebe835992f744e0628f4a6c072b620214adb3f975bcb72b2a798d05283b7b16036f4c22a706e900e4b110873591387e3137e717e4d66c039f2454335a064c7e38c2b38b63ee75a1880073da71808c6cb1a47c5109fc1dc4a3a788444e416e07bd3a40000000ea4e1f29ce8b3442532303b841599caf816da8a2e9f59e45fe5c0cb4171672e1a3fbe0e87554538896af96f5f997d195ff82a6e48f8d863923028d62ad258ea7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7720E561-2980-11EF-A965-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e7894e8dbdda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002068ca0532b7e744b2e56260c2cab02c000000000200000000001066000000010000200000001c7eb5d6e3f0d64b24ec6f36a06146676669f9be5b33a5edf98b2542873ceaaa000000000e800000000200002000000030216f93fcc4b1e6e8f9f7a626d195416bce7ba89a4e9e1e334221ac0a79544320000000158c1150bb47874b245911b6d155ae1c53b61fec61562486d4b42d2fc67f2390400000007b4706bd67de927f59167ca39e4aeff9306f123d6292011762151e0a0c26b3726e4d3288a890bf2977481d0d5ffe6c170130e835153a44b2a1ace818f1e45ecc	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424443588"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28
PID 2872 wrote to memory of 2096	2872	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a58998c21d49202c2acc06f7b7aa7138_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ac47d85775114ff7ac857f32049a0d4

SHA1
4533cdb44ab74e99f8d3c06fc1e0aa979c985722

SHA256
18133283df59c37649a1a62ca5081613ce0ea143fe551c0461c7bdbdf1ba0f99

SHA512
038f250e1f80bb0574f8861e02a13d96b25a2733947789621d9953835856c0ccf5939366faf61e61132d4ef06dd7bba3df1f6b4feed014441a0d6469fff4a9d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dcdff8c96ccf496c759ed271e1c0262

SHA1
180e72b59259d59ded5cadad21b18e6df9ca9a9d

SHA256
974fd2cae75ccf84203997bb122e2d7f2e552e81ed45e387de3ccf1f0aeb886a

SHA512
7b5938921e07129c583368bf28dc36b0bf84b771ce3176e23ce176ce5d248e980d9b7c7682983497502cd3c879e9c38feb4f186939e09f1a3c582784cc72857f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2870cb8fc71e31ab57473cfc715a93b4

SHA1
72f251132324c8cec322a4e25d38f903d055f390

SHA256
f8eae12a663ea804263e098ba9592eb6867a7715298d40e878026aed0a403c8a

SHA512
31ea657ed22ce3eaeade70283c258c33b231fbbac4d48ce575b173493c76150393d4be5d6cb32e996bb99079faaa7e22bb2c517ca4a6dc165a8336a39870318a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6857832b6db710944e24bbcd2a6c68c3

SHA1
1d72fad67a44a523d556b1a2e233d2cfec1302e2

SHA256
9cd7e46f60b75fdb7c03d259f81a6638acb43b1b1659269a8f0cf1111a6eff43

SHA512
394425e342d7ebf65062d2ae6dbffce7600dc59e59492f0ace4c3f8a6603b53e339a5897da88c851ce067b0f95fb34cc1638ef2bf9cd1cf4e4917b3a9b9fb6b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
020f5b5068a8ab7ed3695b9a69daab7f

SHA1
5f10455112a69d2a11a93b7cb2876c38ec29b207

SHA256
7cf1dde082041954790a156287fb5435c47dec049fb66cc3f8bc1f8bcba982e0

SHA512
b3881ca97f05babf859a3f1a67aaa371ca7747e46fb14fe9a84224244009aab06fb79415619abefae8322b50403d6eedd1232dbdf2fc3afebc5b8a5c00e6a148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f4cd2cdb725ccb1aa50a59956a56d5d

SHA1
81b23f109262cacf34e7503d5d7066fabf1e9149

SHA256
67fbed379095c0855994650f1f483146b30d85f30c9c3522eddd08e0d8c878ed

SHA512
72f39e32b1148ce8c02b24587d1b7c9c4f07400b595aca166d3fdd4c8928f3051f6d38af95120e02323cc0169dd38517a2ac4bb6fc0303956d92b77acf5febed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84f4f8c2476a8d37f60f7765c82be378

SHA1
92df527acac0fd474feee89fd9c0dd0244544c22

SHA256
6426e7698952a07e4705138884ec3bddf67da4708a8e5141e48c42008633652d

SHA512
bf34d498e212be581d0737463e8ccb63fcf570bf338904d37ada0af3d121b519e0b47fdc02ad0aac8277a4e72670af872b0473dc2cc5bd700ead529a75632bf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f79136e98ad3d3b2718453be2021bf6

SHA1
db1c63945684c0726b0df6b85b06737a127d686f

SHA256
b7151820151dc9bef30b453ead73605c6f51df9d6cd93aec3a161b44c472f557

SHA512
d688978d63f02906f640faaed42d15a1650f0a3738fd27c38d8a48823f7737477cdb12feb8c37e0c3c8c44b4e584b2bd15a4b696eb93bd7b199fe19b6d20f995

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd2c3f7f5195e597c8bc2247b09e13b7

SHA1
e335f6bb3962eca057f35c046f31f113aedbbd17

SHA256
6a18046de410a0200e2d9ba0232c1d75813ba349fc78982d6d9f08dcb948167e

SHA512
1a927fe3f7eec6651635a6bb3e2e97b1e6f18cee9818a983d2993347f53dc71207ae32ec832821130162a33a869be44fb39d918d1d28aa5a247a6632e2ccd763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c41e3517298ee22e02a2e4da253cc54

SHA1
bb23c20c7d2f27a628308e1688bf706f257738b8

SHA256
59035fd759a846dfaa03354f9db5efe936606f486268c447790cb5e767e7f93b

SHA512
3379762a449751481ef7b442705d81d026e5863b977252d09d71e293ff4f970d600790b17e8e39b384b2d6e0089b4ef88f9f7bb7c61bec012467da5e1cae75c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86552ff4349262ef555230ed050257ee

SHA1
b4a2ad197789a23e2c5bcaaa103312f620682e39

SHA256
ee611ef528565327abcf18f1e4e0e5d6f9fbf7a5928226d2dc62c4759152fad0

SHA512
b68a34d99fa7b6cafee9749026c28a3ac2b4639f4cd80ce843c70cf495944b21d1f0c6bf0292e806709676574343aeb4affb48b8083984e15d43951c62519c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
093fc2766b912dab4701bd46e40b7908

SHA1
db673e7f3cb47efb073f7d08eb0cc46034c989fb

SHA256
62599e325e94d845675711e38d15fa47a9ffb695c00946e4d34c23cb4aa020b0

SHA512
bd18f2999534970102443aac27b4c7f2be0f23c9bb0b13623b98468bb1caf9d3939047dccc85633e8445622f21aad484ba4954cd70e68a8752a39125992f7411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b882bfb3e14073ea7bb88b7df9ea36e0

SHA1
e4ddc254caeb81acc24e031d28ddeca6a0d2a1c6

SHA256
04da9f19c68dbbc75ea31893be75996377792ff33a17dd742938c6a9cabe9e2c

SHA512
35e79f752a9a2d178174559a3a6c824b4f33412b090f7f61f6a25feac9edc991e64211ed1b8fd7faf7a8cdf8a04bd0d2122a183f3d71cb6071fc14a087171efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86406f7706d85664bd31b9c166e33cd1

SHA1
5e13032ca29828b1da08bf962ffb6b101ca01927

SHA256
ae48cd01ff87b3e03ec65033965a8f59b40c73e7b7cd4f8f0840208778e34614

SHA512
9a1f7b32ad2c0d35020889442ab64069bc71b7e9ead7e70c8eecd327f61e5cf60b32bb07cabbe9007ad14aa9472a4fb71b2da760efaf83909d266dfdeea21e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a05ff019b2c37e2f4b9320e1adad346e

SHA1
a30ecc78de497a2970a9035697fbc4e021023916

SHA256
8c6d075c5c0e13de63b6dc7ffaa0d4940567d56511e67d3fc0fbc04e3070007a

SHA512
43520382d2255585974680899c448a640b1fc9f81fd835c43fb38c556c27f9f3961b48137e89134d25428915689e890c0c03cfc5409ddee0b683c23b96d31250

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar49D4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit