ce4685008ccbdd651375c91dfbb578f18ced2f0ba42f6b35ff49be29306ac681

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 13:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a5db9c620fc32b94fb0b22eae3b63f41_JaffaCakes118.html
Size

3KB
MD5

a5db9c620fc32b94fb0b22eae3b63f41
SHA1

ac02e8b9335044a2f2f389a27c780ee7b6ff3c39
SHA256

ce4685008ccbdd651375c91dfbb578f18ced2f0ba42f6b35ff49be29306ac681
SHA512

04c2d4c0e66f72e18ad44bcade64c3643551726a4330fbbb954940404ea4425b2e26d8e27f70de50d2bd5c88b862fb8bbaf73b4dd17bf96e88a6bd5857e453de

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C753D21-298B-11EF-AFF9-DA79F2D4D836} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424448217"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000046030c098160b3ef7934a36e41e4a54fe3d549169954e3163bdbd1ac1a74f87c000000000e800000000200002000000090a07f953e90074882dd568586799bd9752402ff76a01783cfd814acf5e508ef20000000674d2b4b99d0e3870819d1243c4c85fdb6669a5291e10919f09a19dd9edd383a40000000f2316ff8213616f5b1d85e31e1929b066096218c57b0e753330800e6755be17991a1c19718bd0241492f2026ee381d01a6ef03a56510e745ff2d65d8fbdd8aea	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000182cfcb445bd3d3145e2b1f6b071d0f0b617c4af21720ba9422185f65bc7b634000000000e8000000002000020000000b7b564ed98686772310e30ae1870b17c0a3447a5771f14cacbe2fbaf07a8d97690000000cd8f9151d0a19a94c6d7d12b2687a6f48923fd07ad6098b4607352385f3729a307cc417c15e4f160f7a3b19be5d73cfecf577d6765c14911b5e65928414e53e331946f7088d76c9de441a14afef969448c620ca2ac5ff211304071f35627fdb7e503823e2adaddc1db4b0dd4f0467dd40722404d1c6468e663c06de660a492b7292692d3d27f0ff21e0441818595991d40000000b08acceb6b648fd46f70f8d0e62553554bcd7cfba32ebdbec5d33ed7c82aa7ae6eab9eeb5379dcd4493e05d6d7cccb99f841a079073f38c0a4b2bc11341d5244	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01df81298bdda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2428	2228	iexplore.exe	28
PID 2228 wrote to memory of 2428	2228	iexplore.exe	28
PID 2228 wrote to memory of 2428	2228	iexplore.exe	28
PID 2228 wrote to memory of 2428	2228	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5db9c620fc32b94fb0b22eae3b63f41_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d5c854439cf8690ff0e89c7c5199319

SHA1
999454026c5566d6ce944d68f802d0a3ff114971

SHA256
ea2c0f9381976640e594ca5fd3021aaea6c2860ee8d757f8b1ad6a73fd8944de

SHA512
3d885033fccf274923599be1a102c6e6fb9da05cf03bfe683a55f5eed9a10302ea14b6ac4b6bb5682d982cee3496e0d7414d64971ea567ab3819b19ba90027b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdc511025064882ca5aea105d5a7339a

SHA1
0b7749be8308b6376b8022174967b60116efc50a

SHA256
894fe1f249632e306c5d8ae51d0f6478e220e0090812af1391ce78b29b649152

SHA512
a9b3f38229fd106e1700d259402b764953a7e162bc7ec74a8614c41ef1b987de5250c7040557a9ad58c41ba3f0814e8b548e16a5f556a46a169d0ee7fb627206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2573847687f297e88d028a100867abf4

SHA1
7e0c4e8392e92c012f9b3bd385f149fd77827cb1

SHA256
cdec19769409094a2cb8eaf7cf66e8de4d800aa2dd2248090fa97c362d5fb78a

SHA512
8e59a273bd595247046dab8610097bb66cf86f6068f7b86b304207381e4839fb29be15b19bd3e1d1199a4c8f090c432c6ddd0de51310fc28156515ba5a5829b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fefb3beb38c1e23b8b5538e42ab36fe0

SHA1
3b0beae77b4cb33baed052db9599910e2bd3e32f

SHA256
5270e7a275ccbcbb595feff1564881cdc8454280c119fe77c122dc0b5e47fa43

SHA512
9f21f35280e4bb6bf2cec02099ed73d2438ad94252620223ea885c19bda66bec874e586dc3de1f38b6add7d578077c422680e20473627747b9a946af8f146a78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64707728dc731346a7e6784486e20e28

SHA1
89679c2bcfd11cf6634c730fb5160d02ebe5b2ba

SHA256
308b2d8e8fefe8166d14ffa189ac6fd0824e8cf27cc9388cfe353dfa8989a997

SHA512
c823ef0fbe1355d07d188326791bc74d9f62c62c5e63986a2875f9d45d582f12d4d82ccb8e2257aeb939155c14046cb2c90b75444948521ad3e82ead8090ff02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc694069ce37097a70213a9eac38676c

SHA1
d64d6c154863ca14ba19434666626789ef3d3820

SHA256
0dab7cfd05cf37721154081b6ccc51c163b99cc511e17f20910428c30a6974a1

SHA512
22bb0cd26e36371be8a1c2d09bfbca6e00b0cfbed0154fd16a1a08327e8221b57dff0641e584fd2384abc06446478c65b2e4326382289e80a7a9555441096d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb62d1fded85047b8813182a32d8b389

SHA1
c8ac1a3641fdec1e4cef741b90063a35440cd464

SHA256
731d36a73ed6c5539fe2432ec20aecf716bd189875db1be2de9f9f5e611f8e58

SHA512
a29a56ed26ad2204ee3894a08b10e6e61e910e4f386f56120db03c6e5d9c28fa45838b82cdba4d6403435cecf5a34151d1b8941991b3ecd98cff7ee6a251ff08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b6719abe3c65d70a2d19d6a6fdf9f63

SHA1
34da40ef3deec62aeb1533393eab06c9ef26c561

SHA256
4f4a4543324b820fed32e2d86798e2b577496f9d72c5c6ba32ac12f3869dc1c0

SHA512
961feb21e0f9347fa1201d5c0a2e776a42e45403c89b3cff7e006b4c4f536efc9aae3efdb7f1cbca9ab0714cfb4a95e601bc769091b62d4121f7bdfd53eebca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc11830471694adcc555c95fec01b2d3

SHA1
39244a986d2f5422cef728f03c7f1f701cd3df81

SHA256
d45a61f0feb1605cea107067b33e5b0e7f7886aa1f99a782ff82be032820ee0a

SHA512
82b7ea237a5acbc4fc60accb539c2bc63fbb0286be7d00bf0f300fd05f5fb2ea78c260f5bbb9cd4f5bae18c4a75c51910d9e16478b167741adc96a9bc0cb532a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2e0ce0d5f37eef153f62298391e0048

SHA1
1202de74596add96f11624009b307565f1361a1e

SHA256
6ff58c1c3ad99b5baef758bbabe587e5edecdcc48b269d3da8b2a3473ddad9da

SHA512
d434c63e1210fabdc82d0fdec1bbfaaab7b54e75dd6ab7c5abb5a408f21a05fe546354179f6304a83169dbf8afdbaf0841f8503ac603ce5279037aba797bfdab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1437d5b314cb5af84f997167b07822cd

SHA1
cc3107fbc7c256bf30b74353f852a6612694f427

SHA256
3159fded0a4431e5a78b03ab73e062d421388535a7d616ba76a7a029ae3e4595

SHA512
2df18cceb60f4d95e79fa6e1b47006a7a54b8f8a631ccab70cf44174bf435d5d103dc5de95cb52a831c1df6531e337a46e7eeb561fbee1227ed2e4cc2796693c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4ba03e861a83fec803ea3dbb938c806

SHA1
74c72d314c2c0748cbbd8a6995c3ca4953fdf152

SHA256
82471eb998d0fca4faed8c5c391a924e49d6f765b25ce512dcacc0b65f4f010c

SHA512
259272985e688ef83e0bffad3b341eafebacae4ae7aca6569d9572e382424c79bfe6345309c90f2cc77da26c7f955ba89000c4df7df45705c42ee6c3378cab26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4135e7c296530c5c59ca36662f34540e

SHA1
ee6738586e1c8859921dd7505b5e25769a605dda

SHA256
a93cd080ce839296e2359c587ae3b60a842c182c14ee710819ddb1cc4fe18065

SHA512
a62c4670d92a17c7d2edd182869eba6944e7dc62c20ef231a19e9b6edad3bcdfcb258e969e0cdfb7e369b68302e6ec125d6e962fa417a2b72e2d94f8bd6e1471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
617e5a20d94e0ac3da90e0d63c1a6c3d

SHA1
d0188aaabfeb30ce0f8a7798887ad9d2cc49a728

SHA256
5c6885033114f138a0d7cf61e3708179b21c35db25a8ea860bb9af8b66e92825

SHA512
61cc1b76598650b72c0e72ae36d56fcb050b283044ce0806d4ff936c585ac01b4ae41b0b19d330b882a19f1f30d55006168e916766b868db0bd67edf764709bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75b57c0d67e9a1b3251f997e78334be7

SHA1
ef5e6e3cc33e0c69514f2616a61e67777b9694b2

SHA256
7d53b30ba1feca84b855cdc17e21d29714b0ef4e9149dc11082e9c9b24b79bc1

SHA512
59018538c166121c34a01c265aa32d06e9645283eea9a7f7bd15bd6208ba150510f549a99cdaae672f64b39322b4fbeae3bf041e96ec497c6c9475aa64f055c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0ce38b631a21629a76c3dd41ac05ac1

SHA1
7f7618c17b823265843b8c41af3c56bb82a648e1

SHA256
dae3926bb8049c1b6f5b6255478425a04fb680178b41a4070e0a34b2179e04c5

SHA512
e5fcf9d63e52c245cba20c5e18368c79cf690c15fafb021608efd0582df0463bd8544b48257aa94c7e8842c55de54af046c3367f0ecf5973c8c030fada11af13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F64.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar41B8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit