986f29232bdcb045f5b30107ad3383f39e6ea2bad71836659541f95f86036984

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5f7b6a879f99f7964bb75e9504660a4_JaffaCakes118.html
Size

26KB
MD5

a5f7b6a879f99f7964bb75e9504660a4
SHA1

72660f819299e87e934cccd151f8c2a3b5aedd62
SHA256

986f29232bdcb045f5b30107ad3383f39e6ea2bad71836659541f95f86036984
SHA512

29d33af65da386666eec90176e612afab01679f62cec6322c9d689197b654d6598b86da693cf7dae993e653c34d21227d687fd7a1c4c2004c48f81f277a32366
SSDEEP

384:uOfo/v9lUCEhtrhstUAEBI3Ihci1PQNFM:uOfkI1stUAD4ci1PQw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449930"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B281741-298F-11EF-A155-FAD28091DCF5} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c0d3f2e6d067c5e051c3b641f560f6efb2f58de8ece472d9bc91b6e72af75e24000000000e8000000002000020000000e3f62021f607b0fa9fc15682250a999cce6444690fb89fef989a8ce6abdc0ff02000000009ef4abb0b9b12915a89807e76e677834b5b829063b9cf745d75bee80ca0beb640000000ccf005cbf15c3c258f96ffcea950c92ecc8db1322cc4e5023109d5f425ad1345d9ded079b77b36a9c3ae47a7369e24e352ae60cfeb3a31eebdc9b86f15a3a466	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000db91c3f2cd84cb478a7da7119b706e8e4d7ef0f93e8df7aab84498c1a4367f82000000000e80000000020000200000002c28caa2221add5e3f641b9303cf43329eb0b701f573c1fb9e9cffe58e69061390000000f35998a410f1681e902af684f32106ed854beadbfcfa53274c81a4c60265ff75184045141851528df5f6340ecfbf79849bbc5e1a1bcc344c878fc94af3157956a0be854161f130fff5c1b952d3f4768cef0d49ec74886eee099dcb71af000e17eb6929e4d4f78ba13f7695bf780249e060a7aba1c081d6263377ab09397e2d69e86dae73ef1467309ed31e6ee8bd805840000000d0beb76fbb0b9735592798f51ac2870966b55d03b169f6ca525336e41cff3b17dc96878fdfb4a6e05c89f688d3fe5bd905a0ee677a17e19ed4b4c76a330f054d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602100119cbdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2040	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2040	iexplore.exe
2040	iexplore.exe
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1964	2040	iexplore.exe	28
PID 2040 wrote to memory of 1964	2040	iexplore.exe	28
PID 2040 wrote to memory of 1964	2040	iexplore.exe	28
PID 2040 wrote to memory of 1964	2040	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f7b6a879f99f7964bb75e9504660a4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f16b4931ed710c7262825585db08f598

SHA1
daede1f8efcec9746473492159bdac85e166e386

SHA256
88a8f0ca6a1e18f4f929850e6af73c4499b7ca3ec46286b7a8d3ac17ee6c1917

SHA512
2da83c954ac8ac09b506cb907c1d0eebd468902c4ba34533989e430d3e2f44a48c63251a62469afc50f6868aeea38c2af4d7a2175e1d6eb65178538331ec7301

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dec98d6def2f777114ec18cb4bcc7f14

SHA1
672de0155ec240cc5cf1d534e262cc22005efc8f

SHA256
ace462a4e079eeeba8babb3a8540c54a731652c3c8cecd7d5843a7c8a40f9a60

SHA512
3b0e586c3a4d30bf3080b9966edae5ea7d635b4e0d0117757c49f5909740ff16e112d3d5140288314ccc74de68a076f9b4e6e879aacada8e79a47ca18dc49d59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3704362339165490bef77113eb0d10d7

SHA1
702a5643fe43720acdd8a79400ef07009f66f57c

SHA256
b55a5ee9639d6c112482f396f3de8c01cad2664b7d60710a8b8630317c842520

SHA512
0006d9fdfd3bc64b2f3ee2025148ada742ad1cba365958547c5949129c8400738192c8b68e53b6c981758fbf9b09598e886a7a24e50ad3767f79ab74ecb9ccb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d0726df9b9e12f61e698b3da8ce354a

SHA1
de1e3faa45cdd0d2e44a8e001adf9693d910dcde

SHA256
1075f9ac011435c537dfa915236cfcc2466468ba052d5e8a2f90e24d835f42fc

SHA512
3656fdc5f24cafe4af0240725b50545b8b2bac7ed77b1f1a68f24a4afb296d73d6697943de4a8efdf9477435e9109ee26ac4b3cfe5a13dd230b5ba9ab4ce6719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1874ccec5b42fe36ee49a1f445d4a4f5

SHA1
4174717355509ab357235bf83de7b482830dd3f8

SHA256
23c849bfa1484a417a95b0adc748702be9840ab3f19b003629f01455c76452d3

SHA512
3c7c15288a29c853ff4e8cabb9bcbf183cc6cb80de27fe13efee7512d629659268b97d4baf8dbbc44e847d11b2549e8947bb9c65c7ac3912e7b510c38c55e0e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfaacae9295524cdb3e79c588a57b6da

SHA1
f86daae4e8e94599704e55c91711f3ffb02b6c9c

SHA256
33d61c20dda873ae212999f684347d0265b40d7a6eecc2bcba2b3b489b137316

SHA512
c9777aef287fd5a0b7c85ccaa29e1895ab0089f31636a5bedfd3c7b080db84a7b679f445d2700f7d2ffa51002bfe9d4ed24ad6e2151a488ddb06493ff11000c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf15626f1291f3075c2110f6210a7869

SHA1
8c8fd9d0da53ce000dbdcf5f4e32a616348739c4

SHA256
ce8c16caf98d9ef0fb29093c192f7ccc4c9cd30c1dd86102c1dfdce91e0d0ad1

SHA512
38ec9047ccfc0d6f093740c8007bcc4a5890b9a1696b3d23f69bb4365bab59d903b00d8538734a7410ec5e702649301624b38748dea4e48c6e84449fbe008cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15f3823406fe5d8064bf75c12ecbddab

SHA1
5f77d66aab896fcf6da53b678b282d64f3ae8f90

SHA256
af14d79353615e6fe47ebd305f13dfa937a7f963ab08ab09a2f27295613dbf36

SHA512
e06fe2515395133e57c6ec91d17f5d3d712990d2e0d086701c8fc027c696d7d5654eccc32eb6be183228ab78e2ed71fc8baad8e8da76656a2b725edf427cb1d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dcfc6a54b0a455fbe850dfbc83cba65

SHA1
9aafde92f256e4cd708339a96a731bea0aede21e

SHA256
0a58f76ffe94b688cdf0b0efb06467001d03ff7f6de4c87f01c744e275594e11

SHA512
7ab87f389bc43fd214a64ff07077de6b1295e5f5548bc53c2ad3c26385fdf301640ba39d0a7018465592a5ea18a62f7899af72c102cf69eab97bfc5ea00641e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94b2f22adc0caa9b5b0692e61a4710fe

SHA1
b958cf869465408be6a7fd6e47900466fa2d8076

SHA256
69f59a8094af82f50ce1a0c8511aebc87e0554b383224780995da041c404eeb8

SHA512
9e3dd5f2aebbb9d87ce34f87251d33ff4146feaf77ac1b35e70739e6f8c730e033debcac9cb675b3be5ad7608743c8d38b64801a89db3b45d812303d366fc7ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d9ca3f70a78f5f0f27f43b16582136e

SHA1
a3d5d9ad434c00f2d2ab3c009631f26a58d2dece

SHA256
b79ade2d20f7c3eee1f5aa3288e3d669e08cd10f0d16ea97e1890c6d14cbe39a

SHA512
01ca9157589fc2eb96e7aa57ddc58449f3ef2a1bc47d2f3bed16a4e8753cfb7d28381ac24e067f14744d6a1e09bdc12dafa68dae844b6fb10eb344c0de8c6e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
897acf6c4aa9b32bd59295f78b1a81d1

SHA1
86bec18dc86d61d2921844b88248e14a1f50ddcb

SHA256
0c47642525470032a27c228c76f72c982c129eaf66f80832b3cbdd3cfd1da04e

SHA512
11d5d3a206fd9d9e7cab1fb22269a9df9cdfa9d6c672157aa552bcfa2af8a51a3322384635e6434140b39c35026a65922c4718fa395ba6085c10343886115527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
265bd7d57ee6921a2b87bcb55b67fa8b

SHA1
f7d6f3cf11de740f974f3d571ed15293de46ed66

SHA256
3acfa2485a284f7b1f0d3ee9bee94b24de49c91dccee7f46b8b6cfdda684cc2d

SHA512
01deaa956c7a30886654da14296a4bdc1a33ce211e60951a5d92d1a72123641382d6f529417bbda2d70464f805eaa004d4b0d22881f0b79dfc19f1413f59d426

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bdd4068c0a3533363e936d462417244

SHA1
1411e394f0a726d108bf447bee1d7d0819695d1a

SHA256
5fb58f61371252444d5f723bde612bd2e9d645c92eb93b7fe17828e33b53e76f

SHA512
fcf0b5a9419ad4efe5f7c74448ba9b6d94e94f444bed4e53970a605dae36eb31cd8a6e046ace6089418105c8bae20ded624b8e4087ef2c5236c85f45bd6b0d8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8e373ec66c459fc80f41cd6b9900728

SHA1
25b18bb77a8fcdacae8082faf2780083eac10c55

SHA256
65a9da774a20bfa92e8e0a12e764445ae566fbbb9ac3da3713273a53b0ac4128

SHA512
bbdb124df6ecb011eb2588156fbe35e8125f48ae2d4dc313ce295d1ca76f7b754a2e97a02a2aa3b58697a7f5e02b4f86e739cf62871694086d9fe9ee0b208eed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e318c478bb10fe26e30533be4a146df

SHA1
b429c8c8a340147d2346cd5c86518d6f08929b59

SHA256
593fe23e02fc3c7bc06b8afcb60db18069b71ba18361d5871becd14ed7ea37ea

SHA512
38de424830428db63ec72aeb767fe663a2dfa603d29dc83a52c60dd773448203e5baba45e3cb1abee4f6a297d45ebf6bcf9e69729b245f14783eb297f41c797e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
674d2a70854fd8d2a6f9c0691e0f5bc9

SHA1
5de3ab287d406d1ed411e1e48cbb47004b4aa6fd

SHA256
4e74da741f1142b7c24bd8d571b65fde5ed8811adb9cc19a99eddfcf325ef2a9

SHA512
f212a1b1b7279aa6de7c5f3a0d1e5c1f8cafa5f827b950bef94b1e9dc15bc7135ba95d21a6c81ca0011626e94d021409cd975c77d74aa2e95e769535ed61f0c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8805.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar88C5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit