3e02a3884f8f5b65d91f16d82276c5830800be13cf183c34604f5b7da3e151de

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 16:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a67cfcf1df62552a847c88da2082d6b4_JaffaCakes118.html
Size

880B
MD5

a67cfcf1df62552a847c88da2082d6b4
SHA1

044f03d6011237bedfbbd4d0aa9407d8a56bab7f
SHA256

3e02a3884f8f5b65d91f16d82276c5830800be13cf183c34604f5b7da3e151de
SHA512

b8c0002e904ea23252c54609655b65d301e0b0d28945f215476b2b081cfc1f5c4e197ce0fd415b819d19b54f82a9faa81fe5839b5c736a9ca6d21f5845a2e3fe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007a63d22a1691fa4183233f69a46b25290000000002000000000010660000000100002000000034b383f6cb7a62eab9c421bbf59dcbbbd38500d05e70550aa1cd14a54128e0b1000000000e800000000200002000000037fd94d645d9c1317edacbacb642d92008151e44ec00673367e1dbc1880986d790000000542323316531f56c40ea4764c2e430eb545f0d473ba8cc8caed13ab6824fbc2f38d80db35442ce4d6dbdeec4cc38801e0256e0325e2f0ba729cb78a9a4181f846804a92ce2fe6d362db6a35e33d35abce30c7c146266350565a5748632aef849f547dbd82ffbeabbc6afa9ff947df5b1f27970c0413918dc1f089535cb0f3e745c5c4519c3a0229660c27bc3631bb9cf400000007d52c2e16cd497b81c9c96b3a17cee086099d5d8b9e47f6507289725d607c8a3ce9e79cb50cb326fac8abebf2e22b7d6699346287d27dd36e6c8f40a738dacc1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8FCEC21-29A1-11EF-9A72-56DE4A60B18F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007a63d22a1691fa4183233f69a46b252900000000020000000000106600000001000020000000d4c9c9cbf7280a55a0199917e4a1b07becf0339c80a7e06ea75d1103bbc80d35000000000e80000000020000200000004f016f274b7f92facaa56bb08acfd0e30eebf7746d4677d7c701a66f112cbc2020000000db3ab84d73aa1d121e0d20cf7c78cba758c7b3976cf15d03b1e432a3996dde414000000013002013712e7458d19d15878c9ece280f15a27932811b0145def23b71cda4bfc6872b9a2ff61349b733df0da605c0cfc0481c24b793ea44bdac2b32ebb83ef6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1073897daebdda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424457845"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2468	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2468	iexplore.exe
2468	iexplore.exe
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2656	2468	iexplore.exe	28
PID 2468 wrote to memory of 2656	2468	iexplore.exe	28
PID 2468 wrote to memory of 2656	2468	iexplore.exe	28
PID 2468 wrote to memory of 2656	2468	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a67cfcf1df62552a847c88da2082d6b4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5d977ddcaf499ea187f7dab78283f8c

SHA1
9703a28941802b05fc87612e2ac33f359e35be44

SHA256
3b2253da00b332ec4b8d34d055ee60ee665806cef890e0da30c4f0e97fc878d7

SHA512
cb641db66e69925d8cab2ae022072724658008c65a6ab0939ae5cf734f61f4d302d37b0135ec73b4569eded45b73fab0f945b990fbf43eb0994d4b3f3ffd80a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fb64f8b57b189677e6d9f37d9967c4e

SHA1
676069d527c6c4d8bfe1f55d3caaa745d10e2dea

SHA256
b352ba522f822aea96d1c05eed74c89e2f7e589e264673219449353f52681569

SHA512
2d9094b3cb4bf9b50c354b3fb368339a2fe4c7b05e6c55c60a99545eeb91839117fef80a33435fb3eff872c6f8ebbf98933651b9a26700ed8b37c7bce81b3778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e6c380a5450b0b7cd5484e318577399

SHA1
5ed7b456151de847866ae5d60aa4fa81718753da

SHA256
00d8f1f9ea79565163f1c0210fe3c4e0c8caf77163ba8e6f41b6aba897b5105a

SHA512
11596a3a4c28fab3dd44f461b15e2b361479e6fcc3788c8991e9c27bd108466c0e37ac7ce05db490051681dcfe3edfc4fffb79dbc366f4c73f77600e1272105d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ae5baf993565962866da930320e2786

SHA1
f0e0e168a6f5d69a9e4439848e77278b9290d6db

SHA256
d1a8f498031eadd61d40287963bc537ead7f6c80f2b7466dc626f7604f84e574

SHA512
8aed9e8436813ec2e83cec381d5655d7acfd74a87f095d4ec4a4f0b1c62ab807e9f4d9302770484cae9ae5e8aa052caf7d17c9bbd2e1387d62f0f76a65fbca79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
546a88f923e66a21568a095f35b76ad9

SHA1
c6d35c7db3278c70a2c36e4e1bb482db722c8fc8

SHA256
e9e59e3cdea12acb1728289dc7b7f67ab29e72d51bdceeedf8a9492a6a2bf3ad

SHA512
d3514ff16333e50c82c019b53214ca5f3821a8380b0f5b6cd7c00096cc4beb7e73432ee15b46c8626566114a8c8622f6107e2159dbac46fd74f5b12af26d0bf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ca4851dbafe34a5f1e4b4236f0f8548

SHA1
7e5031f63122b9882e0a82ec242d4c614a4bdfea

SHA256
cd56d9ab29270867144879be693c00cbe7debe6377a072e0dbdefcb372c1c137

SHA512
6fd57e66e2ba48fe750b4057853633304880df3cefe1b8ee593bff92f1ee5bd5156817dfa60feb3c0991d14091fe501e974a55765732dba65032d615f85c5360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2605864b38eac5e2182e1a691ecdb2bf

SHA1
79c0a1eedb05e97aa3c255826b95922532759bc4

SHA256
afa5fe2ed28c43e3b1c246370e8095a853f6c414304122b427255e1e9691eaa4

SHA512
a1433a4dc43349d8e4435b3dfb051a38360e4af8229704b8997922c076ae824c29d750f55a9140efa4478743bdfee3a66a59696173df00e3be72361fe8b1aa1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81dcd5a00f3fe56b1135c88eb2f79cf1

SHA1
4a4665ccdbabf6f90ae4c88090ad616f46072717

SHA256
4b874a00b4c0d72ccc609674f4b339aa84a90d61311bb9988ba17eb8ac027a92

SHA512
7d089ea33443e1aea20f45f1e411989dca772350db2ca39b4137bfa27a5638248c1338f680673213c061928ea0a408458b5496c12718bf7a4835d26ceb6fa2a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ecb269c9d5d3024e59e4d3c0847f096

SHA1
ed1fd6a0f2a6a5773045324927fb39910a2aba86

SHA256
ea9f48efe81c2aa241d66142a458d17b84bc6304351009030b0a3406c26c9139

SHA512
ace94380305ec6d556efed803444b19af28e93dae58873623d4cfa4f62c129680f1288af3286af55c0525beaabcc10e028706fa33f5e63fe5b8b9ced563de63b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37172ad508cfaeb78af11b839671e0d2

SHA1
5948903a5c8430fcd7486538c2bfd17114b19048

SHA256
c2d642e804d5dd708a433b0068a374fada8ee36664d29c1c6efdc2fa256a3525

SHA512
5dd0bfde7035fef6d04d374b891dfd1bbe8fa762a8448c7b5a63f5aca79905ad873a5dceca728a1a2925d98674b179a70f0d331ae5baf419acbf556b6d8a23b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83bb5af93b670ab4a3fbf77366c9d86f

SHA1
b4bca9cf96195eb94522d2ebc94c1967f874b2df

SHA256
f73729682aa77df82b1bce57d2dc35a8c3910fe0dc22b760d55853d449546cd3

SHA512
53582ac6832f25942da47e1783fdafa6aaed0ff57f884c68f59385e318545aff25d33e37cd1ca375d165a41744fa0a42e4dbec105ae5c22c098e2236596d1e07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0a5833a3f6cac4a4b831371d7434d45

SHA1
90c9390367cfe58c8c7765efa3ab40ef65115ce3

SHA256
bba8eabf76f9ba1488738d27ce464bcff0a98a35b55570d284163066e575fd4a

SHA512
6c2976c0fa6246e61851cb845e1e26a2a127b08b37c0577fe7cb29ed9447c97beb0b7aba48ef5ecb7fcfe2158ccb8a9dcec5cfc4e5686b3c6ea958719011b55d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae55ecd13ecd728f73e81b1a9efb35cd

SHA1
71054449cfcc44bef38bc9469096a9f0da342932

SHA256
8dd205aea0a4f2c8071146ecb7ce783ee816a053dadc345da178d740e9b4133f

SHA512
2eed71f3188eba57829bab54ea83a543322da738fefc4d3dc7c369908b8cc53bb23b051441c6ab67a0ad6b6fff833217f7871c1e01e8becad02bc373c96704f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2de038b25b4b5ac7f74a09ea744b8d09

SHA1
6e1ee6a2b48feaa5cfaeb1302ec73ab603f2403c

SHA256
26d3aedebabcd686922d9badfd12ea9d3395286a0bf933a3e992753c8370d168

SHA512
9c41bddfb7e65653ea81a219bf3fe5618de141e5d08f3f0e3f673739cb9762489c4a13c03307d4f8edfd81cbf9ef538d7d2001261144b948add6400541085261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0ad3b8b3ffc2781787a8e04a0762c60

SHA1
08564a12757d08c6124987c9632841b11947ca52

SHA256
0974507cfe9f4dd004c2d5be58a9987ad93203cf357d295b3f3c528f642f6d6e

SHA512
778e567a24e0e68d6ef133cd09bb75c3aaa11dddaf8d227160185d9d1a44b93563894d5c16b3d62b16a71b5fef5ceca279fdb6cf7ac55f5d002da5acf353acab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af98277424104532d8fe026cfae1b49a

SHA1
c0b50f4b72d7ae109ae6b304db917e2a4e2f8185

SHA256
ec760b325d761f24fd64426923293bb4d9d78a852d4ba175db4457512a4eb676

SHA512
4b3ee880e82249629fe1bdb6b75ec619ee1f42e9d0b258621241b1db837488883ad2692d74c7776fff3bc318feae9fb787415f0e0fa077b81f1313ccf3f94c22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6791b2af526844eefc685526f80ddca

SHA1
5a3bb497da2f9607262488bece672d58edce58b7

SHA256
a7864622b9dee67a2dce5dbe1fcfd3377a21dee967524454a563f7173b9a157e

SHA512
12b12eddd47012fbe30d553983c799aff16dde3899fa5f0e11fb91d6864302a434d8cca3432ccac89241674721648190a718c94d9022c96549ac9efa3fcd9aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2899.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2985.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar299B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit