b52b13be83da2dd2936ff4e275fd7ca979094aaeab0b05b03749cb5c5c2730b4

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7b7cf5d2d4e6cba5ed08b013cca4312_JaffaCakes118.html
Size

32KB
MD5

a7b7cf5d2d4e6cba5ed08b013cca4312
SHA1

0e4dadcb50efb641a9df8cb70917de9cbdf2a12c
SHA256

b52b13be83da2dd2936ff4e275fd7ca979094aaeab0b05b03749cb5c5c2730b4
SHA512

0ea752b250ea73f85123c5649895a95ec54f34b87b79f01228ab15714a570f5ddbe5edd3508f22356bcd3a95dba45beaabae0a808311608a9b119b533d6aea68
SSDEEP

768:5PUoAhEiFfMi5+L9iLD0rLqXiCnDcYczEWCuTgJwTUGhTXyiCNe:5soAhEiFfMi5+L9iLy0iCnEgWCuTgJwN

Score

4^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cca69c02beda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e42b7bfd99cce08ed9e52a250db8ef2e8ef8df8e91d97c0db933817a6386b6fd000000000e80000000020000200000003e4f67c6f5ae0d9bed2eb9d7c06fabc13fb0665c824e925dfa8015e941163ebc900000004d04ee995b9b8b8a2b01b5627c86a68961a5b293e2d92efebe2b6dedebac2c372c91209e3bd4ea6d4c2c224fa2c0738b5913f48fad524722339c26b2961d0b5a8af1cabdf4cad2fc7c364031a069306c27973d7b2e8b2f6b5831a4f6239a6cac9a9fae1d7cd904ed1d58c50fc2e606e3ba970defbae297b32e28a64f2d285f44f1ebdf2348c399341bf7a52160aa277040000000028717068bb294c0e96fabcf735f83aa57a88671e0e5206ca97988faedae401b35e1d33bc05109db35a500d54ed799d1d4029be7aeeda4f1cba3fa41a2157ee1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424493974"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C64AB5B1-29F5-11EF-9E46-6ACBDECABE1A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008048ad37cdb838e3e14e06224cafb61015b4f694b6b99b597d1d0570f5009f73000000000e80000000020000200000008870012d6896ffac5e8e78bfbf6a0c2bd792d61b702f3b88d22064e1e0baa44c2000000030c754c4919b676f28ef53b0cc10b21636af9c85a27448e1504de0129f5771ed400000007dcac5dab41a3708aa8bc3d467549f3e8bf11259973a7381aa4de8f6d6de449b38c3859470e9052ec7f49ec1c6b55ac38bf4f244ca7b2e86e903a53259a23d4b	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

840 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

840 iexplore.exe
840 iexplore.exe
1336 IEXPLORE.EXE
1336 IEXPLORE.EXE
1336 IEXPLORE.EXE
1336 IEXPLORE.EXE

pid	process
840	iexplore.exe

pid	process
840	iexplore.exe
840	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 840 wrote to memory of 1336	840	iexplore.exe	IEXPLORE.EXE
PID 840 wrote to memory of 1336	840	iexplore.exe	IEXPLORE.EXE
PID 840 wrote to memory of 1336	840	iexplore.exe	IEXPLORE.EXE
PID 840 wrote to memory of 1336	840	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7b7cf5d2d4e6cba5ed08b013cca4312_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1336

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
06d53d91ccce04d1bde2a3ed3922bb07

SHA1
4766e9dda32ca67979561a7b2e68c3c7fbf530c0

SHA256
c5305310114cd4897faa055d6c1cd1a890e4b2879cae15f6a801c8a9c00b3e2a

SHA512
58642417e7c837e86c4ebe0707b3ec47cc24143a40d635585f9885bf3cdf068b3edede8d14d59c5e9deb982466d02227ea85ba14f0642cefbce498c533a24a24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ac0154197d6410d6b27819a0bf762abd

SHA1
ca9bb3569c524e3010f0b19c43810c4a028e5ed3

SHA256
40eebbe7642b841f4c145eb644607dc5ed3b1a2ffef786656600c9f680a1eff9

SHA512
0000fd57d8a4093795b0eff9538fcc37496db6c6578a181ed6b9cd2aff1271c38f79e532c18fb705bb60f08ebf16541c4903d9ec6ef74e3a8b064b786457f505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8796accbbfa5491b7a2e145bb416733a

SHA1
ea591aa769ceed72acbc3689e3b368a866b3fbec

SHA256
5b6c35c4d9684a6e353b0dca996dd5453060ec242f0df3113534e10b39218bde

SHA512
4af3a599ffeb75095495c8222adb4a2f54e8ef9ad80d83eb6b6ee0540fe9d7c03b0a0fb5d8902203d600d64342eec1686d7a8b3bf136a1f25616afe18e653305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7dd2c49c3e62f6538303e5f68aa74f5a

SHA1
b9d099569281a3bf42c4972e5d38dcf3f1097b24

SHA256
c5326ba64a82dc2ee0c5f1048dcfb5644bfd10d8d0995c137e8e711219792d94

SHA512
d6824e3f41d020308f6bc99d9070d835e8839b32bb94f99ec2ed5fc70d116d2bedf0d5f3f7e96e552ab3a8d4c5d69bb12625cc597684906fa2f761de67c3e79c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a1ee2dd49f7462aff05229317122ad3c

SHA1
389f805eec919bd0b58e163a2ece5992d2dc4d82

SHA256
71f586bdd1c0b4c939a8efa2da0adb656d650f5e382f90c9a9750f1677c890f7

SHA512
db07577bfb4c7649daf1678b45afd0f1d4aaadf9ab9c15a1b4782438e06a8e8dac86114eff20cad91b4ccfb465678ea1dd0f8e79748bd2c2b67a442a6490b675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
857420aa4f8aae83eb986dced368703e

SHA1
39cb6422e501e6179f037bb4faadcde7ed957dcf

SHA256
62711ccfde4287631323ff83afd1fe0c2da523a413fcb28ab43300c93652a748

SHA512
6e745f911f621242f0439885db14aedd2e7d2792694b70b2c1e40aea5795e793a7a0fc4b8580f88f5c36ace7d8fb164c042d337ad794d582a9a554d9e9ae09b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5159041699e5d7eee19464aa43c67322

SHA1
99d9219c1f138f27791c96574d4f25c09aa8813c

SHA256
762f2abb4fc67d896e02daebceff1f5b2a1f2b88fee3000b5b41be916c70445e

SHA512
fba601d1c244c4ae7d06578840860dad70ee668d7d91fd1e9f4360861c2fe4896b23c109fc6fc20718219b815aa93afb77ec249c15b864d4edfa6395f30f4be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d4749e868759dfe2dad0232817bae4ff

SHA1
cc479d501af8cb8240958f37c00ec906b9bfdbe9

SHA256
759142faaa48d9ea961071d1d3cd9695b0734cad74fbd1c21baf2b29107431dd

SHA512
23867178f3aa4bf2c1ad29cbfb85e24b6e376a5a2c3a296cc87865fd8e9dba6b2009a470699a1716c6ff01ef1907c31cd3a7e77a40f8c9b2d929411455e6a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9a6bd8d8530d20cb6c02ab01e422c250

SHA1
326925a0099c5023c348c3d161595a4be62ed3f7

SHA256
a783a347fa7b8cc3afb040283af648d1abe44cd87fa116471c3dd172d87186f9

SHA512
a68f2c2b78c1d175f52860399088546a9894c79c6720c98de9e6e664abd64fc9c39bfdb867dad5d39fa5db905b0089ea27f060f05b1d7b6725cf7e75be6ef404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0a1362c7d27419687c10c202a6cff306

SHA1
82ef95ffed949aba4ae8bee56c47dad986435ce3

SHA256
93573d1d36ffd0b0f30de846be94e071d6cd28ca5123977d09f90b9dc73c398e

SHA512
285b0707981cffc204b7418786434d9c6f2a1fc44b12e765c74b4721e8650668c76e7c45549f4163fb4010659415ebb587f7bf80d9629b569d956e4b859842c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b8283d0df0d7aef5fa7771dd3b263fbc

SHA1
75e3eaf50ce0d4ef8a4b43e4edc3d3dabadaebd7

SHA256
23ed2674194a136fe599bd2bbd16eda38e38d67d4a7995524329e911614605be

SHA512
2869d5841ee0bcda3ef376490a1f30237e84595961b871da48a14027f7c7beabefac13e8852ef07ec7b33f221110714852ee78bf24dd4f877f561b9f0adc1ea1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4fc25f02ad3cafe52cbe3c03478027be

SHA1
3d9b6f2874fb9840b1845589f28b2a02a28b3e9f

SHA256
3250edd0794b231e2aa75c41b150142d0a2787c4e4d81a73e00f02cc03ba95cc

SHA512
9dee4434a667f9901f3a6376a46a9d416172d47a6b7a99c229b313c44d14ac8e15a7fba5673cd9bf8be2aad3db4e0481717d5ec55e817b011ec9c7ea3f751933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
91015f8343466de40d7265b756068732

SHA1
f0bc1c58bf6663b07ca30804ad4c7fd978ed2643

SHA256
0c0990e280768098be0b432d6e7a5b89baf40cf19a8043b1bf3218099999588b

SHA512
1425032aa06cf87028b8a2e6bf6140a2140ddae786839ef7b4f596aa62a937ba098ba92d615e9b19d2b954844fbd927768177752d051956e41727a5fb2a6119d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
786239cf0b303c98932ef7cfb8d2576d

SHA1
f994c2a53108823b6c3671487b38147a3a52ac16

SHA256
4657c71f905ef2bbde26ac3b47ec3f5a9ed6af23c115004c48941d0ab6b5b220

SHA512
34f0eebb3115720c2e17d0c2cb5edcb1a34ba5c61bb5b1a4fb75155162af4cdd5a4f833050e39b1108ad05f7522f722d37b566c757c105411eeddb367c0fabaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5927b0c9eb4a925e3195f5b1709783bd

SHA1
ee983a5fedf5c71465f9c7e2d428c839618eb508

SHA256
e5af1bbddb6eaba1a60eb8cc9a593736f51f2318b075af7643a50af91335115a

SHA512
2c8cddf85dabbc676fba44a009902208e4fdb131534ec76b0425919e0baeaeb2babeb0db9e21a93a6c0faf3491440a0cbbdb797e142a0f8d4b903fba88285411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b971ec9e742566142d4e80c00cc4926e

SHA1
2972bb646b23f8e557e3819955c0ec4eeea69a9f

SHA256
5e42384664f52fd7ed2062043367d2bf0cbf846cdd8a65c67c2151ebb9d4c3ca

SHA512
5364e13475f5307484c16fdfbd8673cd5eda26d7b4bb718b32adb79ac18da432eb8b91b39e4ff7ed29b59dc95da7a965df80e70910624d33e750757ccc05519a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6598.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar65CA.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit