1df08af6317e7492043511e90b77f622556f7b35eab271d601a3dd2f2eccd59f

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab4d24e0d4ac17ddb0fdd3af4bc4a66d_JaffaCakes118.html
Size

2KB
MD5

ab4d24e0d4ac17ddb0fdd3af4bc4a66d
SHA1

01f599c16ea774ac4717e6064ea75fe4ac4c33fd
SHA256

1df08af6317e7492043511e90b77f622556f7b35eab271d601a3dd2f2eccd59f
SHA512

62ceb63d1bb2d8e696f16c1c13088ab6d8e04e90130e4cbb08eea96e1abc1baffe0a9fa72bc7e25c6bff361866bd076e051003675b1ad7116babb02e96519927

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424558515"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000014ecc97bac0a1590d01e818ffe9856edc7e93494b0e547b8b4d97d374254d47a000000000e80000000020000200000008f4d9826a84d670d3cb0584b354a42b18870821167d40aed58eb870bef534b60900000004e3b20beec0eb7962a6d58c6c411a92f1d791bea0366471fa23edb162d90c592d4a0c2c6dd3aad0da9081c530fdacd2aaa0352dc71e8742fbada5922ba0be0ab34291455c205ab5e76760cbc910fc1ff36284a5142afe9e6a1b8dbf0bbc278225545810747936fdb4ceefdd45958b8a3ba83750fdf23c49ef5895d5c567a5a9521b1655747d5e77f8f721a59722f40b0400000009bf6b6545ae97f0cd494cf4e1e19c5e17ffd8aafbbb32c6630ca9d63df85a1ffce1a7b7e76a51362108e9907a13359669fc344493b4eaabc096e3b67f6dd9af7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000dc4b5ccf256d77b0bc3dc419fd571d90cc58567746b06b7afb1c1797649c66f5000000000e8000000002000020000000baf46a28d2e8441dc606dfac3cd10cefc685efd35ee9e2a0174123bb65fb64ed2000000032b3c5c3114299aa234555322b792c4e9372cadacc3681e6194d6982ea971b724000000058bd59b3a2b6e397955975e6d34f4983c44c1b5cd820e48a4f3d6b9c956b4e908f27af827f064fb67f7f100b9028628cfd1fcd73ae39c2a000d6c3065296cfb9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C594621-2A8C-11EF-A243-C63262D56B5F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a7291099beda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2548	2000	iexplore.exe	28
PID 2000 wrote to memory of 2548	2000	iexplore.exe	28
PID 2000 wrote to memory of 2548	2000	iexplore.exe	28
PID 2000 wrote to memory of 2548	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab4d24e0d4ac17ddb0fdd3af4bc4a66d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d008e2ce9ee873a27d7f85735ee4063

SHA1
0580c15569df83b5ab63b6c2dd6aad6fcf284096

SHA256
e40cd9270c84f530a2c83a5b8cd7c8852a6e364b1aac14396ac3eb6a021b1f63

SHA512
5affc19aa14fe322dff9511f471a897fd3718eae1ffcf9092a6c205ed0baeaa4abfb629d844231854ed3b77c68e41864e82256e4cab4ffc64968641dba00dd03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b2658473cfe9b65cfe5caf2514de988

SHA1
a9d1c1482a87c2701d999a630059f20034c4a646

SHA256
27a5c777171c809aeec098f55838e5ee04040fdb194b1ff156e4c38a003d9397

SHA512
fa218bd3fe92b1f68bd5c223b6c68576fcfcd3e62e0a4ae6b1bf5cf2535700e86949d79c66592a8d63270231a0fcba3a067f851415e08bb8f65dde85c6ee3b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c7bb88874c5c2e9237c8172cb5bbba8

SHA1
cbabaea8d26e6d13b408d39fe0e49be1c049208d

SHA256
46aac558d11033f3f36d797b57cd66927485ea8d08ccacf119a2b0c63dc8935e

SHA512
49445fcf2b0cf3717def14983e366e7ef43ddd0967a15a454b834e7914a1c5f6b9641caf069e3d0f1f686a0afeb26ee801da4663e3d8df6e2c72ef9cd6bc6cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
658ceedd1845cdf85336b5fff8497d48

SHA1
e32f57660f91dab848c874bc11ee617664b0db3d

SHA256
a383dadebb7b855b348c1a87b0a7b5abf46a7decf1c6d1509514aed637a878aa

SHA512
185e082265d4c20a1b33f8c77cb07ebeef8afef97bf7a2f4a38814a8456ae246b4270ece59fdf5f4c836fda452f67cdc57dc397573e3dce4a5162d75edc17f4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc244148f4afa8e54384884aa05462d1

SHA1
e59325226bb0bb02f54fc18a833f5b93af1b8ca1

SHA256
7b2a7dc08e0daeca404e1ac7ea1853c00144e0787a6fc750abd3401d4a5d33fb

SHA512
829e259902a59db3ea1d75a653a893e8fb6103d4c8593a27c55a2abe599a06fb3f5d27d8e62491c8bc078a02b3625105bb0944676ea48b11bfc7e279d2720328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63ca6809ace769174b9f22f0184aa026

SHA1
0e0ccbaf31a4bcd7f0af32d663df97885945297a

SHA256
811682c7f5ebab7d7922fe20603e5545218141a5bcedb57c714eb71d7a36c8bd

SHA512
fc68ce58dc94d23cb814b34d2bb08b51341de55b422cf60feb77844af09bf36b75ac083bc760ac7cc4cc82c1d93b44c68b0b0674b579ccf177467326c7e0506f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cce899f30e38ffac01b912128cfdb4de

SHA1
6b50041df65525349e561af8d32151a3db328766

SHA256
c38b82c5a80895bf5936c62146073c6e0140a7ca281d0753566bab7af919184b

SHA512
35f621bfab512c745cefdaac6c31e38bfff2d15ca65e2da64b152609952c53e82138de78d79a341c968f3f68c1ad6f744f1fd13666fe1a608ab431f7d44b530f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cc2cbc3222e150d9b0008d420fd8cb0

SHA1
c1ec458a5116b8bde9c025af031a5060639a47b7

SHA256
9d13d4dd032f73e491d543aeeed18436054c2f31bc064eed834aa69fb954bdec

SHA512
22bbf70a3a55c5a09c20696ee9d43181679337f17d95e1c33ea4d4f8d7d808b006f333ed0cc7ffb819c66b6d879cff1dab0edfea1e5f069863bc1f9dba6bd432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3567636a0caa56744ed124e40517bc1

SHA1
3e54f154b9018196824a6df184b4018b42ea5db2

SHA256
69fb08e2f6c0cd8dfc9e2db4ba9f643f171a77f89e8273818c73368d27a46057

SHA512
13423fe395380e2deb5203fd840597f2c09b5a839fcb91afcb14dc684cb5e42ee4886fd0c2b4296b1a404bb10922664e0db7b76500f42523d145246c43db10ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce82659331fb0ec28398e67a595d2893

SHA1
ba5bb851fd20fb232335c507a2c0afd61ed7267e

SHA256
475d8096d96f9ca6d3265c362bf1f0a3c2353189ef95b07496492fc4002cb0a8

SHA512
513a420866af83b6749baa437f212744f119c10a437cb320f3b7fc3aaff373f8b5685215431c1789500eca8fd91526968df7a0cca6351951f7f60ab8a2048a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b1030a7b9faedb375c584a0ff8de30b

SHA1
6ae4c1201309516ad6370a8feb46caa681c5dc85

SHA256
eff466ef95097df59e16f2a2f069453d7080044deb70fb6009ec0343f106a953

SHA512
6bd071f70a1e8aaf18be4d47d38a5ca4c30c3f1191975bf851602cd2d8cc998c946566d24580edf13c69c474c41489f256a01f85bfd07d239bfb7dabcd34bd1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
224afbb734c728cfb92c7146fd5f7dd3

SHA1
328bc9c9a17bb2a45a6df23366880aafb7d17036

SHA256
038a44fa6841048b7f3ec7b4f0d7f8546a2d350be1038a725717ea51be460b4d

SHA512
fd19dc47be36b78febd1dbf9bc596b8c4f8a4ce0c9da3b55bb2f3efabd4d8e25b39a69911d08e2d807b104d87374b136834e424d1efe12c754973df0607cd7a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5940aa9e837947c78cdea366a8e76243

SHA1
c47c082136a8e96b44378d1d23b811eea9e16cea

SHA256
84ade727729b3e7b38d802bf4f1331ec56c7b6c36ae9c5c4993cf7971f55c0e2

SHA512
7690585b4b4b8b0f50f87d0e7a55ef647c3e4545dd068e45f90f414972f23d48eae109f8f8cf429c22a1f3a797123807fe7cbce4676eef84efc9eddfd5391ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3eddf9097e8fa6e295b0a382db7c9f38

SHA1
b0b7bbdc2ecbc77f2410dd72f8b3b1a8893b05e7

SHA256
41b9330deb4927ca9802bea4e5d267f15ca3a0c077cf096dd84c98e1513f32dd

SHA512
8eb9766b09b6b262cd8e240a0a2bb1bc58a17cc3c8daf9f9a43273ee120c7751dd8143eedd1f94d07e3fae0e2d3db12cf77d42d76d4c641e3bea50746e16b94c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15a4329e1cdb1d6db18db6e157ed3c06

SHA1
85287c68a1a731336050cc4c69ba40b988d83492

SHA256
5f498067a3c7a71b4815a9a67f92997680a770aaa6b3c3ae100e5813c48ed4e5

SHA512
da3d32370aa33b21d37ac23e7ccdc9a8cd8d87bcbd9c414e8be704b93ddb319c99f401012930c5a196fdaffe32d00e13e46a0ac0393964a7edbce6c8b116fc67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecd7dbebf53c220e4a335c90012f03e4

SHA1
fcb4a4a5862c40a80842eeef6e402d0905eeb3d2

SHA256
203075264017073464bb0cefcdf3970269c2af7bb0592fc3af091d2468059b8e

SHA512
969f5e45df30b804f00531e09c1478cc3d7753216c20d5c6bc9aabdbc68b38ffa2436a561dca8ad7b2dee18db59f4db0ce615ac730187a0b80ef3bf83fc0bfed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bb3d087e4f9d5b2e32ba22a3d6b8aff

SHA1
8a7a01630da15bd934909a7aa25ebbb073cadcde

SHA256
b348fd17fc87dc2ec6f4b7b9049828bc2ba5b74248637bbc3a97218c15a190dd

SHA512
9a2d49ecf5f9538fd9df756d48d5dd5d4aa2a184363bd59587f9fc6310cf54ced570afad1032422fc14fbb685f0f7a793c261343166c6246a0fcd419336a0dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7ec19fe28d95055c53bec91b036460f

SHA1
54fcf162c0c457868956f4d318d4ab62b6e3b0a4

SHA256
8f434620a7d8c5f2def40eb95a67cc0bb893d07298f14675c5a091de9ff2e9f7

SHA512
cd4e0e85f066aac0b1c729de43a1da6ef830afc656b0bbfe8289b3684f22d923b38e68b3524f5b735c4fc1461d74636a822c60a5c14e909479588dda2c07c321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6171.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6232.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit