d478fb3aed2615b40a231a554c4049145c3e026429cf7df7bb97495b13cc1f97

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 03:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acb634035282045c845dcaf8b2c35524_JaffaCakes118.html
Size

461KB
MD5

acb634035282045c845dcaf8b2c35524
SHA1

6455151922ddc7fed17eebb3674cb3837a7035d0
SHA256

d478fb3aed2615b40a231a554c4049145c3e026429cf7df7bb97495b13cc1f97
SHA512

fb6158f1cb357a329851291e25effca7ebc0fb0dead58650f443a1d0cc9953dcaee4bf62b6eeadfd633d7fbb412d2f74f51e2c5c34213eded2454e01d0f84a26
SSDEEP

6144:SwsMYod+X3oI+YdosMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:r5d+X3G5d+X385d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000009c40749c535879f3f537ab72767a3da7895cdafd3cf4ade68280c81dc885b870000000000e800000000200002000000081f61d7cd587da18859baac278af58d041ac43341614dcfe12d1ebed5757e295900000009127d84b8008e21d9eb00d6b74fd33b029e3f91910b91674dcaa748f8d0717a6fe2c2aa9729f8b4c2eab7eeca2dc8e98898adcd0c6d8f658d0a2e382ae57f891b2b810d498f0447c1f90ad178c50eccd81d3ea590a2556d48e0a1608651f064eead9be5e87ec3bceccab3b5ed05ce5adb907a73c2bb40164c3b2429447ddf2cbe400951397cc70f24a0cc21e43c7bbb0400000001c987713aac00d3264fe74475830a4e987a7726ee107e092f2e62448beb3f7328af41ff35e8ed65dd2681724f14f20eb436453f421e00212796d4a6f75b63e77	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66302591-2AC5-11EF-A550-7E1039193522} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424583145"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a70f09b5769e0878a017baa6e7cd1c5eea2775dc9462a69eccc02c63971627eb000000000e8000000002000020000000947d9b21ad80f7b43a80651969f8d1ce01239038459a59d648f176ed2ae4533a2000000052d38eba1b70a75c8d5f0246a976bd2ba890aad69f2ea4b08b8bf46999232dd24000000036b89db307d987c7183bd83a1504c2ef2f1cfbe4203e2dd74f5f136b7b3cdd8b7ddd2ffef14e99fc3d229f3664b1110560fb8029bd1e23a0eb5509734b0049c8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 204ab73ed2beda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2204	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2204	iexplore.exe
2204	iexplore.exe
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2276	2204	iexplore.exe	28
PID 2204 wrote to memory of 2276	2204	iexplore.exe	28
PID 2204 wrote to memory of 2276	2204	iexplore.exe	28
PID 2204 wrote to memory of 2276	2204	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\acb634035282045c845dcaf8b2c35524_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42d50e3d7e8604df097010a0cbae3f88

SHA1
7be2f8259801a9db5d54001fa99dd9e4066b7fc4

SHA256
71fac266e8dcb1431e03b7d3cbf226a107b7cf4ba0aa6fa32a9ef5cd876f4962

SHA512
d0278729bcae61528d862430eb7fc64d4c48807862ac3a651a32dc7eaf414218769e7d876de7e8f074659c1ad6a2d0bb8d6c5af944a9c3e92fac0bb427ca4a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a5bf86bc209b2958a434025d5cae597

SHA1
e7d4c370e452533a94452235f2885c096d016aa0

SHA256
e865b26eecad8262b4f883f75b6057d7f5c11ba8d11ca114ff3dad3f9d93e299

SHA512
b1ce00fd3bd21bb2a6a33daee8f73490b1b00fa3ee04d5a7bcf7f3bfa78c430a1f0d83329474c338ed81ade9fc20e0e5500c0094e89bdd1dd03ea5cf9803dd2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f980bf7dfbf0a768c02912e3ffb4fc6

SHA1
67d41d0a1f2fc491a03ae38edbe0ecfc2c501a89

SHA256
f7c3fe05c56f52f31e1929c4f9c2c41fc92082aa3e8bb466aeb79bacd34f0d39

SHA512
3df08c1612f67074c02e48a0d807f15787fea6114c0ccfefd449ab924cf852e09707a9008928cbc6c3876a2fc7fadba5b6efba3657c8657b4b58158405094d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
759eec4d2d6bef03946be0d72eee0726

SHA1
f6e12b9d0d1e37b161ac700d6b81ddd7d3c576fd

SHA256
4003016b6517be3804f3a34d3910f15fbdee62b7b97c0ca66199e150f15ad66b

SHA512
84d1510658b4cd33e137d6b042ccd09168a329e841c7dec8edd75a5d8319263a2eeb497eedd9362d3a37eed41dcd0ff98d956fef28296a83ef39986591456ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5eb62165cec039563ab0c86b45808c6

SHA1
69dfaa797adec662ed31c53fb4d6e7ce4b8fa0ca

SHA256
58cc2a47719866a791270d0b084e4f02d8d22ef7a86558a48b9ee60fbdd3a8f5

SHA512
9ecca224ec03d9ba1808880362f6f678458427833de2fe33b6e2c934f9d784a8fccd4d4898336aa63749f1e2d97115062ce127ec001e3eb514fbc549b90e5147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae92e7bde834241842fabc597f8b2792

SHA1
65ade00913337777bad0e490a6d6ae0b5207913b

SHA256
0032c192315161f24782ffb1a4f50fdec3a8573b21d6b6146b8b2107fe3fd52f

SHA512
9ff4f1ff306f4b1c987cf24070f482c21bdcc04bd310488f86dba589a6d07a589b50c2d808c380137861e8fe3d7a08928dde59d608c5271cb7874ae2fb33ad55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd071efaa3e198764b31107c66675c4e

SHA1
eee14ec07017eb1a39c651c3afcedfa231867b58

SHA256
9764cbbb2f136b17e643bbd3a4c933a42f6b3667410ba6606b10cedf4512aaee

SHA512
1568262a36bfbb608e89bd4e8db9b75090cc0b60d266ad5ae44b9d303fcd9c20d55cf7e24af220be9834298aa69e3faa85b34102d11a2727880b15baeb3ed05b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deecc615cce1d90f08229e913862a222

SHA1
adfeb126f89af82023167aa5d130682126e406d4

SHA256
aec56f91feb52c8cdf029f41619b60cfbcd0429199cb8dbdec52a916b3179b77

SHA512
e984f34961ce7432b7ddb10503e2bbfe3350beda74285f9d83a37a6b007ab310e8fa275829f30ec18b2a84acca84bb56742e87873441f1a296cb4f97afcfeadc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e62758a3edb1ae927c4b176f86ca5f17

SHA1
7bc222b9a07f79db406e43b7dcbc1e43582d0c8d

SHA256
5dc961f2883345bbffec83820ec2421077142ddbcee5d828f1d2e73600a6c174

SHA512
4aa4a839a0ec599e1171965c67a70700e1044469c5bd158aaa9505fd5ac9ef9251d9c2f1ad1032c1c202044af78545aed19cde6d57326933d1d197b5c4d7497a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e49cc1c6b1cc41358a02034a2b5dadd1

SHA1
c4024041566d3278bde7447963820eb098947328

SHA256
6b0b73d44149812b8b0d8cb808ff37c15444260b1d57bc7fd349c8641cc0ac19

SHA512
6405ba2dbaa179a69dd82ee5d14c3369dee279c35e9a8da5dedd338da3370113a99c3a711fb65b03905047663afc3ca263cda17dc408f1f94d945e5d78f8e2fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d75d6fff33250560bcfa984554000fb

SHA1
cd792039ce9c0711e878f7d569a53a48af04f840

SHA256
24f476b45950eb08d7627347956330ec6759cabb0162e3b6a502669028046f58

SHA512
d84972d196a5bafbe4a16625fcb95a7fbac96746168126555ad858ffeaf9d5084ebaa2f4182155a890f42d1c8aaf7676fac1f4f45308d988192f24e81624e6f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d52d9972cecdce3715a2b3bd8bb061b

SHA1
ab6a63f805e8d3e493c2cbeb9b1a7a0c6b7ae7af

SHA256
5f28cf35f44954cdffd7ae440c5dcab93bff3a7ece9373124e3c96065a26539a

SHA512
397c2498cf30af15274a76ea0b1591c674e0e20f7974510c6331b1203c5e0f7c83bb44feedebf17e0e98ca042c9ef2fe4a2957ac93aea77744cb7900df2b6654

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88c59ce98e97c42f4421ca1aa460f09a

SHA1
3246761ea912c561f09ac32880e230c22b49a327

SHA256
39dde02dc335be73a45fcc5c94e4280fe19ad04003139a91732ee97cb6ed766d

SHA512
0e3df589b1fae2a4cb9ce1a343dbd0e5ac0f8027a479188ff99fa663b7b942902bfa3e52dc6fbe3f71180a867a73fd7a0adfc587b759affbf3677c1e30e55137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04dfc6d66f01e2b5683ceee0fe9f81f0

SHA1
f6c2c5179d48bc6941113c0a0bd394f659eb3586

SHA256
f22a43cbd06ffaab4d6e368c622d3d605273d3afbfd20db8be0bc9d97a7463c4

SHA512
140409fc970b2150f0dd5270f3410b62406ea62b0b64279ae7dacd6d5ac72410a8e1db9d881c21538f6be8c9462afd5947066cb8571463e3dbaa4360a3ffc88a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3898af01351f55fff95568b39fb4976

SHA1
51db258f3cb38f3a3420c24281401690d829a196

SHA256
693bcc9fefb82d615503e07bd98901ed9ba1b12f240f9c13e295ff2379784578

SHA512
c9e27596eb09ec7c6f414a9b5ae547cd788cb2fd467640dae046e065799c7a85ae5c0fcfea784088bc1a1836ac7f2acc27cd02a7ca478974dcf181b255cad250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
756c6d54017e8e911a7e4ecb157da1b6

SHA1
5584b139bc684c75a1722c9e43265583a4efed7e

SHA256
9f57ffd2d2be035ae8810cdc0cfa905d32af14803c44747fc8c82421af46108d

SHA512
b441731a9e6de4e37d576166ecab899b63152a2e7deeb7d465cee0ba8a04e4c09d0e3a7c93cf0816942cac3373a9a6f5222cf7537c02589fc766c5d00451d834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15d5b3a13df299102463d2d115bea8ff

SHA1
9786138555b2ecc538bd4183e1c2ed44f26907be

SHA256
bf7685b6617c4b16c60ab4ef971e06356b290434983075d6a1cbc2183b10d283

SHA512
bc0ce1ea1f40d95017b3d064f1e97ed86aa995d83bdf3c9be0b2aa4af85ba6e7cdea1f604cb69aa9d3ddf6e7465f934889ffb384e3cc6aad691f8ea82aea44d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab400E.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar40C2.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit