08163e2ee5d07362a6c0b20a9dd7fb854e27c565503b86889778afb649cbf92c

Analysis

max time kernel
135s
max time network
133s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ace79635d173a810d714eb24147d3633_JaffaCakes118.html
Size

461KB
MD5

ace79635d173a810d714eb24147d3633
SHA1

053810aa72b61eb843bb536e579403c1a75d60f3
SHA256

08163e2ee5d07362a6c0b20a9dd7fb854e27c565503b86889778afb649cbf92c
SHA512

121727af606e470a854cf024329a4a85fee1005a2b91291661aa04ceb2fee2dcf692f70a30c1d7023139db5c87f5e7fbdc54c6f3fd769eb57ca2737363bf511c
SSDEEP

6144:S5sMYod+X3oI+YSQ+sMYod+X3oI+YasMYod+X3oI+YLsMYod+X3oI+YQ:Y5d+X3c5d+X365d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701ed509debeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424588211"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009e205b9dc0fb5fe0295101cd8022e7046448416dcb3e3517a5b30c822da28322000000000e8000000002000020000000522e665b1826ecfc300d5f835f82ab772b03af8c89af474dacfd500b2e13b82120000000a8487514b064335d73f2709ef66bc9c3f7ff76190e038cbff78e42e6290988de400000001fca21a34b8670e7eff8cda56f7d65326866903da8c2bd1cfc30d13e0811be00400e18c9a4ba61303eaccbee9be28ed11a213c59727acfb2f3c774d9625caef9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e6b4899d76402269dd450ad7b8f02025be4188bbe2888cf3d88e775962d9eb9f000000000e80000000020000200000007c35b413824ff7afb4aac575f99391932313e937179affcdcd38a641de8507fa90000000fd47fa2b4a110ba6c97e026659a5e1d2571f7d7a1c29677bd61796e73697170dccc3006d07b0766c4b0fb99b61a491eb1606cc87c4f514d972a47544e836962e4181847b3b4d6f25463e9669bd8528bfff38e41a2b5a57f39b4c01f315a15390d4152ccaa2d9721f982952a43c0df9b409d2e581b08a6a0dff2a2d1a5a5d06417a96dfbb1d642c35f9684035f4715b3040000000021ec5a3edb29fdc0bfc44eb2c8b0cdddb67cd627f09127c7471a9ff656c0f0c760d43735a7449def235308de9c4ce8f318b1b1cbcfc11b18938746cc5dd94d5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3106CF21-2AD1-11EF-8144-CE80800B5EC6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1688	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1688	iexplore.exe
1688	iexplore.exe
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2100	1688	iexplore.exe	28
PID 1688 wrote to memory of 2100	1688	iexplore.exe	28
PID 1688 wrote to memory of 2100	1688	iexplore.exe	28
PID 1688 wrote to memory of 2100	1688	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ace79635d173a810d714eb24147d3633_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58937c03b11487865d0c86a2b139b12e

SHA1
e83a3e7e12812c3f380db6afda212f7b6e2d2592

SHA256
3c4efcd8811192c032853ad60d71a6f5f795a5e71b02ef497cffad48ee161d2e

SHA512
c7fbccd152a4c9c801b9c4e021b1ff883e730dc2a9561344d1627ab431837ee6600a2a60334850f9646fe794bf1f0112f5d33b2a397883e055cd39c6df7d5999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17b13c8bceb64f508259148e51af2e77

SHA1
0c946b6573e6d743246175c728a68fdcc41191e5

SHA256
9024735b8b43c634a98f50bb55234788d494c260c38ddb941d15779a8e8b5890

SHA512
89c982de08aea84af7163ede1ba67d8d6a4dca4bbb2765152b2959b1515f23f7c292d4d290e29f8587a81e743caf405b4ae45b9ab12b6638ee0e07292b8d23ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
252df6ad07835f7a8fe6c4d19d464bf9

SHA1
0d80230097099e9d627083edcdea3c8087c0bee0

SHA256
f3dfebb2ab6a8d06dd9561b31daf9b70836064dd63afef95dd36d3944798beb5

SHA512
e52a414def7b635f89fd98c53e77b6cce76f662bd7794cc18825ff5ef9107d77bee97b17de732ca30379ca04c2cd9daa9adba379435f525a8f1e6e6189d62767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2976d966eca2bc52c78663fce2b3be0

SHA1
8fd2ffb3dd87798b171167f378bdb6606a186bbf

SHA256
ec732cb0f475ae28e17104fa70888330e768ad06c5d16d17168114147aadc906

SHA512
edae6acac6d7f69553bcc0f1edd489c55e10bf57756f73ccbbbacd1c73c6afab58af0256289483aaa74fb8dbc5e0baca0bffb96b715a387fd71cb532ada54367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04888a0105c3f58f77103855a6c3d867

SHA1
6085e149d5ad546b96986834ab27672f6ed12989

SHA256
dcd1481724c57760bab137c01e3097fbd5ce87b3fe7561507b45396a97905b2f

SHA512
b7369403b80648ad322b4e0047ecaba86397e33b48d49636750144814b71d8337ca48fc737065efd4a3802761204db4fc1c8b11099a5511bba401f8efa278a65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c322d4aaf82ca1b32c47df8bd7b59a3f

SHA1
be9138268cd8fb5ec9cfd5a860882eb6578595af

SHA256
66a59cd3467523ae286d7512e275436780a112b5966d5b698716195419276362

SHA512
f14bc4123298559cd39e0de9752c4f3daf5bb046ba52d55c0828df1130da8e77be4b72590f8f943a282758e47e56cfb3fc16477710ef167a90f85e199225faeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a762c6560eeb3ff14cb667eefb81678

SHA1
ac69382d610fa7b9c36fc21907467863862c6387

SHA256
d01e9ea87934e2f32cd61f1efe2915e1525895cf174749bea6f873c11d68758f

SHA512
ef459561fd44878f49cdd1614f6f4e2ccfe81629198076cc63db4bf78c8f988ad79e44395baf8c5d57e452a0aad9a9f3df9f90f583b2ab255303e2782cd5aad9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7da5967e3610c14b3975cc272ccf600

SHA1
c4f5a2b40f4b15b106285e97168fb2000cb9207f

SHA256
986ba22240ce2c7c505435e3c8f7788e9098ab03de9c492be24727e367c82302

SHA512
83ca4793f08a91da0892e9380eb451e3111637531806dab902d677043f21ddf295a73a23cb71ecc98d575eb1765716205130c26421cbf2e95181b52229614f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efb632159ee8c35088d1e3b08ae9a4f4

SHA1
8cf8ac43aaede8de8f203a7158ec761d1506e55f

SHA256
fec0e1d535b63d54228a3e7a64a6ba11ab462bc293c8ce7f2ca7e5e9c3e6c928

SHA512
bfab3906fdc0cb9ed2329226dd0728278f3f823c468b20ecc0936305ebadac705627e9fb37f036d6fa5da7e7f91a455df6441c7fbacef7d16a7143687f472973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa8cdfc9598f2d1c39fe9734d9a8d87c

SHA1
10da189969c101fac141ee826529e4523a92e00e

SHA256
583ba9c0d5f6935c5f659c095cc12d4fde2d67bf3d6cdef2402816e157e19e3d

SHA512
b60f69ee9ac67cd1fe602bd6c678df1357e37fa07a5c718c432e04554f999879eb08d5ec7329aded8f11c93c5fcfd415161f2ff2dea216ac7307419ea1b10ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca6347efab1a741429939cf12db3f168

SHA1
fa9f3ccf394c7e035bf01581bf1306c8e37ce314

SHA256
bffa33767ff300da113d87736561e3845287ef3e4f6de385b8ad11b48df4f267

SHA512
c2feb3c047418fb9a378f7d315b17b48f98830e7d4976c8ca800a8dcbe4cb6d21d33f60306eedc3b66a0533b342647aed82f7d2be28a5b452a8671e4f4aa804e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd2284ccc2f7460c8f38f589566fee13

SHA1
4eacd3a5f41ff0a69eab966675b0e91ba1cb2e13

SHA256
13812e82b1e4a32b6d236e4cd3416656f3e9051cddb592785285c7bf8ad72622

SHA512
6126c83f6215306cb69ddde2e42a9fb6b96c7956c99908596853c94a15e5fc528c7c67e33d82ea3e74f358ade05a62730be5adca572cd0b8b77cfe882dca1512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
690acbb05ee92d82fe7ec6bdf962a2f6

SHA1
ebefc1d53a616f465a2741b92c46e5c6fa5189cf

SHA256
0365a83d9590506072c0de1b47322a5ee1ede9d8a3cfd3327ff4098c96db6a33

SHA512
8593a9642b9a9845b43b138f16f264ce2cd3e97f8af775275664530a793ac1bbdc909c0e0dc46d4fdb7b7f02a68ceb735070378d06d91fe8d875fbeac5efc988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d03f7f8b856bbbb08c7514cedb6e276

SHA1
965432d8ae3ab789065611a53debfef0def58f29

SHA256
36c7fe51e010084f3ff1890c387ec0b7e09cbd308e2e7dee3577b73a9f2be1c3

SHA512
5b1b4eab0c7343359f679cc22357cda06638fd795ee13d243db51ab0c8ed2cb35cba4bcf2d3a2b1af237a258702336131faf830ecd263cfbb6aac640fbadded5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4104018a440ca09bfa2f9625fa9045e

SHA1
3e0bc363e74792599529e6f466d3096d0f47288b

SHA256
f0ed4344ddd7b11451ba870edb1e851c5ff72cb78538f5acc6f648a1eb7532c1

SHA512
012fdfcc37a4280990f9212cb8c5cc23ab18b8b03776284bc6bad97023992704f7377ea57cc0a19826ba9a97dba8b21451762eea9e50d8b9733fa6648714c256

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b1be69e7b422418b62eae40abb866f9

SHA1
89a8d1debcfee1a6e4e7f2cb2c91726c9f7b4d41

SHA256
b28843fe9d5c32a19321ba589e3426c4741afffb638712678a0d79bd0a35f510

SHA512
47bdc6d6377e0687864cebb07c8961faaadc86b8c7f83b2c501691d09a1a675544a33f8b2c664a826f1461521b65e9e1ef7c37e44afc18907ab1c21a9316d0e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d30881e88f02e2a47040053c41880af4

SHA1
53022e783d9a22af702d7df1b5d140a758e477f6

SHA256
96e2815edd1549d3dbecf8c9a2c01e89337413e9dfd164faf4b6c10520f9a709

SHA512
16627953c7185b7bee583c323ab0c270c5e7ae03b17f867d09e06c77e061c77bc5b784cabcb586bfa3da67504be2336b97a44c639716d98bfa9542e4a1592fd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab895D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8A2C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit