1d6d8fb78b0a76444e54ebf4c06daced8ab61f7cb756882afe7e2c0e56b1429c

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acf8282962a0a15c36b64090b67d87c6_JaffaCakes118.html
Size

4KB
MD5

acf8282962a0a15c36b64090b67d87c6
SHA1

2d4eed65154ed88abcaf4f513112dbcb77492344
SHA256

1d6d8fb78b0a76444e54ebf4c06daced8ab61f7cb756882afe7e2c0e56b1429c
SHA512

67bb49c0a2d7cfaf1970bdfbe6dec7ad115b0e50921b29c1a6031ac67a71275841dbbd34041f2f5314596a8637be71f4e2c689456f3c5bba3bca7b011ddebfb0
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oRSTd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA0C7EA1-2AD4-11EF-B848-DEDD52EED8E0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08b28afe1beda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424589785"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b125fce019f59f27a81119050896c1e1f590477291346c47cc1c68fcf79be63d000000000e80000000020000200000008ae5aa122fe8509591534ecd4399779d2246f822ae9d128b5ee0388a76bfd8099000000077b6510ea2657a02bac59a2ae732102a5c7cce8317eabadeccdf2caaadeb53e2b69e107b64bcc156395ea198476b2a03bd96beda28d10bcab39ba8cf73072d00559c08f01f9602bb2480f73106d7522c8efcc7d8e985c1251ca35e2cf1bf43dd818ffc7bd5afa2bd2a6b303c21b6bdc22bbb3ea67e5290df2a9edb02e8381124966407a8ba4b66c00baeac43a8017bf940000000d6ae2afc7f76f255feb8f8884287c801a025c97140811d10e5ffe53aa895657f6692b090b480d2cd2b5b3351ba78506e20f4840cec0112ee4d9f5ab318dfeb41	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009f0f9891069bccec3ed8ecc3d0729117b178bd82a627132ccfa249f4b40a6cf4000000000e80000000020000200000006dcce1457f8ae8b854dd6c47cebea930732accbdd7eb261548da4d0e9353bbc3200000000cf64c2a7f52a4584224bbebf187db48a03671ccd6d6d078f4416be382ca3673400000007ee7c6adfe449d9c24877d967dff382c2859744a0869fcefa870a6a74712a17e6398eeaa00ea06192ebf1ab5aa68100bce25d8fcb6e0936d1c19bb15209fb1d8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2080	iexplore.exe
2080	iexplore.exe
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1936	2080	iexplore.exe	28
PID 2080 wrote to memory of 1936	2080	iexplore.exe	28
PID 2080 wrote to memory of 1936	2080	iexplore.exe	28
PID 2080 wrote to memory of 1936	2080	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\acf8282962a0a15c36b64090b67d87c6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b4ac2f611c74c1ea010dd3ca71640eb

SHA1
9b4501b93de2ea2583391def7fe4d681ebda858a

SHA256
ba26d347c3bf0c4f4fe02d10fa06cd3af0c45741976fb329588d0653be55e741

SHA512
88a3151b8e2d447ba41887d9e94ecab3d3910b7987fea7d4337ae47bc088627d2e511b69168940bf4ac439f163c28f88244d0efe7dc1a338bd223d341a9c25ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c370cc11a112e71d4d186374eeff534d

SHA1
20ca93614a2a22d87ecdd76faf5817354776ac30

SHA256
db1a8e5361ecb64657776a75d87f301feec36ef7b7a61f07f99178b39136c1cd

SHA512
591a7c4cb2f8582da90745256107c85455318e7584aa8203e9edd3ac73da26198e408ec92ea510fface738bbe7bd522de4871235011422c20257d411127db0b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91f00dbc5da3357314efc5246767c019

SHA1
62fa6383faa26b3da55ba5b2184f91a87a45acd8

SHA256
d805d5af84fea714ffe8abb17aff985c91489bbb8ca7494e7024a50cb4619edf

SHA512
a479e504fc1a48f534ab578abda6cc515a2c6ebcf02135f62b621110cdb5c878d5b93227627c145986d3887803b83908b7c46c5f9eecc2129ca7e736b61a908e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c671701d8e7694113ce5c8d98b593c5

SHA1
e05c861d5af0731aaa6cc35bccedca0801cded30

SHA256
bcd1c2239919d25598959a3a45fb1b5829556a29d3dcfd905ab49172225b5df6

SHA512
c772d9a76858c43d9a815768041b7dd17f1666ac960706f720cddeed9ceca2bae8ae5846550511a038de4359c229ae2e32e9d93efe258d77bcc4cc93eb2935be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f71d05fd69b7f6e6d5155410c7fe8d8

SHA1
66d776d1ccd9f8b41e860f20c3dc7a578964b151

SHA256
f60ddd0b0beacc2d1c753df817d7ce18324bf343c68fcad46a97ea200e9c87be

SHA512
09117dfeb71d3f8fe8c79d6a3bd930c11bf616f71f9a26999bac9921532e268171402ca89d34e17b92a2358d64248c74a5b7bd3a0371d58a59281880efc3ce81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17c6e881955dee37d769037edd8cd740

SHA1
93ec18c9558a9f6c508c919adc9bc087f68e5902

SHA256
22db6fb0625a0aac12cc2b75832c7344660ea4e016c54ac53d507afabc7b6ce9

SHA512
04f12939ca429f36982218125512b9e9074218f43ad70d32fec392513e97ac36d337d3bed89f918aaedceff20bdb710f24acf512a1cd7c2faa26abe36d3fcd14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47cf13d990c4c9abf14cf646fe9dfe7e

SHA1
945c584d28db6eabb1c8a44c6256c10f6be29fea

SHA256
3ffc5dd6040e43db18f2a0f364857e19e451e64c5325065ec2fa3cd3a787d4cb

SHA512
2fcae9de5aa72066f7180bffbca8b8d5039d5125c90c07a725bb84da52ce14d270695d6aed6d1ee122349e3243964fa2d1a5f0f6d9aeb1cc2840d5b3fdeb3825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d0be6380d69ba9e64ef16733566f4dd

SHA1
ecc560999c59311d0d380ca2e45e1d930c1e67cd

SHA256
f67b4061ee4ccd775abd13ac1972099ed6d3fb36dd47417aa71ee115bd0e2f69

SHA512
409d1384afc8c0bfd9ff212e369a2ec4bd4a4d964cb87bef601d3e8a7f543ac5e24d718898c79c3b9b1d4f3fc6dc6fd4c83a0cb01dceed9cabf565782b5cf156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
167d70e2025775ea7efd5ecb4a25aa14

SHA1
c39ec3400d8bb470ca40bdab473e2dcdc4c8a9d3

SHA256
f8981fe067cde6de11a33254de82d3208f15d1fe41bbc71f757809f45eea8c26

SHA512
96c2c3bc032237853e2639eef56ee9a57f7775a588103eede9d82e7b054540c805653e5d093706d267dfb7552b86883b02311a4bf96db41b655ab65f0479bcb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c13498558a7320fd00226e36977184ee

SHA1
8a49236d9fef046d5497992c335dc9d219cf827b

SHA256
046fc6bcf782f40735a86f142a3a370cf8decd0261d3843cd6562fd597339e59

SHA512
26feab9b1a9aa3214244528519796f766f600177909272495362c9cc076f124ae84023bb8cfb38bbdc2744370be9c1ea7b3c502b1209452d7f199aa9340d0951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbf098a2c292403881dc808ce89d744c

SHA1
3d40e4f0c9838e8e38fbd6157fb86250b37b33c9

SHA256
043953ed4a75e81c3bf41ae30e05989daed1e13462d4df93ae83a4195f7214cf

SHA512
b483b3ff869ea3b0860619861fe8781edb38f5463542210b870891b30f75a2b9805a83c5b241364d4360200e9e285440e3e58f2123dd9ce74c47e427b4278270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5940f0c266b49556a7bd372eab82259

SHA1
e0c2a9416dd537ba90ef85ff913d41d1e647a81f

SHA256
48fd1d8ef43fe8c754bd8b486ca0e0637e7383452e84cb745ae145cce2d29bb2

SHA512
8635a20bc5db26bf81c6bfb06faf23ee3e92a5f701433fae9ab7ccd3bdd559b6c0bdf7f9211625bbb651f52091555c3802c32cb8e6ec58810e104f9763758b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc47af470ee3054d14084d5e1c86dd4f

SHA1
6d9713bd5810621caca28201e191858f6a20c210

SHA256
13d6563321b1c937caf816be6ecb4228854edcf2ab7830a07492b50af9c6de70

SHA512
7d50ec20e8704ccb1fb1a8255dfaed8b107703e979b849c02adcdd939bde168df8c550ebcafd3c52641f415509a1a4bc7594acaad82d0273896f2593eccddb80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43844c1f615dcb039aa5b427ceb5199b

SHA1
a3a06dc34ff69611ca643fa71a8fce5e15d0aa86

SHA256
b573c5dd348478649685dcabac1a3e39e43c0ca9d4967d0d536c1018e681279e

SHA512
2d806cf1a96d7dadbb9f1037a82b18b127ed1031612f80d154b32c59664b521824d86696120bfd4979b9e417abe908b295b899dca8c58d0d4774d8d89c042195

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0871359244c0362907dea958a8d24ec

SHA1
90025aa8b7c7418f7de2e5eda579d13c442a8d04

SHA256
5b42cbc28be3f8354907bccedf46e3564b2a51c15de4b5f2150a8d1bf92efacc

SHA512
f743f1e34a89ab5a93401d4e4514448d01fc6a6533edec8051b784cb7b6634337c283366fcdf4e12cdf0e010bc69cd7d16fdd8b2507c72c5601eaf8a924d9310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c5bb57ab070410ece278a932bdad2f2

SHA1
2b4e702ae2d0c2d70bc5f493a16b6a76844a7659

SHA256
735d48c37828fb40ab65249458f315add381b080f9dcab1046e4a0da82494598

SHA512
b5256563389c1e3dee54b68780c926064f6754b89ad532c1be898e9e56dbfe368833c6732a260116b2ce09c41f0e0883f14b82f8de94d33bf133f6ed00e9da76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f19dcfa83a3768c4fdd334529411e54c

SHA1
2d14a69bc9b5aa4948b1788fbcc2bf51f17c5452

SHA256
49d9930d99710b0b2024af7f3bd2b4985b80838a11e7ad021d6cefc764dcd5de

SHA512
e478c499b1c6092a7d42f7b77c3ae93dbaedd6b2a97ed340f64f0e561ea6ad3f6b1502874c1fd81ddb4e4ca62615600f225e65a5e79fa31198a774d975a9cb02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7330.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73DF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit