e8d6cea0b4c0944b40a6b1d7d6fbb2138eb5754f5d0ce4fc3c9aeebfc86c90bf

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae0952a6646db07ef13cb6d542e0dd97_JaffaCakes118.html
Size

900B
MD5

ae0952a6646db07ef13cb6d542e0dd97
SHA1

e687766a4589e2455f83e2afe874497e10e5fdf3
SHA256

e8d6cea0b4c0944b40a6b1d7d6fbb2138eb5754f5d0ce4fc3c9aeebfc86c90bf
SHA512

c35746d9dd66f64725301f89a266a8038c260238f2fcaa4fa0d422d820e8a227b6e8036087725314023c6c16de88d36b0d96c84654107eaecfa370c5044eb2d9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b7c2716e7aa94500291d4efbed662ed0f7620a59e3bc3987e74a7e69eb3d3815000000000e8000000002000020000000b4cc0d41ec0b05503a215dca23594ccac7bce86d9f09a035e486b7a750011ca52000000041e6bb9d96d9c9b37bf104c323f5ad01c101252242f7bf3c6ee6f124d66e895e40000000f4d9d10d4242735f5f641a7e2f06276e04ee0e0cadd4a4c9f3c737cf262eb1f56f39eb355a4fdfa052438a9da0f960f099684ab7273d825c8685b03986f2ef85	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06e29a110bfda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424609947"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB7E50A1-2B03-11EF-B98D-FE0070C7CB2B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000eca822f117aa6a3c8867a8853d51db01629efb80217483645058da015edf6def000000000e80000000020000200000003fa6c4c8e5678fd5c7de84a63b61f61dc17fb058ab9e63ae0656aae59de2f7d190000000fb979b3fd6f11d6921227c07d0df771380a950db3763727cd08e120b6928303150f241060c8dc52d9eb0372265fa1394bfc8ac8fdd8e70c3c2d004f24b7f6b8694e2d9de1fa5bb2617fcf0a3778ed474e284ecd560d24e4469ef4d7caf9c78d9f02430b57b1a3cf333111fa3fc305e24c7f8d315981839ce3b396b1934aac8299eb09d08f6fa2314d81d69d31fc2f5804000000047f3d27e2507741d54a213be28d63547c4e07e11f7beb41fce73e4ad7059392ef9290258dccbaf2adca16644d0940a770ecf590d1d9fc7ca83b09be3fcd32273	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2668	2224	iexplore.exe	28
PID 2224 wrote to memory of 2668	2224	iexplore.exe	28
PID 2224 wrote to memory of 2668	2224	iexplore.exe	28
PID 2224 wrote to memory of 2668	2224	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ae0952a6646db07ef13cb6d542e0dd97_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ebb476a46ba157391b55973cd45d35e

SHA1
811951dfdbde03d26c1038b8cdb678a5105ef9ff

SHA256
adeff23c99ccb77b630e8d98bb4f4a15732844831b3271b91a1c4b74ebd35f78

SHA512
df8836afc439b6d199fae6bb476605d511555306c9d720748bab93385369159b5d74ea96becf7e740540a3f95b32a987224a45a972425f387a15189cb6d12bcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
083f4a58a173ee6dce7632e99d96a08d

SHA1
635af4e63bb85d718dac5af3236be532e038563a

SHA256
4374d1734343f7afb07d3c2024701cb057944fb631561b1cb6654b01222b0628

SHA512
f3f4ab414dcda62e059708629f0fa98ab6687e47d31e3b40bb59e342fcf3dc9d87bd334fe9185dc99171b72701c999e9039a34da2a83212f373809f34721eec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eb84db0971d1b1d8660bce0757fa928

SHA1
5cafdaf9ea925d9b5852b4dae0735ac11a14c23c

SHA256
67432cc9bbf931507982352fa8d6b4ccd2d24ab4459c341c8e99cfb5f4d33b77

SHA512
55860d7458cc47340cd8485600dc9bc2d1278d2271f4cf721e0531e61f4247e59fbd6a163091e64ccfb1a41984d6538859d0f58c205a477e3b7cfa1c774a742c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc1a844c122ab6714a0be6aea68412fd

SHA1
7687bdf61915480b2f507f5b9d1a8a7cf6f855f8

SHA256
b06a33f2438ef77361eef09d20f70f6206249dff836e3dad4fe0254900cbd26b

SHA512
4b41520942a7487091121710c443693e8898de3334ed329a12115e2d197b906af2c54689b0e5432c2966ce582f57f2556d90040d9f24252977258e2aac86a424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e4703ffbd327d070540222fd44fa04e

SHA1
7e5427ea33e15a878ac66c12fa0744da12f9d8d2

SHA256
3947306d67866ce04b6c5b578cf5b2eff5bad073c87982384665454efbe8ea1e

SHA512
d7f7036a8488760c0794d256d6ee40b911e5742ed409429b007b21cfa75c0ba351ff7c6c0c0c42f1ae6c7149a203d3643d76a3a4a44df46a06f5b298f99d97fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e75ec3bc44a0372a3ce82c60a049ae2

SHA1
a7710ac38005291f754479785781a7ef04bed8a9

SHA256
a553b362e0224845f2d05e173ae14e9cb7a3fec86782d27963c71b2b656d4d66

SHA512
4d23f4edfa2c1d7bba6d61636c4e578d58b6ab2e9aaa01e4051bef83a0fdff3001aed969b797661cbdf9ac3174228aa7c902312ac2f38829766adbcf1ae8d660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64c8eecf4b7e78aeb49e333fa2d0cd03

SHA1
1e539ce260c852b58d5e479943a22a17f09c3b98

SHA256
a5e55f2c2b916e633405b413cf58aff0d8131e3b0ebe2231ab0bdd8a66c3cb64

SHA512
bed4c896e8163064d639826d28abbba60150f3fdeff59b74db41b084236e14074d026e64cb07c8134388f631d4abc4ed4c1cbdacc559ddb79a9f50498614d0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8002664b769fdf5ada03536eaab327dd

SHA1
afe0d4a4a890feadf0ca4c894a95ca7d910ba4d4

SHA256
e475cf5b37458d36fee6b63257c1d923e9b9e4861540c230ad64b4692d282998

SHA512
4332b97647afd6b515ba062e6a4b8b3ab4b3adaaa1ad83921ae3fe89ff68326acc57233c618ae6623be0f5b716d06a898f5cea3db9ae4b1b819891b753a971bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b700cda16f003e538209b47c671ebd28

SHA1
066af4c29577040e25c448fe7ad027c769e50282

SHA256
b527d9d48458dd7e74a3c25495702d77f2e8a052086fe24d725e6f7a7bef9ee5

SHA512
9e235b9f911c36b68a916b5e817bb9c38999cc5ddef489809375ee72887208b823ad44652cbf3dcc576fffba6d109952e96137dfb082261c6f8c97c62103ae46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc83f8189da9c53f4f887df8792279ea

SHA1
eb277c5ac853fb5586a3d517adc82e5527385cd1

SHA256
b8c160eea4c72712076ef01612a91ca829e55ec00b8d56d1cd9d05185600da3e

SHA512
cca0206ec8d619f2cac3f95a2078c53783397023ee286fb1b2eb64b0517b067a95dece082405d15e78a3f778825d15980f2add99df32e28a399bcfd24aaa39bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
460340e2131a4a6d37e12885ac79cd6e

SHA1
f7a24fc3be9ebe8908fdaf135873c440b2ece5fc

SHA256
b271c3a4f739650fb4d4457d3713948c76d8bfab71e86f1dc43b317615b2723c

SHA512
b5ed2059ae4f64a6924188ca9f555ef9cd8c8e251d53559aa5c8fd5ddf43712e239613806bc60eb3a84d0630372f693b5faa8374df63b550fb9a2ca867bb1ca8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
280e323211f4bd875875a683de16df5d

SHA1
15aa14d59c83b740266e00851dc891817b90ae57

SHA256
16d3a0bc255e7f77038d34b74aea43d48f6e8fdd572de35e7dac6466ada8bff7

SHA512
d07e07935cb86a6dbfa0625c8a0287ca50497a1e08555cd9685e9a6db594c9f88bbb6bf77dfd20776234696f30df42296f0c671f07f98468a7f940e52e609d54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc263bbe98c46d7b9c52730ee7a20a4a

SHA1
586ae10e4cfb43c17a1bbe70cb4657e151a9f43a

SHA256
34879a57be3710283281acee900fb3a90338d33210091fda52fbbe69e2af3208

SHA512
b27b8e0f238a72d15aaa4d88ee48c004c6d5ecc8a962e716fc41e2e77bcfd44e62ab4203980926a1f51de7a8619c3ee906c71193f60aca7031ca6cee02b5fc5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a1f3fa9b54aa2b88989d927a1fb0fa8

SHA1
ff878e18ce927c2a63f4b4f8d2f4533ff56818e9

SHA256
42d1065d524849ea454057568af54a515cc5eb540553003c0930170b615c8a8f

SHA512
73d2dc959c6fa2823e7a136d48e507b4aba6f15accfa384e162f5d7549306f2ef6140e69801d2cdc078866f9264ac7d014a1aff2f059aba241d66c27707aa168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06ed765c16315965d93fa27f035841dd

SHA1
9feaf79d03317effc4223eb502fb3cb95026d900

SHA256
250b9bd6c7c89488931abe7fba7707eeb9264c8d6b1cb18e6cd85e3fbe1ed7ee

SHA512
b4513cfe0ec74f3e0c11801601d7ad1c4d03c23bc594e04c12f913f20d79ce8129e5409272293f6d353f4b04de5b8ed4f1f324c98527bf64d08bd56dd82ac63a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4788f8b45ba1bd5998c1ae01f8bf81db

SHA1
62a9dc7b4f400723ed189212aed7aec29c4cf533

SHA256
cb311ee8056b3ba141e11e3ab7526864a705ca0954d17dcde6c4e7bd9b6a452a

SHA512
feb964bf9884113122edcd6051c660214ae65ddd3ead0aad248890476da72557253b0c6744984c0166d1c51968f5671dba228954e162f25a381ceb683e974211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b496a46817bbe7c32b1240c0f470161

SHA1
d259af4842ea996347dfdb16fac3dc01f5fc00c3

SHA256
356fa7e49d1dbd3e9a68406f4df2be416d58f74ee82cfc910ac778305edc29f0

SHA512
b128d0739fc8d72c846b2d2ea23b2bb960ac74731c4b72411740f1b4d22c6f5e9ee8d86926f0759c736954f2edb0b3fca2793c097dc59bfe9b2c254b871b737f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e9e3635ef60c20c10fc1b6eb121074f

SHA1
5a0d3e09693123869acfb087ee088dda0850f69e

SHA256
63763423ca4c8ee4ab728591623fadf7156dcfd8b6d7fe0c3e817e3e6a4194e8

SHA512
3a365a651d6401b66801aceee84446946943dc22e720aa23d242f2e2844c11953129f7bc1aa655fcb76a90584bdb1b8f3bc485904f2ba26dfa4bed6dac8cc067

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7330.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73EE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit