a7404ab13740f9bc95af2c270e2014cbab979be0922ed30e77de093bc9363366

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae11410ea5eb022f091844a9b4e3bc8e_JaffaCakes118.html
Size

17KB
MD5

ae11410ea5eb022f091844a9b4e3bc8e
SHA1

ce0ccd4e796998cd628b7e3206d40bbfbb8a6fad
SHA256

a7404ab13740f9bc95af2c270e2014cbab979be0922ed30e77de093bc9363366
SHA512

511b4cd814b3b6474a792e7411b13d71bca5d30899cffef90e7a12b8eab5dab5ca0858343d3fa5628d42a3fe03f4969fa2da4890b1db8a6f3190311c38ed4c0c
SSDEEP

384:hcMu1qPBMKBM3BM0BMXBMGcBMTFHl8/yOJOThxpJOWn3tOytOwk6q:hC0PCKC3C0CXCzCFz7nE6q

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424610399"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e24ff80486483793175bfdf9a84652ae84903156864917f8ca2bfcf29aa83b24000000000e80000000020000200000009c8ad73a51c76503a8a3e285d0496f29a48ecd4d6a43f1a240c785154127244a90000000f49c7b49d79b4d47a474a532808c6baceed958b33ad7ff1dff4f538941ce955bee2b17d8f6d7d06d5d4631aecb7382c82c52fac9fcbd1d691d531057e406dc15ec660925acea6c24c711a92b7270d0feaa7a09f7fbdf41a1341eabcbf574036fae616587dfcabcfdb4705bef57280fa461274adba31c5df0ff6b11adf5fe559af9f4f5923629f0ed0ec3a8e6965fde0340000000bc3ef9f39ccd7522768900abd1f2101865aabbba729d7328e1695d658268c32a42ad29c4ce11f0aa2abc31953617d982fba1fdb3f8441e91c646df1afdef271e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60cfe2ae11bfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000058ef8d3c04857d4588bfab3ecc00d6b280453183706fb0492e8d330901785cc1000000000e80000000020000200000007578007bc6ccbf517b50fb325272aa6cad9e10cbaa2e332ae53727c77f3da0102000000046810c53e25e2ad483696789388802efb967b53746fe73e0d38a4ae02ad20d8b40000000026a7ca2183e37f3037faabfcf58b9ab707a1c7976c4120cd5c403c8703c2bfe52d57bbc934c05b862c2ecf68994460a550f856a8a444ace34a005b5f0149e2e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA3E8281-2B04-11EF-A5CD-D671A15513D2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1800	1916	iexplore.exe	28
PID 1916 wrote to memory of 1800	1916	iexplore.exe	28
PID 1916 wrote to memory of 1800	1916	iexplore.exe	28
PID 1916 wrote to memory of 1800	1916	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ae11410ea5eb022f091844a9b4e3bc8e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
381bfa8a2c9e3544aad22cf87fdd376d

SHA1
f6e090b5076d8771dcb538b57f9ba825462aec97

SHA256
2ce39b53006fd461f35dba2e98a5833f6d235050987f0617046e876cc299fffa

SHA512
3f37b9f61bdc814d73b37ec42a0edf2f8d1abc03debbd82b34ecf56301f2eed7ef7efe5b14b2a68c9dac46f8832ca7a0d3cf9988af82ff4f9165abe48d5346e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdbdc072d2b26701a1df93d62650c692

SHA1
63e8d1cd9033870c238450e07ac4fbad6979379e

SHA256
a402ef632c3e7ae353a68009744e39beffc006a647032f16a559950706607f89

SHA512
8cabd0a450841398e55edbd4172c2e062602f2623ba6deb1e7606879a81218bebc511899874064fde7c1eee61c290c7a804f1c998e123dd12d5f83e31da4d25d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebd50db3ff6dc1211343443e25977a28

SHA1
f93a35fea67c11ea58280fc54f3b6a2b6b085772

SHA256
21ddeb4a5794a1cc1298eb695960d182f385408d4f08b841289de1a50f382ddd

SHA512
429372466d09286e7b80dc1ecea7493f8c7d4cedf73861c933c956f0f21f00a69981e7e4d0b3e242a55b0893b7148cb8a49343058d5059a2301dcd1cb05685e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b03901fea7f0dfe8787727ea80b3d7e

SHA1
eae0cc09540cc0cd04c84f5bcb9e25e61ffac4bd

SHA256
020fcefe199b48d6fe805eb8b6c6ed2337f0d7a904f99a15725e74d802d0751e

SHA512
61cc2518fe9d7746fb68afbfd02ba917e21080e56d8fdfd7f09630965e943939115e7a656964e630834271309d9a092d392414655ce7e6f45447389fa129ab05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c59e1ac14de26d63fe5a66ea2e93726d

SHA1
74d588483381513e5e6249c626581c005e1e67ab

SHA256
1cb69d608288d7e8922b8e67f762183ecf7f93b93119ec209692ea50b8349695

SHA512
5d38d5834a3130556f789e74736fb340fbe745e0fbe9c6defbbb8c11ab28ab25315889603304380447fdf29d25647cbab26e83c2d094aa3487251376a5334672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4eecebbe825222994f0b1fa9f0ae8e1f

SHA1
aafb59ad68633b8f09c33f44294187dc0b017384

SHA256
a93613a5760a402ee8a5a039c780c69418ea86eb6965246c23748e340a46f530

SHA512
7f62533051d4fa45504ac4c634cdbdcf48971ecad5b52fe60fb88a651fe2f4d8c593d4f405f0c6de3f2f47d1c5bc4dd8a16ac6395045ded4d0b6019906f29eaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e6c965eda044439f4627f48442f01fe

SHA1
b04de1473d432a312490402ada9cbdbc652b1909

SHA256
f19d9d4068ee38a0fb41dcef3ff0035425fff1f2ee8de8d1b4ba0b664c0c45dd

SHA512
5c3054c1e9a37776b1b58726d3d2e32056a294d0d7f8511b10528ea88a84e70842af0e40a3bfec054acb0af5bb3afae26a54a90842d41e2cc72f230b32c5d62a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53c1abc50ec41aff66ddfad90e286d30

SHA1
ee0938dae6a3fa297221abfa7158996e342b9ef1

SHA256
d009e2caab93b1846a41cf4bb0700057f57ef6279ad8663e2d7ceec2539b5834

SHA512
5e5e3734522848f5bc8ec4e0f7c0ea26c6f58fa58810d6166287651ee3836cf06b3f427dab6d6c7abf40956dc1418e49b8c77a5dfe76134a325689bb30f3d2be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7035052bf83dd7212c9068cff2ebbad

SHA1
dc7ea368c937dc7b7d9bc2ddc562e814c3dbb288

SHA256
1075b9925643b972188459870e64eb003e760121df112ad5e24c49dfe9376eb1

SHA512
ff0dd919af5966c5eb858bdf062a3369cf6732bef1326bf7850a9a77890769a69d878f238bc79bb73d3ebae569de278d97d51e1ce5aba5a4cf4b9670c9da64e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af95241df3dff76b80c8c759d0db1285

SHA1
eafff688847c583c3ad17751396f26058c94aec4

SHA256
b96cb137cab3e6ae11cac5101c20df95ad715dc6a0d2bc1b85310bc721a3a790

SHA512
197f4cbadb274813065201567c4c23d9a7d1d50646e720a6a6683ab69ec792a452fc9cc516e617dbb8af97e9e8cdab54c2d74e8f1120e9021f351051a3fcd26e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7fe8358e9e8c940be477440fddbe972

SHA1
ab4cfe95472381bef8e5305228c6534d66bec479

SHA256
389f44b45d27a3079dff6443a931e5c37a99fc64048b0ea7ed0c76d6a44170d5

SHA512
9f4d67044c60825d14bb48fa5e2868a822f24aed4e149f3eb22b7418a0fb66eaa8e49f9abd0a29ca70724efe73e6d1218147000a46470167e821a9514a06b568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad03be8cdfb6b8d946d5f0279a9f81a0

SHA1
6ae9db1e2c478e9ad6e1645732ff2ecdecc5e276

SHA256
89bdd1c7c4bd26b9e9e8600fcada8b7580af59e3923895bb56fb33188e86e808

SHA512
340c4d8b7f65dbc4bb4105607d8fa9077efcb9d7db912fb46975052b86a154d817ff5a0dc7c5c91ade9106944299c330143d4da7a5c2c35c5221e5f5d7ba676f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c525f286b7943c9a72f45ab2aa0d7988

SHA1
5026d8650d311da5735902a635dcf929d0e02fcd

SHA256
2e3b3ba57766048bdecb2898ad55acf0be199a1e3cfbbd08fb98644b77d6a074

SHA512
cf1d6ae503c9925d8ab359b9f29f7224bf6b8579e716548361925ac77d07de363aad2ab756b7dd04af5ee66c695d6f444c2b5c74de4fe7140ac7ff3ff9163945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd5b58135060e1c50ffd9e456ceed96a

SHA1
c395c37840a042b8e9b96a6c6cda9918bc5ce76e

SHA256
de4c5e02ea7887eb42a22894b3d541a182946d0b0b7936e58f9d0805e984038d

SHA512
ea20101ac69e4b850d94737950cc2764ca1003e0a4e3593aa96b4c16e857c56d7230858df8bc2797ea0da3ddd0d5db1b080f1d71654ab01249641a7ec924fabd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2f2f40ba92a5e5e77d5124b10835e31

SHA1
cd710c53297d94785202232d0721118ea2ab33c7

SHA256
b57867a5441aa9101c970f76fb18fe1816e482104f606f9f827c05a602ad2317

SHA512
8f789d47a7a6fdad22090b3c5795f841b07a0e96477d2505606ca427853ff32d1cd2b6a58cf4c88db4ef003d45ced53ade6d7b976e2ff6bdf24262861b88168b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13d91f0f71996008436fb63b9787fb43

SHA1
08c4c80da2f09a6bad15fb2854a68f545d579bb0

SHA256
f59596e6ef20cd7c5ddafce827afd76eb4e3418c4f58ebb4bfbf06dbe0ba0ced

SHA512
c9825bb2b4bdcf4bf26011c53ccf4b52efb3aa4d2a3e5a57be8c3c4e7f774764659dcec81145592aeeb42f773bcf5c59c46ab9a3ed757e7face32e5bb4918806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
312b6f2c4564c39afe0d1fdd8ccde4e0

SHA1
c7ef6f4283771201e2ff712d89599db4af6ae34a

SHA256
7355f86ee82fe4206523807b31426a5144751652810e11767c80dc9ea0ed62d5

SHA512
c675afd1824405ef5c653ef42b541e6ed6c5becdec0b640d72cc9bcaddac5c653646613dfafd97e225f4b44e7e68ea936b46addf8ad29ecdc9332f5103fbfcf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3AC1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B61.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit