d4d50f94510ff30cfb4772ca3b9fbc4c33345111d6a583fa1dd49b730f598381

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aeb03329d08a9651f9682c2d44e4083b_JaffaCakes118.html
Size

496B
MD5

aeb03329d08a9651f9682c2d44e4083b
SHA1

2fea239ce563b24168415fe1ee261e0909d32d64
SHA256

d4d50f94510ff30cfb4772ca3b9fbc4c33345111d6a583fa1dd49b730f598381
SHA512

14755e043350f6d28913a84d400ed12910e97cd63c9a8e80afb2818544693e1c936f22fcc6e521895cb0f15f4923d4a7b69638f30401ee3c44bc9b8736af5f86

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001f1063fd1b76ac2afc6cd81efeb8c3696546471d36ba9d3760c4f2a22808553e000000000e80000000020000200000008b15d6373c70fa73d4693bf35c862f41dedee3348c1c009e0cce7c2606753d412000000063f0734d55b254eecfe320175e4c4327e6c5c2bb121347680aafc6cf6821d73940000000412f2a52ab3759b8748afe08663fbf64ae2a209a859722186304f980f869d7044095906d22e5375633155e015360d0b702ca22900977995cdc5d1d8048a7cec4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000003587bf8e0e4b7d5c02fae6b21dbfca11d020cc471644b0ba03474c0208da26c5000000000e8000000002000020000000464605e2a4311bbad90a0e52a07446c3fc1a1e792660675018a9beda50a254a690000000fe497c152322cfd22117f489cd092ccd8ce534a0eaf599564fbbd54451cf58252b6f0d8552624e2eee928a9e6c2de0165be75ea578349f26312146a6597adf10d80b9df4003e9481e472ece0b0dad036bfa4b113ebb18a9ab1eb48d73187b633778255c6d6831096608d7e051ff373fff547debf050b5776530b443c9470ffe9d00f3bc331d72dc99fadc996e68df88940000000e2bc6dfec87d860aa1992a92d155690fb1628a7ca3f13967a455ed17bd8d984d63ccf205d91a7130e1735a28e42d106e8b3a3c5e2a2641db267891870c4db5dc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E29F3511-2B1C-11EF-820E-FE0070C7CB2B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306124b729bfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424620721"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2452	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2452	iexplore.exe
2452	iexplore.exe
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE
1700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 1700	2452	iexplore.exe	28
PID 2452 wrote to memory of 1700	2452	iexplore.exe	28
PID 2452 wrote to memory of 1700	2452	iexplore.exe	28
PID 2452 wrote to memory of 1700	2452	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aeb03329d08a9651f9682c2d44e4083b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fefc6887fb80dcf02f745bf3c90b9ad

SHA1
3e1459c531dd3324d2bd838a9ae56e4e45882206

SHA256
481a781c7e2847d300be81484693afa5c952fede0b928a6af28560d770484894

SHA512
39ba802ebe2b4ab23ddecdfcdf4e3e8994b4c12fe26552e9839c408eab1b0919ff8472fcb78692d907a9c57ec8c524520badf10caf6a868bffd54d131d7d235a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14a0ad48b8f1719b44fc9d9fd9e4f5f3

SHA1
f2e6c95de6ca7f17d60131d7e750ab494ae4230b

SHA256
70a91fd79cc35e3e0ec04cc60b83043924c70df85b411d805ee7a3e4af229289

SHA512
596a810e04a1cc653b3d32c88d7bcec5e2cb4af19f51433f7e0e7c8e3da486f40d5dc8846b651092f70cdc56f66e7733a1f386264c8a87474f97151e05a04484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7edf31e0b01c8c7d4227506f87d462ff

SHA1
5c9988b107d6a4b355a18bbbc787d70074ec1afa

SHA256
025f8f3daa1d0cfeeb53055cc5f617d547fe087c460880662814d8f2b48ec53e

SHA512
c7f072ca60316b1e88bd98b7b748266465a7a13519205ec2ec8d38c048fae5462b1c05c4a61cf75bb9dd7ecb893ad224694ea0540981ee2b8e0fcb4588c1fef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a47effb0c6f0596aa02a53ffb4a02ae5

SHA1
a2ddf63299c6d8e878c589a8055bd98a493ec6c4

SHA256
8695d4ec6c244de62053b8b5167fe7861b50ef3e871c59d22a44c61b59ed8ea7

SHA512
87afb61848c40c08d6910c118227f9988b0101a5bade3f5b06d084b1d8fe2c601b8204ade4addb7ca4503d4059c74619a78b158c0cb602f2e9a013eb681049d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ad5fa459f0d96c4f2c519ae3fe408b6

SHA1
3f592bb6b2514c2731153d7dc2ec748c6cca1cd6

SHA256
5b96257b44b510ca80ec48b01e1f58d8d0e270dd9d41ba81656513e760a1efd7

SHA512
cff9c76fbc39fdadb83e3aa6507158bec254eb835beaa47538641b31aaf7b142f67da22684a161877a8809bcf9e5cd5436b55cfd2e7107577a9263da7bf0e46e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
279338d1152abbab8fb26410dc47f57f

SHA1
27bb974641229644397cb913cf5ff2b3b29ad8ad

SHA256
40add34d3c32e83e09c7487c010bde53f6e057eb6dcf605d7988d27e00dec59a

SHA512
6805d48c87dcf3988436f6d3238583ad6cb7c2ad5b464d887dd7166142134a2ae443209985cf64d08990ff19c2f798df29e63c80da3e3831dab8612780d772d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa7da03d61afc46ad0f8ed790573c2ca

SHA1
b835262a2f254bfeea8d82eefb7ba563735a934e

SHA256
ac95fab139838ec7629518d4d715ba36bd7e8a68fef265b48bdee8ebdbe3df0c

SHA512
a1f2cc61717c195c26c58c7d7a6b677429aa1e48d1981f982e91a5549d2715fa650b5699adb953c8a064bd3f7efd33b723f48ddd1e8e6c4c8b32cd8dc82626fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
832f13035ae9c750cd77324aeaecdfc7

SHA1
1891110f68a33ae3a337aade85470a4a8d379f3c

SHA256
0a6c6ac1af19fde4854bfc6da71eaf30ea955cc4ab10b70ede789a2494f8b203

SHA512
54ba2bb23aa9ba94cee3596fc2227f0796f56d9fe492cb5df9be1da98a67367023e02b316c6ac053f5a7d3765de2431bca8b78d0a0330f547b170ab21407a484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
227d841c3989a920ede4e291d6c26802

SHA1
ecb39096c5207aa664836296a46ab38003e94860

SHA256
e0e7d6fa08265f4a56909e92c4c0af5abe8b4055e1e3e2a77640e56b6a9ef256

SHA512
b146f95cdb1b4ffb6f86cd7326f46b1b9a9b07b80f290f8e6a47fee8c2160210e5046a4aec6ac5b3d604a0825a5e68123060546036afe0fc79657f4942007dc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c7cd05579aa9358cd132955006eff10

SHA1
656e4a1034f654e47114d42551365c71f1c0ad9d

SHA256
c8ee80e630f0ac64eeb58a1fd854df8999fee4eb3ac89ff83295c48ee2bc8a31

SHA512
313a2eae0f362b6f352814c38f715bbede1a4bfd141c6554ae94047713de6ef202b0a6c2a84919b6daf4c9d71f24e73f6425554c4efd652987f4b21a02e4a21c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a26398333a504d76ebeb4186e4a9b2a

SHA1
d10ce69b2450ace5bc968f8d0cb6f3473df9f940

SHA256
067130d0938a7214f007e977ed18a2b3ac3b71872782aff43c492ea4873cf3eb

SHA512
b1f4a5a140f835acc6514c15c792ba20b30a7e211381881678a6eeb3d8c1e2ab868b27c8f3f4d86c6ed0cb8cb87207456b8484c833dc1ffa89f7494626b243d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87e6d834411d13016cf4ea1dedc2c4a1

SHA1
31116f5f399ed355f905d9961382ab8c8128f63c

SHA256
5651f3ef8782677926814c3cc136eb0a8c5517f33819c662a5cceebf74609f05

SHA512
850fdc8ed8c255966b14fd9d3b166b30ade5e1a359bc0c1838de9ac668652e01d1ec1c01ae6c73a5106b011823a157e24e455c6360bbf28bd574d669e05df53f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed2840489ef66c5d0ae1b22ce531d39d

SHA1
b3bd5696e5a0981ade4a48161bff22417976f472

SHA256
483d92ee261a08a96ea7133d18ec73b877e03186510efb6012e7ad75fc03e03b

SHA512
7ec1a6c2d76c3ba61e74eef91bec0e504f2a98b5da6649085e32e919714a253c5e9b153b46b17d7431a6cde0e1a30d86034cd33b91f6d886746138baeff29623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcf584d5be1cf3f294814b13796b0cbd

SHA1
ffc68cc49316fd5a4047dd3789e9b94a2f1ec8e9

SHA256
8b39dfdc681fd6d02d6190a0044d2a6887cec22b39b5cac8fddc77f0ebfc002f

SHA512
fec3022aa12ad3e09e77a71ab8596a373448d6fc14a14bb4c512f59fa3b5e553455c50e8c477dd5ed0ea4dfa7cfb25cadf068a4d0abc70ae3129cc8921caf60f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cd749cd1a3e6a8d3e552fa898a7aee7

SHA1
20570fabc981fd5fd39b0bbcb77ebb1c6d235f62

SHA256
16789d11f03da7332ae9543a57eb8be8022205f1f4b95d9467c93f142ba51501

SHA512
2bb206ccd54960fbd8ca8aa95171c20b0bbd64ece5edd0d4ec83a809aef6c804a1920de4106430f89d91a22097679f29fd73866c54649f675974ffd9baef7e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
752559158a361b5da69f11362b303845

SHA1
6b110ae51f52cebab034a5b475e24bd50b7caf80

SHA256
6f0a9f8ba26f00910ba9b35144160a77b8742533491882595dc6752edec9c595

SHA512
7d9d6d57b986b25a403fa5dbca0093ee651b7a3cb8950e726e8d502eb58f124014a1e8ee9f4cc4f35c6969608f147e871e362474f5513ccb3bb07217ca413190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236b889a8fa6116f69f0428f82a8a68c

SHA1
f15b0f253bceeb7d13f59b8a443cea0a01cafac6

SHA256
5058f8e49a38affdd4c4fe053681ecdbaa57c6f74a0ac9ca0351cd2df97ec536

SHA512
bb3583188fffca9c7652acb6fa94e08fc1da8c4f0fd8bb3fda715709d0845a14aedc69c59a44448d35e9a72a7713eb100f9c30e6b9cbe2cdfba5899284ab057c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B19.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2BCC.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit