a9f89ac97de8e857d02fb493ca1013d42e1b70e13eb1c264360a2dcd40ca197c

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02ec3b017d7744e39535a65e5f82ba5f_JaffaCakes118.html
Size

6KB
MD5

02ec3b017d7744e39535a65e5f82ba5f
SHA1

add6cd2b8f19ab092e7051d2ec83837fd045da9f
SHA256

a9f89ac97de8e857d02fb493ca1013d42e1b70e13eb1c264360a2dcd40ca197c
SHA512

0bb265501ccf105194a836ddc5b744b736241a9b451f669912d7ba899ae63c5a5f7712ec8b4f3106b373b1a096c6c0318cf98fbabcd0aff7540f567100507305
SSDEEP

96:uzVs+ux7VBfLLY1k9o84d12ef7CSTU/ZcEZ7ru7f:csz7VBfAYS/ab76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002562bffe0ad0807e807452e63aedfd7ac9fa50805f942c5e0c200ad85f4330f9000000000e80000000020000200000005f47457918042660dcde25a67e3ab88a029bfe2e08300cf4f58821b22cffa91f20000000453916492f9863f87138aec1f0af8cd7dc65f647e3d5c1eff049f5841672706b40000000f6cd05d3ff307a091a757fd4686ec1be48abaea907d725705a765bc32a681e55f5ebba712f82b7dafe0e32c412e0d58ecef944b9e65edc1ce2427ff0b0b36a1b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000ab8e31b8c9abc634d4eb24e13c81f39087490d49ef78253fe142f692f68e34b7000000000e80000000020000200000001a7cbb2643c5d89cb7d657f2f198008134d5b2242a942a986812a37285d045df9000000080d55b45e5c8d690b46adef4af47fde4f3a5ee71e34e345249bc47b43d60cabae323e6d2073b26b1e9a253eba33a668814ff5d535f946e06b728ec08a4856f0ee05a71d45faf2048bc3fd0fbaea61aafc1855fb6bcb7d96f3d82b1d81e38a6da4916ee1d72aa0d1187043403b78080b5ece1c86a87dd3eacc0b0dc932f23f40d0bb46f9517ea7e0798a7349417b8244a40000000e2279446dbdb2f719223acbc46eef557516780b2ef2de3ff593d49b108a98e48ea622ea664f38fd996181ee3692a2a90aa7b708e3a078d8f6b849cb38da1966e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{366CC031-2EC0-11EF-AB95-422D877631E1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fa690bcdc2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425020723"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1836	2188	iexplore.exe	28
PID 2188 wrote to memory of 1836	2188	iexplore.exe	28
PID 2188 wrote to memory of 1836	2188	iexplore.exe	28
PID 2188 wrote to memory of 1836	2188	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\02ec3b017d7744e39535a65e5f82ba5f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b75f52910ab972d1fad83884b13c828

SHA1
f8c77679cfa30112ed6b6fa1a9ddc7d6535ede48

SHA256
b9bb3953f39c04ad5264f9b206ced39b0f88205b1b45ef3b3bb24a1c9cccdbbb

SHA512
cecba26f3ddf1b0282778923ac3a635c9beae13e123dbf3b4832d734a556d68f0e2e0cdd0ae534dc2f2d4a03d9f13fb34b0f641ceb4ac8686c972e87a93da5f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41a75dc504e9d0c785f8ff2ae6dd81c4

SHA1
68577aebc59dde6c38578206ee9be70fed3122f3

SHA256
9458f177646d7442ee672bbcfdd8a5218a5f8d601c67a88c58f9b7da71fba435

SHA512
9aafb283aa00bafabd9938eea79765db56ddb9f117cbfce46274db2b23f46e665ce870d8a725fae288f413d03754f06a689450d7fdec22f270a66c9cc1d25789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
402f37ff27473ffbf10dfdf6a61939a6

SHA1
d4f7ae237d3e68242a618eef1fc4a3b88a0029d7

SHA256
fd7c9602ca9ae65e6dfb27afc57a8e181c8b8ab996d92df64f57e4bf0fb6e02a

SHA512
33b21bebf846a86825303dc1fcedb0303b773118172d827d5a14d86fe70e2fbe14879ad281f963fa9496efd771da990abfb71f3e529be03d049cafed57340dec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b25848254bdcaec354b4c58ba9b2c07

SHA1
457f45013ea479438d577f51660e6a3274d1de81

SHA256
2257038548668abe397da03b192d0ba83e0a821d6d1cc441f5daee1bc219c0c6

SHA512
6c2eb8b06aadd3162e78e47300dec735f766053ef48a9aea15589adb836948ac87e27c2f50b6330b816fe751f9ac1d4f5011b076b1566f7afe680325cc239b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2ea82fc67751cbf939816427554f86c

SHA1
3dc0dba01707ef5ee8815969a97edc9a792141fd

SHA256
20a630ac82c0001a3474e8aa5ba33705407e388bd953a3e86b4f7e1f6ee4bdc7

SHA512
5fe26bc829be3276183a4bd1fc56903c697cd47a8dd01e888da922a1f6cac4144e47cef11d90f50b060dc5a7fff9d1bf7ff43fbcd2c69912c73bab44de72a220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bdaa9375c5b4a6bfc42dafe5e1f8556

SHA1
d072cd0c770402c74e178c4dd42a753cc8fb3f52

SHA256
86a814c2daf10cf9e5574205f4e9115a62845185ebad4e75207a9916cf545b7a

SHA512
2546eb7384efad9a8f961820fa4c9c1de74c9a8747d25ebedf36bba8fc5e077656efab4e7d3ff0b6fb417e56f43cac5d6eb7b73f7e210ac2d9a88ae832138d5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cb4d798a077c215c673bdcafeb10d94

SHA1
cdccc384400554cd9b646a9cd53181ef534129b8

SHA256
05a529228dab1dea3ecce25ed5c1bf5a5129109f29a173538e32c3c00f6e0ac8

SHA512
a8c0dcfabfe340c3d2014d79010922d315585b16a70d0b211e4b0256c14c5d3e1fb57c834df0aeaac2b69f41a590813c06952bb660666f245bca5857d943b528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07f77cd147d29f38510c2ad3fd052207

SHA1
7e39ab343c61e9fc44c6cf0ddae6a63b4f2b0125

SHA256
824ddda2d842dc8c9b2cf098af4aa0500f447439580bc4687fd5db2e7d46d49c

SHA512
d459b16d4f435cda62b77bf7c834d8334b8fc6ee540f88ddcc1355aeb5090106957fcdd74e915137157e4018cb7544cdec8e5bccd9ed6786c999faa723610140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
391a06fc645763d9fa979e447f4ca159

SHA1
6dd17041aea47710094884223fdb201f91311650

SHA256
d4452a6e0bdd7fbfd2a2ec3bdf3bbf34b1264aeaaf474a1e470cbdcc269bef61

SHA512
a90cc4191a6e4a1c0a062f8b6ba036e8a4aa42edeaa748ec220711f139f07ee20490de9cb46185223e486f00a945fafc92d27bdc41f233b226239dbb6082d323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8daf7df2f0beca02fc6f5082a308429b

SHA1
8b33852740b1daa93470eb5aede7ee1f6e53ead0

SHA256
e3e6a8325d0579c16b2e69febb76c28d173b2ff5691612b57f82298933036038

SHA512
3e2d0e1ce77a12d43fcfa65900b64d3ac4613bf0ab41598394e2260067f70fe53d0576fb75c583ba9f0c08140d3cafa99beb48420e5d580450eb8f37ab6e5f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f11a208ff1693fb29a7667b08d6aefd

SHA1
01ce53414e4aa65845f68f97c2aac33a4d6996ad

SHA256
33ae9e784bf49226757ce7f2e73e907fa84353563c794184c456a28f99d2a316

SHA512
6574da9c5d92e854e4f8682195a174b432be37b0f3c9d27154b089723cb50da2b912828fdc8a0e14d5581b712df4808a2a1dbb895e31330de9f57dcb375b9569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0057d7a0f9dc1ef2f76917d37abb83bd

SHA1
92b8edf24d9ee7701a951a92739d27b78b1ba131

SHA256
b43acbb67ec412042141577b538ea286d0d1ee46ce21c00a3dd148bff8181835

SHA512
d747a081a0339d2cf94fd3b61bf30a93bac9b1a163a0bd7553898cdcb36e2375990894be34321933ff2a7519dbd370fc40847251d082c3835c58680838b5ff70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf7a64bddbdf736c53af9fc731f5c48e

SHA1
4cf6e39b4b70e0a0a9ede30d162b5af11761e5af

SHA256
db5ce1a45b0c917808a22aa4e5c5ea79d8ada9fe46a1b67e81e39873630448c1

SHA512
132e4f9495385c5299996007d7b3e4e6dcb836546acec854a8b6584dfe7f161e1ea81a8ba66af9ebdaa129c67241cff779d404ca9c83b1e312303a44b90d51d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
597be980e913ee56549e6a4be2ae0b38

SHA1
c52db25dcc5616c16e1e139753a512758651c12d

SHA256
bc24f27f4ffabce2f3db6731f70363af599741d2670ff827218b17d3d02b7035

SHA512
682da5cecc2db742edc8cdf5756d585f350b4bb2953fe7c91f1338f336e240b6fe61b88888a4ca6f87b0277a267d2dae2e0f90df8c1d5549d66e5a853d828e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d1696ded6f7a0ed71bbdb566f41a74a

SHA1
b63c61148be57d328bde6f9db3c537d3492444ca

SHA256
2ed0b4ff6aaf31b8480c1a19139519b01282946491baf8021a2b2e3a40b46507

SHA512
290fb045ee7b41ea7dda1ec52e5cda691978533bda48c770b2a25483a644992d02a7908ad77002b103faaeefb8baf691efbb567a2d9778fd8b471382a97b755d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2040.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab20C0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20D4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit