aa3b4ef63f7d32ffaf5bd7de59df7efe79ba05589b79a6f064dd2db4845d67e3

Analysis

max time kernel
149s
max time network
158s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 09:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

04b5d872fb74220bb9c8c87dd3c86580_JaffaCakes118.html
Size

3KB
MD5

04b5d872fb74220bb9c8c87dd3c86580
SHA1

87d457b755610ae819b3e6f7bb7d2ddd517e0f2a
SHA256

aa3b4ef63f7d32ffaf5bd7de59df7efe79ba05589b79a6f064dd2db4845d67e3
SHA512

445895eaebbbfa96bcab5e128ec100b85e42b8193a7f47d7f0cca59f6a75caae9a2121ec454a1ef3513d8ebd0b3fffbc84e5edea3f8faeea53a2c7b4d31e02d0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21D4A5D1-2EE7-11EF-A3C1-4A2B752F9250} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a081f7f3c2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007555b3f5368492906b6d3cef7d4d8793e9338a2892a69d1a57e0af2a1fbadaa4000000000e8000000002000020000000b1ceff77328d8e63548df586e9d8af557bc122f2e51f4d1a348436cfd549a0b420000000254618e888372edd4202e72b3bbf88b934e5c9915ff303d88d5eac4e74fe49b240000000386bf8fbc72c5e8f7eceb7d9dce3ee8d7925135195c3084bf3dfa14a9effe4430354456a7ec5e778712d73f6231f4d9f4792db91cd3c845e6fc95676e0bb4445	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425037440"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000042dd6e58a80c593f5aa83ad5000ac9fb557a20528ce1bd6ef0e1fe40ba0b8428000000000e80000000020000200000003bb527d9e7a9a5c8c4d6fcb68813adf4d64038b951ec7f3c9fb9c30095d3f72f900000008eade05f12467001497032339b283dad10b84c73696b13a4031b42d2f9d396b67f9fa787d80d49f399ce1a2bd246a337a350e9cd602d3f03d7ee7e9bb315ac75a04243ae99015c47b032126414f9c41b15c0a08957634e51f44fc87b1b767b0899f491fc5252ec3f2ac1bceb489e7920b62d6b23101f9bdf878f0e307c3c23688aa35f709b9d3b67e951c225b921d63440000000eca61d4aaf5ebd43f70bdc614ca9d9065506fe689cf6d9525a75f0c01b3f3597ee20c92285937dc4b4dbdec0a0908b5b7535272f4787943f7f5f7bd72d7a9fe8	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2112	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2144	2112	iexplore.exe	28
PID 2112 wrote to memory of 2144	2112	iexplore.exe	28
PID 2112 wrote to memory of 2144	2112	iexplore.exe	28
PID 2112 wrote to memory of 2144	2112	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\04b5d872fb74220bb9c8c87dd3c86580_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01b649cd4c3763bbfc9cc91d7a7139bb

SHA1
953a385dda6cf1bd2614d05898deef8eba7cd416

SHA256
0eba17c4703f16c85b19d7cd2ad7a4cdfd954939025b66fe4d32cbbb06b74631

SHA512
47d64bd64faefae9b88f7c4acc21b7dd2c6da76e670f307746a42a36993714c328bac204e23b6df9d92580a16d10fec94f343dc91e14e0037becb91baa68c889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a450cc9988a8e6084254aea83b581df7

SHA1
985bdc8c6d2cca567a42968bdb8469852b3e84a1

SHA256
8acdc18012e0655af127d71b0772a2acd174a07f30bcb6eaa45c72adb90584e2

SHA512
2688620b40f68ee8422f55c54adf962ef07c51e2640f951abf8d76e319803f2195e9ae2a948b204ae3f5f6dd7fef2af962c80a0c19f31bb7cbfd74051b236a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6208a7488b3cb39c89bdc21b6a0013ac

SHA1
8ff5867f033427166a82410c6644dd347f4b9587

SHA256
6c5b0e4a0f2be0a29613d7fc73cfc28d0b817b907c1ed9d3572098a3aa479f0b

SHA512
7b9ad7aedb54cba9122bd575f4664949a759224bff833bf5d9b1eca7c16245e2846292b122965d1e60b9952ad6b5037849ff50c294e08d2ec2ab1f68bb1cc005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
579838068465487c2c70717912c097ac

SHA1
c397ffb98d2b664e513c1a6569cf28beff6b73f6

SHA256
fc822e82e44c7114fbc908c6044f475d7756b3e571165656994daec27f656c46

SHA512
29171064ece75ba4fb7b68229934e7ed57dca6f76e856e1b7e2bec94d19166682429fbff481bf6e6ed8c6c6c0a2ff222abf433508fa6d30d2b7b7f0bd1e24787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c083ee1d11f1cdcde017607a334f945f

SHA1
28621a5a91e12239e0a705e4d3b3cd17d88dea78

SHA256
41512694d1595b27c388b739164be3ed4878d1ec2a5659a11bb7740872e37c48

SHA512
b6ac72480e6dde95b661fbe262aa3cbd73dd2f382bbaa06de2a57fa37d3ffea5d6956b95561c737d696c9dee5f972be50e37dcf19cd8daa66739663d01c94178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b184d0d1c4b56e250912692c602f02e6

SHA1
094a94cf19c8602dc22116db3b9dd3d65ef9a2cd

SHA256
776f2b4988a3d0aaaaa446bffd005b0cbf038b927582b9a00edf8b73985109f1

SHA512
ecbf7f422d76624c87d780ef3587b2e46ee2adeabe0f902a6f5ea28554fc34ced878b310eb201a3ab35d32c7d876c0b6edd6a424eca205d4c2696c63760b51a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a5f90bc35b8c9322abeaee6668ca1d7

SHA1
dc2b1d45a1ef53170f8d1083e330893ec09e77a3

SHA256
0ba4179fceae21b21333a0eefdcf68d40d5de04ff7452429980e5ce15a6f7588

SHA512
0e6c792e841a62411c5d7eefb31dc1407f21fd28c17beaa3936b658a71d5dc16180a5d3befe5a3dae805f7f76306203da2a3f6f6506e60ad76a2a7e30a1791b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db7a161e0fef3ed46bed917e67de6d62

SHA1
05007064d7613e85cf00dacdd92cd459696bd7ce

SHA256
b37d8e0a5dba294e27a452508cd2b7517560584389bb9514d6a42288c0be0505

SHA512
fbb5ebea586bd2847f6dee8d39e85cdfb6f176ddc460fd821b97087b22aef3d194be382c914510f364497ae87e37e5b46c8b3c6839b8b2fcff5352a38f093211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fea1236d75b58bc2bcc682d5f3ae699b

SHA1
278d9cf6c3915902849493198572ade6ecc84b7a

SHA256
7c5e6b6be7b9517160bcae98fab9c1a9d17ee3d0f5f98d546141d92b0c1c14c9

SHA512
8aa631f9b5ac48039217d844bdd51381d1ed35515e34c3eb6d003fc1fbc8f5ea840069ead9175da3e5f500853757c05413ca36b633858822ee1b176bcf843009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f804106837006fd4f6e9b9d7a46a15dd

SHA1
b5dd0cd9030948d28ef732a049fb9f3e91d97166

SHA256
a2d4297108f9fbd96a36a8b87c4a3dd48bbc4b548b6fc9bd57e30cc23d772ecd

SHA512
df42146e8779217ba399bc4841302ade7a6db0aff518cf6548f0ecb2d483542083fb4ab73e7740063d8a98ba0f2ed3a6c871b4196192ef0ff34179b93b9edfde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a7a027f588bc4fae4cef32e537f1507

SHA1
522318545d4dd114764fdaf38ef02488350741fc

SHA256
ae2657fa7791a5c17c1fb97f0565dbee65c789fb0a9f84ebbfb2705619e93f0e

SHA512
18881b54d44ad237273b3684784036b10386608058c5d16381ed6e2c1d4e8e15d170dd5b283433e2c2a4f1fbf333311ae6c5d3aefcea645c2986db3daa0cfecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
763f76a271535d46dc31bcd393d08518

SHA1
cf28eb6a501ee5b6b08ce6535f2235f0eb973272

SHA256
9adc1a3e49b84f3de3cd64af85bc1a086c8c4c5022ed69bd9891d711bc951759

SHA512
063ef5f88b0a8a9b45029375a124496db5707cff18471bbc20a5dc102bfb87ff838401c2bb1ab93b245d1242313ad10c9ac8739dd8352583868b0361639e4ec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64730c66438d6eb5eae078cac851e635

SHA1
972f88b2a595cd93c7703dcc830effa5a15e4165

SHA256
12354f5efda149f2becd97178175c7716f28172f0f2582fb069df37179a3a013

SHA512
81420f6f9da202e69d4388e65877b2ffabd42acd8d5387afa4829c9bdeccdf7360a2f89a750aba638fdb11d09feb2c15dff1ae856c9704a8633c02d200b33cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5991fbec22568a9d7eb1da4ec751bc8a

SHA1
8ea041c8c31fffd5a81918d1dd72fdd38a4ada2a

SHA256
24fc3d28b5639170433d950bd2727a6201e3310cb64af215c25f79fc189a5f7b

SHA512
7153a6204df200c0d6640a914a22e039010a37b8272d6115983393da7f0f3392e0b48fe90633a0e3d7209098c2579c1ead4adae37e0b2fb4a53604d3f2008efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da3fcbd1dae9362fefd83cd4780784e4

SHA1
5dc8a127da4efdf6ada1101f5591de928034b6dd

SHA256
2187ba64d566875d042f836eaeab531ad286f18ef2cfa296b09e0c66c6ba6863

SHA512
b2dd06a238e7ac1c75d62d0804795330c0c5a71afec0eabea8c0a8dcc6fa35e8655253c6fe976e1381d2649b54efa47d7c778e8dbeb54f9bdf44502ecaa02055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec8e1f65bdd13d39f1b16b5a2401a15b

SHA1
adac4788e6828e8cb1a474e4439344bb1423beec

SHA256
8ec52f92001a8367d29cb578f33c3642d999222fde87f814f42548b29f0a64a9

SHA512
3f0c7acba573e1326f631dfbda53e61a653507a2861d9ef2a935c6d922d9cc653037b1b554ab950b79af73e22710e49cc30c806e257fc5df1c3bbfef8541a609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6941f5db1c02f00147084049771c8a8

SHA1
d74f2732049927295d4d1b83be6f9cab750a5c66

SHA256
fbaa02c4e4da6838b35e30855d6434acf5e290ac9e4f40725a381ce9f1ee0ac6

SHA512
587f7e9b9a05de2f245c522ba56d53bdeb4d4592ce8089e82c194b8022b31c7d39d6c4e04e429d95e689248b8db64a3b71fd1f602a5c24bfae9bb15b5359016b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab99A3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9A62.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit