264f834cf0e1d6150ca65d0095b19f6ba42bccddf9cdd05c0093d21889f11450

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08c6356c13582b1254457d7b986ca4a5_JaffaCakes118.html
Size

14KB
MD5

08c6356c13582b1254457d7b986ca4a5
SHA1

98e2e01435487f328bc4d86cc96f8dca274b05c8
SHA256

264f834cf0e1d6150ca65d0095b19f6ba42bccddf9cdd05c0093d21889f11450
SHA512

c6209e66e190eaf0235f27e292c33ccdef0412393442b6fd0042db3bd0a9249f4551560218eb3ecc42d5cd06c4ed3e5ac00518caeb75d8e1e6b8094758c5e306
SSDEEP

96:mjSxmK4qhOfH4nQDjSxmK4qhOfH4nQPMZCXQhMpX5l8OxKXEVT2HXpcHXNS28ArM:mjSxm9f4nQDjSxm9f4nQRRAD4vxqN62

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e200f79f0e521449a1b4646cc70dd9fe5e1be7bcce8a2b313d1908db431ed960000000000e8000000002000020000000e63960e6713ef2c2431ff753b8333fdc796c023f6ac9ac9ed45b7a8dbc7837ac90000000fba959b6c35c697d69e8eef72f7524ed1951bde3e20be24cfdc09db1a8f54aecb158b953a3279068838f04b4df447dea9445f2a65f4d49cd383e69e1621ba502997e19aa678ad4aa7d1253f251a21fae85aec14096058fc7e9da64d39decc78be14facc834a1cf0aa6082c82f862950455868e98131afa08ff3d075b5de3cf85243a3b26ba9a99488254d695854712c640000000fc4277b93e5c38214d81566a5db27b080dd162319bd0a9646ec629b29a4c2f9f7cc57c0f3d0b49a645b13962eb8d219a7ea25a977249c5399933ebb356549492	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42D46A61-2F35-11EF-BDE8-5214A1CF35EA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000a45e5c9eb200674be4238ed0da2f89f86d209d4aed84ba0923e92864ab5b505000000000e8000000002000020000000f253df7c576b38fc31e5c67dfc27f361542cc83da8defe3544e73a78fcd924802000000032da0610929dcbb2f672fe7d451e87253207b04d35b8bafdb2a4c244b7f59a7440000000d91ff86264f540e381b56dda5dde006e456d055db29942a07da361329272dbd6536a82fc42f6589307d8f073ab649b96eb2372822172729ba4134dbf416e5c4d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e03e651742c3da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425070995"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2140	1916	iexplore.exe	28
PID 1916 wrote to memory of 2140	1916	iexplore.exe	28
PID 1916 wrote to memory of 2140	1916	iexplore.exe	28
PID 1916 wrote to memory of 2140	1916	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08c6356c13582b1254457d7b986ca4a5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2260c89100d49e195ed8b7afc17c893

SHA1
ac4b8a97d85bb5a6ac2bcd7804b02ce5d36957be

SHA256
bf9f5280f44ad8e4fc5641bf5162db7f315283ba8cecf4a2e6903cd096b3fc0a

SHA512
f7ac3fb30aaab080fd6b6d3bd766d41c27e7872cf47ca04ebe13edcf6cce3ba2354bcf276a43a73fb28f01c40ca657ba5e55f1f2d08f5bdd181ac525602a4be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
876ce8c25ca99ac912e05f79b5e4be78

SHA1
96250b20f7a39fe09173e222499126d9d632705f

SHA256
e18f69fecce59f4cc763c599f44e4c4b0575c683519bec1e49999192cb6b36eb

SHA512
6bcb6c25ed06c9e11b76c4bf24abed28b5abdfb51b74d665bfa4d4801a1990afd0ef53e5bb774e63ab1932a4409890111b194b8c659e60e4b9f6ef60cdb6eb4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d33b91ea0c752072b05e8ea8251f2a7

SHA1
36650ef29b72b9359d419c8375eb059b5d140c6b

SHA256
de2ba89f0ddb8843a852e551a5e8cd0bedaad9553f042ed51c59869e77ed6be7

SHA512
1196c0087fb4dd69b1c331fb4639eb507c746b3abd4674f30f6c6c52f490ed052028600d001f6730bea1f1ac840efa827af1f30d5d9ca6e7040e1c6845ee13a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0ead9bbb75adbb3eaa732ec200a2c1d

SHA1
272f3d828f427c8e9576287c5abcafdf96a94b01

SHA256
cc851318537420075c1c4ae3ba394d4fd6f03b3d28e1c2c0a96f64478858e580

SHA512
a0c6b1e44f8936beaeb62715ceb8f3baaf3c6d21d8f5ebe588b86c82ced3a74c20c799a6eeb67749a0ffa16a7d465981897ccf257b1dad152dd4601283434cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32d98b999371607a287b8d3c892c428d

SHA1
ef9696611881f86ce5cf9888a32099a1911baded

SHA256
6b548c174060a0e59b4c3b1a18084383171860fdcf683441a828847495accbf0

SHA512
003cbd32b2b9f2197b6982973416f329b57c85d8a6df50a31dbcabd413c26b667f2d9f707808b05b5512c9719c623fb6f46943688a0dda80196eb55a48a92f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3654c6edbfae252f846fb84f999c1cf1

SHA1
4978ed4e003d712ad7ee99a5ab71bfb5b494b79f

SHA256
e7ad0517d5c044298b6fc6a663a2615423f8c86fbf39be8ee3197ad7511d6be0

SHA512
c93c426ce8b0cec6d13569fbd83a2125aa9aedba42f65e585353dbfef62aa6dbb71bad47726efebc83f3ef032daac1cfd203303364105d90936599d309ce472d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8db0d0a39ceae43f3f948e6d827b362

SHA1
6b7b4e2e758dd9b8d950b354a2a5505456ae2619

SHA256
387e6e049d5f5555a57d2140958e52b6e1f3dea4a7cc12bc581ba7987c17efb6

SHA512
9d360ccd215aecf587166312c0cf0a0cd481655858dfa2335e095d6ab7f8e8c33b749c75cc650bf8bb58ff5913342d39332690dd30a482e92116d91c5113786c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5d0315160287aadf06ed82cf587f811

SHA1
791d967697f1e606e67c268b68935ce1428b59bf

SHA256
d1c86ec7283b6ec37797b4c02e330072cc2758fa0382aff6fe75bff67a93d742

SHA512
ee42861d8a632fef2e0773b46f840aa85c9a87742c9441971e601b286544a9175adbe52c1b948b72e5ad10b36ce21ad82234d94fc2541da44b1f5cc90eb2c0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fde1b084f1c65d81c49889b1cfc93dfc

SHA1
b028de2e02d5afd6a59b604f2fb45d9bbfbb7dda

SHA256
876e49324ad681b36a7dae6135d9e0891206587361793062736e86c81fc4cec0

SHA512
d895c685a57e98281ddcd3d9ed6490e3633cb806ad876f577134571ba9151b8c151add2d8005281e46ef4291cda2b24dc88a8bd5586d2ee481626507ec43c041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6b30482263dc96ed557d20bea000859

SHA1
353aeaa53768cb800d0018bef9cb823313b75659

SHA256
38ba0f48702ee6879a081129f0f21afcbc22a2661b2c23377356e5e435c366bd

SHA512
665f16afa6688f5c58b0b1dc74da6e87f99983f41a7985ced5ce16ef4ab364eeac2b8e92d0ad6d19b9843b9d4b2745e70514d2be7bf1b374caef60b9be2d32a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
774cc8ad7e462e59ceadd406cb3aaa39

SHA1
cfc14112557dda36e37939b3cece1678189020f1

SHA256
14229e44f91707b5589021fdaa5e811e97b65bad14a10a40d4f5f430398627d4

SHA512
df86de3c8823168248982276178c23638e793225373475e70f03427779a893f70e788d80abbceadc26b7e765c19a2afeccabf3f791715f9eebd7a576b487d035

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac15cbf307eb840b103b72746f88d26e

SHA1
6f2e38c4439ec3ee5d3054788b0f2ae29825c07b

SHA256
56815c7aeafc197f5d54523a9df834de96b1efe84830a53f9560a0bd853f29f6

SHA512
30a5df9e13a1b2f00b3c5993b5f8f7ac61193ea3745550efc0a24f2ec71ca4cf8aef3e39f00d595fb5dea362388c7aeece455dcb5c3ac23f8663914dacc12b9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c1e2efa711a337fa1098f70fc9ed093

SHA1
30c6fc318d25cd459f66c36219cc7ec7e5881a77

SHA256
501d90f57e6baf669aa57b2015ed293f9be0da94b4e00462bfe3721a7e014b5c

SHA512
5acb74ba5d3c6c544d2f72d8d4b14b0fa923ede6cdba3f979deb605c2dbc3bb810781b1c4050dcce2bdb3dc88cdfdcd8c28949ba1cdc880d10ad077916ff624f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f2cda997ee5c76b8ca43e6fd3176b0e

SHA1
f947d6a26cefdbf80840123b05240927c8c18b20

SHA256
419606d41466563f6bb51b7be5aecc0ba23d186932bde317f9f4d215ef164508

SHA512
cf6ff59f708e663c2acf636abcbf5d833010a33073579d9884bf738f7e2fc9bef481955964d6e3cd5b11135ba1472fcee1a380c7836662861aea67561669d89a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91639b570f66f750a305b241b8ecafaf

SHA1
5d691811cd36c68058422d107b94ad1bfd55f13b

SHA256
7e50434df557d59188ddc2519bad2950b1df3778b8a41f7a1ac576c476662911

SHA512
2e5e30848d5f69ee19122f600504cc5bf127231b73e286da390e44aa3300f2c62fa6a3f4f3c3070fc04ebf1083df70989cc9e7f8d38e7a735a2ba8dc98e608e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
649cc8036eb956bf620c940973a248c9

SHA1
182df58c312846612e0b6d5b60803b7d6a00e8be

SHA256
30a6b7e891d09a40d1bb0a948ff1b80f7dfe0fd8180a38bbdc5e3f2c73e73b27

SHA512
cf4ae3b2d4dc33549f5dc405faf811689f95cb747edb2fc043c5011968fc53c063b18f6c37664d16832ab15c01006d5276db95274b8f070be5a94aeac912a7be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
000a1f386f3bc8a366f8971a7f0a1e93

SHA1
e5f949384bb87154c2d8807138c6073b60c226e1

SHA256
25dc07ca720d054229e5f8e4fd5573a5be325c1c2af0cd66b70f7c914253b0c4

SHA512
77ba6323ff5b376193d34e21a4942cd4143f226a8aeb653f7f9cf71ff675a53f4ce7b0100e53dc06c2b1a415cc7201a8a3cddc579fa3d46f3c984d5efba0efaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A1D.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2AE2.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit