c7dea6e7aba8f87a02270602daa01e935a17417222995952ec38762b0eb88345

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05b44bbf39beaa6d82ab17c2ec46c254_JaffaCakes118.html
Size

56KB
MD5

05b44bbf39beaa6d82ab17c2ec46c254
SHA1

24cc2eae4068392ac5b8fe52d4a8c4d55799338f
SHA256

c7dea6e7aba8f87a02270602daa01e935a17417222995952ec38762b0eb88345
SHA512

79403945ba0b3fba387ecffdd090914c6bfddf317a2516e9e2872f5e591b065c7a8b54258713458f556d09ed9928e1f49cb219668fc8380dfb9b44b31ccadbfa
SSDEEP

1536:gQZBCCOdp0IxClMtifzf/fgfvfVUflfzfhfKfYfZfef9fZfxfFfIf8fbfxfSf5fM:gk2P0IxiL3439U97pSwhGlBJdQ0zpKBk

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00FA39F1-31C2-11EF-A243-C63262D56B5F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cc06d8cec5da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007e440b3eb175cb6e21dc8a0c4dd10b752f93bf208ad2db9ecae7e3efb6937644000000000e8000000002000020000000bb103d28ae8d0491919a2d0467bc8fcf8aee6387112147443d07bc678039a21b90000000478c218ddc1e0c8588d0bbbaff1010554db5f1a2577571a6b701a8dd78cda0499f52b2f8369b3044f0b9ada4fb83ce5983a59ece66a555d94d9a7fcfba323f5cc24d4109f865a09915c44e6adcba78b95afb0ccff84c30926744d104658a78279f5f6069eaafb5f123e1d2ee89bc191795641ce86c2a08f12bcd85faa542521d054f93ee1742942a78eee85b72602a1b40000000701b7fd4379c9568f3d5b8a34f59f7442667e44e328e56d8121c95c08d2661a3494ae47df26997dc7f911de1b6ef159259e150a85befdfa66af209dfa202a293	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425351347"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000bff7253c7c4608f2f40a14f2963d24bab8ca1e63d054f4118efaefdb70d0aa28000000000e800000000200002000000067b0b6fbe071b1807da9aa6012636a93b292a2b43e9dad5acdc45dd637863cc1200000009840b6145ee132f1a5c00d6df366fedc17ba8c7deb3d4204f856a37871ed74b540000000ccc0102bd24e76af155b683eb0f9a2a339e5ba1fa00b713fd798943382a77e26edae99b4e76ecc261aee9473a8b91441adca8a0a03e3dbb4ecbe792999b99e98	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
928	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
928	iexplore.exe
928	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2280	928	iexplore.exe	28
PID 928 wrote to memory of 2280	928	iexplore.exe	28
PID 928 wrote to memory of 2280	928	iexplore.exe	28
PID 928 wrote to memory of 2280	928	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\05b44bbf39beaa6d82ab17c2ec46c254_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:928 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
355e4916167433be223079431b56473d

SHA1
e4559569c8cf9b5d2816b9f5ff1df0168d135ef2

SHA256
404e9d0ee1015994cf309fe8c8abd234446ef846d3e48a951e452bcec0279b07

SHA512
a8dcae0ad3336ba03a853c61ecd643241e3515164065cb6527da0f9fa1ef367ac89ffe81e9cf1b96238528f41d3f0c57068819e40f001160163cb4cdb6a8dc82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9499bb4ab26ce7ab846f27b180e06716

SHA1
02c507327fc20d0471f6a53d21a14ed9f6cd73f1

SHA256
69cff96c4d9205ca91259908e9526327ebafc4e8e0c0defdf75ee8deac26e815

SHA512
b9bedcb7c16050e8e9da1661fc72196eaa3039d39961dace39edc17e8a7f623d79eb6f93a0266fa27e0585b602f4056b4b9a80a4c3fe13680c3850265ad36620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01d56f85447092c09f218d7069c25350

SHA1
4c305ba6a96529450c7c85940d72c7a57573aed5

SHA256
3951fb22f8f5ec70ab3a701f084fb4a2712aadc4ef735172fea52e4dc529160b

SHA512
20c9afe9a63f4108c6a36201d75e4a7cf65d85b3e75a9b196496b34064cbc42c14faf4188786812b421fa6a8c2bfda826fb534c595f31f52dcd33d08bb49b125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49cdcb54b8ec608e77e4fa0c98b9c86b

SHA1
b64dd68fb79df7fd27dc3c8d14114546c79be934

SHA256
2bab9049434f5c5026b73481895f432c4e5fe555f5530e2ac2cc6b570afa52d6

SHA512
b9cca5561d8b900431296478508acfa3414b765d4efab242a65f985ae1fcffc746cd1781878216e8f0fc131779f4e54493a3019383e387ac4e1b73ddab9238c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3de15a16b471c0a4b94fd5d9cf9566

SHA1
e647a7e5d0b265595b7528a270db271b5efa9437

SHA256
89be1e05ce9410d6fc94f148f3eba45ac72bc1d43271c1f4a27f1dc9f209ed43

SHA512
e7dc417f33f7abf54de217d1627191af0b262d607f24e5c1ff148250704fcd239503bea89d9c3634f1367456bfef425c0c4028b7e507e5a4c2f47304a8e85fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
752efc1a46d8e09e30cec0d1f3230a76

SHA1
e1c030ca91cf34fc8822609958dc46798dccd129

SHA256
4aecdfd5e5b573c4821c7a701bdc90a97ed89ad82d224843a04d376ef4ebe512

SHA512
5021a52c351a4cd46d1037cb1167925c5973ea72ce1ec66f6ce9d8b62cf173cab076d72db23db345cc912833b9b18854cd4f1273c5cc2589021c55b38eb35e7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45933b5b2dee2b58fcf610a9b7053cdc

SHA1
ec2548056a1b633079ef64f0647e2d5f66345d4c

SHA256
567983de84462f52dc76f076f6db4ff51fef673dc6255131f1e2abd01cc05999

SHA512
4d0ad4007836a7cdd4877bea5683d228f8bbd00ba6ecf2a150bae1740f467c201c90033b44a70eb7ce42d120d502f72a3492ef3c9e836b5061871e0dfdb54de1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29373a21d92d8b62929888fa3e03bf53

SHA1
77d395c350ba160a9da669c88243bb09400d9014

SHA256
3d229c8378378e956ad2d68c3776b466bfa423f54109a72de5e9b0d019b1f184

SHA512
e4183002ffcefa52a993165d818f43644f3570bb851b4f5753361212f2453f36811c297be3f562e98a8258067c222a3059fb3007eab513ad694826b79f14ba98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
772480515ada8b134c247dc68a0ba634

SHA1
787af59cf6abbfcf05be47ac9e759082040aaa1d

SHA256
2b2ea4e65c2b42c4a3623eca35da91248cd625c00a8ac8827f53dbf469999f78

SHA512
0f10e6460316a535a3aaabda137a86b1c5ecc1548d221bb8fa092dc397514458bc9d1fc6c1b6296258b8514e378fdaebbd7e128ad60981536c4e0bb7106cf65b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f78cfbf2f715d4011eb4de2c466dc810

SHA1
bf47181422fe7809826715ddafcdbe70fe08856b

SHA256
0967b87eeeb7dab342a1c6b1c84c0634c4f220d7eb43b1351b1679f25e9499e9

SHA512
ec21551200194e373f4792616e5dd52cc02879c01e42406293d29599aabea73f3c3c89729059e957cd6b2bdf4e206f3721bea5993d58cee2299d1daca81c9f14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
696326254ac1aa0be70f891f7ef84751

SHA1
75eb18301da7003eb71e56069d463e324af7e995

SHA256
ef0b50c5c87e04d06e1f275358095c54fa81e77be375d43dfdc2a109be6db136

SHA512
a54aaeada9cef6e7305310084cfa96c7b715005a67d14b10d90b2a69cfdbdcddc735b9f9d109c6ccdb01be6d2d4c373acf3c99fe007a977f7f537e6a131aa149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a2d4c6c8fdab3e82d01f26faedcf691

SHA1
dffc4144dafc65b934e9524703f0b079b9acee9c

SHA256
f290b6aa874e53067c048cd685e9563d13584e87418377aaa77ae9e2346344b2

SHA512
95ba748654764fcb06f2926d5a766b3f047ad8c754c728889d2a3882d1da697454d5d8ebb6996aeddad6045f7fc6a5be258796d855f139a29403686f4ffe8444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
031716b60225b7933b64a59aec6a9eef

SHA1
446fac60f076bf9c54cb759458d09e6d09623569

SHA256
31edef6631cfe49c015127d6ea737d594a608e7070508075ebb4419193b56710

SHA512
ebe9bb62737cde06fa913995985e00554b6bc367a76f0456524122d7fd3f260734fa4d1cc9104629370cd073d1bd2bca1e57fc3356c466bb4b131ecf780ced3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df50182687d029e79db6abc75c1ae594

SHA1
ac68ace0f5f9111f3690031bb19b7ac5ddffc395

SHA256
794b86f67f77a085c3015b84781d091038ec72b459ad44d668c560094d88c4b0

SHA512
1f1286faeca38597b96e70d772873e2cc31d0fc8ba491a87aed8a04c64fcd1457ec367ac20292d2e8c473a0da8551be06a3ee7824ee38d954cd55eac04fcd875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e41583e178a17429cade51a5480ee328

SHA1
163aa35567238d45dda4c522a27cc9bbaba19eb0

SHA256
42b981a4161ebbcfbfab07342f478b78ca2f4b5930062de7fb8021bca2c1503c

SHA512
18ff2304bad6fb7e73c5a1267d317d55eeec8a5701bfddfa31a6e8d64c9e52a9f77f0caa79ad4e1516bb4272e112e77c14896df8fc879c910a2bf7e64b51bbd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
180f472cfe5063f61138e651e70fda79

SHA1
e92934080123a865572230a4cfba54c10894d3db

SHA256
073371e3eaaa64d5529bffb90d7a10fa1b27f689385b94c34f8baeafd7fc0e66

SHA512
76b618a8f9d9a2af7607add6e24861d5f01bb9722d6a9dbf78bd58451c980df31138b2836c15207b79915a2a9072d6321994c44f8bc72a9fb96d5d93fb62dee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feaf129b6b5717475090301ba97409d7

SHA1
5b806fa3df490c59da666c1015a05886c78c34e1

SHA256
afd7891060b9f3ef7b185daa16b10b75722799d1389b69a6060424e5d9b27ca9

SHA512
0b0265ac6393227efa1e21afe4b52840601e825fa93e2d01669b63f9ce96fa46cfdce18417cc79647fbc1e2d843a2374ad00cd4eed45d79d3a8123ed7f959587

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8846.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8847.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit