331a0bfb82213e649c06a911c322c9bfe1664b9eea0f341c79b6b1f2344053df

Analysis

max time kernel
133s
max time network
147s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 17:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09c00d7eb3f1739f8a201ce77601ba6e_JaffaCakes118.html
Size

1KB
MD5

09c00d7eb3f1739f8a201ce77601ba6e
SHA1

bdf94cb80a35db1f3af442a5a34fbb341956fd8e
SHA256

331a0bfb82213e649c06a911c322c9bfe1664b9eea0f341c79b6b1f2344053df
SHA512

a446544647417edb208854c8ddc11e6e5c5e99592c0e39bc2b5ee4921e83b56c05e780e8256f7d78d773794358475c74e46ee10cfc7ccd0432b965b2f7c1bbac

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B44FB7D1-324B-11EF-B848-DEDD52EED8E0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425410489"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2080	iexplore.exe
2080	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2568	2080	iexplore.exe	28
PID 2080 wrote to memory of 2568	2080	iexplore.exe	28
PID 2080 wrote to memory of 2568	2080	iexplore.exe	28
PID 2080 wrote to memory of 2568	2080	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\09c00d7eb3f1739f8a201ce77601ba6e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74d22af061dce707e42ea84f14d23905

SHA1
e9d9eb1bfe67ebb03102ab1ad9be106ace804cd3

SHA256
44183c322d0dace66a0356387a449e1428e625ad2416f29a0f9fbcc7dfc398cd

SHA512
d22309c92cdcab1e64104e5692d796071d99720b1071b8fa266c5c023d0a9154fb508fcd9c582cd1da44a2678c00ae58f2d464c716d343cab3e66767f8f7d06d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45f938b59506ac8270965998f99d4164

SHA1
a868dd45171ab270dc3bef0f29ee226adcc05d1b

SHA256
3a3a75ea974dfc4ba78a08382933fc0c478bc41dedeab6a2aac4744c59e60dc6

SHA512
bd7217d25c7af1946dabb6578f247f0c5688130b333445e18c13f3b0a0ff42d1626eed083865bd0eae1259d949a50d04d61b8924fea2ad793409f329d8d68805

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5bf3c56a3b5ff8a06eaf49a6519f9d3

SHA1
a2d319feca86251c69f4aa80f6a0298e67a22f15

SHA256
1f33a07d2047388d547890c12619a0548981f79fadf87429714efa527d49978b

SHA512
e793c43f47ee5d7f4e9e806cd5046f3618afee94f0eb585cc0a8202b8863c80aef6ed0bf6bf0a2f6b28f1b40601c92502df2296055681be57ffa071b6a68d267

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50d4b2f3f0b87093ad38022f64a21a8d

SHA1
df150d1ff0d626e58d654596df13c142d91e4a1a

SHA256
466728dd4eff3128c57e4dbb46626bfd5051cd5ea4a87cb310716fdde5df7899

SHA512
339784c2de732b576df77f88a4355007383266a64e47f392114f3cf03e89c05de6bea7b3810577e7c2f4dbb430ec8f764792f0bf379d1507b64cc5376d4e215f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
845d9afcd908f134d2f36d5dc3d2434a

SHA1
90e05210fb5fd43ff3b54d34364c4435f85a45f7

SHA256
99d40ad6a26cc05dcba70e5335c34cbe581f3038a70ba4a767eb74f0c7477f9b

SHA512
f7703a7de89af707b2f1185df6b4fa22dc39214a9fbfd8b1715772af4addaa4cb0b7f8a6f347865a132debd8c28e33e459032113c58beee03ad2af77c5ac98c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16b9fdd201692fd0b0d013db0c2e8723

SHA1
835e24995a9a691f3f5d76aba63febcb519baa9a

SHA256
1c5de63c168d9fe06396a1f988ef768b3e8044150d43eccbccaed2727c98a108

SHA512
653ae1880517343b494866c68c5313fdf3c783d5f60cac38849de4309affb4328fe4847cb1125da6db99a9b63ab06383b3871e4e99c348cf8192d537b383cc9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c181ecae26b2d95639a798b14d3ddf1

SHA1
a6e2d5cf583fcd5336e6c772624c914fd46aab52

SHA256
53f860d0af31fb9839327be5f56f484641a1a708915eff6fcff81de514f765a6

SHA512
11f1f347967e1325d8f3af117a02d916abbcc5706f7ade169f65ca660c5d0e2f7919c3d3008c60205a0f1a1005ebf10b9c1721a8f1b3fe29ba91df164a428fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
260d692d6232d8becbcf0f8faf4a222a

SHA1
6fb22fc14928f41634ee288dd660fec2eec85636

SHA256
fa0c17043f50b4888a8037c373008cd0fdd7e35a60c06af9da23df8463a61f15

SHA512
a11a1207fa023795b47b39012d78c147fe9fb169c93b597b413b4ef3db2837b05b8490fc1a25cd6a4a7481528280e3bc1c9b595e155911fcd6511c7bae91d18f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad8c2ad00c241735fa6feb403c16d26c

SHA1
83e70784bf7e903f1d1ba7881d888576407f7c4b

SHA256
64f1795038f9b0289ee400229e618880c54429c21693be7123db60150ea62f7f

SHA512
ccab158959d5f7c0a2fb3819c7a4b304022208cc66a9be9fb3b6dc7bebc7bdbbb24f9b66609505a72a5f3e4a75a9b9e7be1dc6d99aecd4a7eccf4a2a784815ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ab7cc6bd57b58a037e34a22740f1225

SHA1
9fd735353525b2b84e56acb6dc8819d9ea6a6c63

SHA256
75e13ba98cfb2d0d0013000a6422fa79d1fb6ff37808703305e4406659aca449

SHA512
420504efac79c3bfde737291935a837bb5f607ec1a6f529717f9d2915b333504480ed29bb1f4cd644cbd13d6e4a87fe8b8414d7682db83bd28429d85c9e289ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feac7b18945fea573312f915f21885c5

SHA1
54706fc63c13342fbb3adbf27e9ddc02b2a361f6

SHA256
8353555a3157e2e1e16be93df34fb4684803d7af63cfdbc3cc86259972521db9

SHA512
df4a4b04f1e762b5d4edd4ee684a9fe7cd55d121f746043d634670b50aad894b7e90f6df344d2f09b60d6b45cae707189cbb25d5c61407a69beb75825607c737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c779910564519c1893eadaeab878b1cb

SHA1
8bb4d2630c0800f138bb1a4f7345ca14735b06ae

SHA256
2147677ce2a355ce3648e686292357ab53a680a30ad5fc9c44383b8a74738de8

SHA512
6cbb15f3101e4aeb98e008fec7cbaf45df2bf917b9fd7342d6f84f8ae913aca53be46e83a83d440d31607a24b9656579d31241d20766b39b03173e5abe8bae49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd9a94a3d5ba4066e906035ec152ee13

SHA1
30fc168301c292278a7d910af98f8355c7203baf

SHA256
c977d0ec6cd73d9293487606c20ef900080dbc57c6bf30c4627b825fbf6e6974

SHA512
e73025acb308aa563f40358fd4099023996b90aceb8490bcfab2546a2ac79f8797ab2730d00ad1210b9ff8f338a2367c541a63c5b76df1cecdef424a83524809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd7943ebabc8145b506e0e9213b7b5d9

SHA1
1b01a81ee98c30def6e72d08cf5b40f8cb2dd7a0

SHA256
a55db3b96d7ac054b73bccdafeb51d71a310903920431fc0b10a9f29f9ee87fe

SHA512
af4969f4116bfded05feef86aa3ab4efb79d505836cc517ab3535c655b27213d9f528dd4d7872fea56f4b3572af9be5e5a95d5de2fd770489d73f8b4d5e26a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20aced8dc3a1281004dfe48712480d87

SHA1
10090d49eb36026e888df6275d4aec929ef8954e

SHA256
a754ddc4791ba160e43f7c2eb39c036cbd374d5339862f2fa88169d4f347c388

SHA512
9c384f985970beae434b41b67ef47b7d1e0a7ce498ddb45bc1cd9d8beefa53ad130606075d72cb18667b8ba02224148f0a1727820c2f42103ef73a17b32d2289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
693d446a8df30161677ceb4756a4556b

SHA1
0f1e383b9974616164b974ee9c9673d31d2f0b78

SHA256
a34fc8fb9f9e6fa292cac7857028b39e2196c68842abfda116118c58e1939b3a

SHA512
48c1220e0c4a9e0e34b7b3b50fbb60c3d612fecba702c02488988b0d0277b2cc2105d2fce8d36f3a6d817661923bd924a0b0a840559a9d7dfe84bb69d41d3d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
786da019c18d91bcadcd913782c6355d

SHA1
01d55551c535b27f29d241f09ea7a4c38752516b

SHA256
59e41333869d18de4cbbebac824a3eaf5c4c5ce8e90d2bfe823c74c5bf444c68

SHA512
1792a1161d5f5d32b890eafb0c023e7a638e2192cfa88d1833939dc3a366cb892d73a6058bbcf205eb250500babb2b30fe9463dac8ba0967355344bb61a256fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53a8604d0bf7d357489dc936db82911e

SHA1
6fca9501152bd3f78e6652658a2b4cdc02b8099f

SHA256
3921b44bd69dd6c0ba62f825a3d67d8c8bf36d5685466702d62f2a344128f267

SHA512
552aaa9b3917b3b6724f79b5d3eaa3507d34bae072995cf5622553b9c420bcc878f619e435ce0e4cf12093ca4d7578ddcbd8f8b266cdd9ec2ecb3cf4d73ccc8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6429bb6524016b8aa591bd03517569c

SHA1
fd56a28af011344f48bd37a1aab82f25f9e00767

SHA256
86b3abe40bf05dd32b8e5f8c756011f0d4e6c2fb1d5c92dfc8d4c925aa2e9a99

SHA512
371fe08a81fe96d426dbdd60c66e81af9be61307451eb575b60a16e9a714c69dd84e2fc108baf6e1ed90ba96c65382a4f961b59349f45dede0f26ef3a7d2b7ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6BC2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6BC1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit