1487e4b50b146f9907a2bce03cfc73a6c491bc50b9dc979baf29ca45abe0baa6

Analysis

max time kernel
138s
max time network
143s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

174cd39bc430d8b0514a99ecd81894e0_JaffaCakes118.html
Size

57KB
MD5

174cd39bc430d8b0514a99ecd81894e0
SHA1

7f26b238c818dc69efde285716c3b88b18b03132
SHA256

1487e4b50b146f9907a2bce03cfc73a6c491bc50b9dc979baf29ca45abe0baa6
SHA512

6aee394a84854997e5eabbec531b0239fb97aed19aa1577315aaf7af132f51aca771ccbce88e2af222c840b917552dc61e47451c96da722d3f2eb811f26d1516
SSDEEP

1536:ijEQvK8OPHdyAFo2vgyHJv0owbd6zKD6CDK2RVrozgwpDK2RVy:ijnOPHdyL2vgyHJutDK2RVrozgwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000068a3cc0ad8eeebf1b333c0a9769a78481a518364118c43abdb2985d55860c9f6000000000e8000000002000020000000e48e23c6b1dba387bd12cee567bb03e66c8248626b62d5733959640e7927600690000000036f13daccb1317d4a252e654a8cb56d3ff3a3bd4eddb647592583be91ca82fd4091b0cf049912498346a723359d609cf3157545401f36bd36fa6d6e3d793e371af63b0ab00efa00cb85a0c9f78faf486120b20382fc3f911ba8ce069bdbdb4063340deaf7d8929b457946d11ae55aac740da15180109f0838adf1a69af19bebc2cf3cb3c771b9ffb469320412a05f9c400000007908b5abd1ef37597339dd78fb88ca2b096408db073c0b087a545800b739d61932e6bbe3b8c987764d567e0bafb5c61df5a985e096db04c4333ea2fd3afb27f6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11F7DD31-34BE-11EF-AB87-5E4DB530A215} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d072cce9cac8da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000012c50406bab8abda6abd6ba7d4305cf565535c2829788b1425023cf63160179a000000000e8000000002000020000000dae039334d7f1f2ad6eb6d0fc4b104ef3f246ec18d74c8b30d9d06d44dc1b13820000000db134cbe35811d325de58c0705ceadd521bb471a328c5719d1a5f1828659916d40000000e0d40697f8177b625cab468308b3dfebca4ccbd2b539ffd0fcb5c8c8ac9dbc0d28fbb5d0692bccb668eb274d4c239e33b8ac87fac3a3e8435e8aea25134691ca	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425679513"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2764	iexplore.exe
2764	iexplore.exe
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2768	2764	iexplore.exe	28
PID 2764 wrote to memory of 2768	2764	iexplore.exe	28
PID 2764 wrote to memory of 2768	2764	iexplore.exe	28
PID 2764 wrote to memory of 2768	2764	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\174cd39bc430d8b0514a99ecd81894e0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81cc948b88ebf9d8a4f49f10c4c2086b

SHA1
b7f9f7344767f6ab88e83fbf94b3b4e48885d7a7

SHA256
0f147bebf02a7d2e383442e259124e35c86d21086c5a1437d83c5510f47f8f5b

SHA512
2a96225cf7917a834100aa2e71d6a5cd070d2f3cf296b64b6dc5d95aa1243acf069e3b0d7e1fc1c47b49f5dbaf5486cb779600be7a704543da2fcb28a7a21c06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41691e73131155443e058c85814c35f7

SHA1
81889dab767cf6ca97bb0f81c3331a6c8d84b26c

SHA256
c293bc15306ea66a9b67806d587219c48d7f8570f27b3436c4c6f69dd522543c

SHA512
d7565b2ad5c95fd5ff8162a0283a0b7f151518936f23c5f19c5c4448d56768b53fa7cddb35de9ed03027386e1ea88cbbc3416a4b183f45c33cdaa347f73fca8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf8079c71b363c571b76780deacf511e

SHA1
1272c00e15ab394184f9f7ef1176683383fc293b

SHA256
8b0dbafb814bc33eb8ac1207ee52e5a979dcd9ab70ddd3077a2b4b482318e7d4

SHA512
63771421fc9174b2ee0d788a508563bc128a9ac1fdcf97e675eeee43d7a453dd35312b87d1f3bc7029c0ca8e4d9110a3fe5a7f5874ce2951f3b239d04e3c566d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db2934968ab32d1099d87357aefdf1c9

SHA1
9a15e52debcaa3811d7396e4a41824b46f9d31ff

SHA256
a2cc2f8bb55c6b27156b03de1b32afcf47f99813b051967659610010c875a44c

SHA512
147f2018dfcebbae904e43fa69e389aaec0a376eb4e183fd42f7362c90be9b847466fbe8933ce9b5801bcc5e05571568b133509751ee299bbae4164fd0d0db05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9a2e068647cd1583cf9467f5361beea

SHA1
c39a3fc9d4575e55c50564da351661cca432cdcd

SHA256
66415793b488528f6a2a952830f36c61855c70f6685414686e71b30bd6702232

SHA512
7f8a351070b920ff46a91bb8ae6a5b1179a1dc4e6f59dfc6ae845825bff2170ee0d84fa90ab2a447641e2995fb660e290db78eab881eefd46db74c5c8f130a2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ff5a6cee2f81e27ea9fe3b67c3231dd

SHA1
864da72d58e0355121fd8d78be3bb9a1eca9b2cc

SHA256
7dd4c6c989137a94da7c01bfe3daaee055957d2831cc5f6fe187d0ef7e29a109

SHA512
b96f02ba881f005b4080f64739c18b8a37f0a7cd0ba01c4242ec581a84abd71dbc29ea2a4ed26e84274997b111952790645d9d4d097a0da97a7bc6d78d69cbe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2770f483161ba73e63e6d2e843766772

SHA1
1332964d03f68d3480107d1cf6b1e8b4cd714f1d

SHA256
ce3ccee8fdbc21645b8027c9fb4d3b883972bf6067a5b1aabc4405f66d65b3f7

SHA512
3b89988966d779539ef806abe35607cc85a648ceae376428ab1e03611299df1c539cb874af24196c972b7b6d2d64354232446184099950e3ba019341fb372ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec159b5fe0e8f978db21dd5a1f42132c

SHA1
2431b7dc2d30d1da672b588f932422dd6459b4c9

SHA256
bfac6bb119e344bf69036aae7576a059c704504e03c088ded974b8f44df35013

SHA512
2f9645180acac3fc72703b4a32fc51f5a85b7a91582db3fef86177333c381c2021cd1cb2a3641bdba350d1918af560ddd79536000fadb87bd5fdf7a8fe84f897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee885fad9a72befc1698be4e45c5ab4a

SHA1
64572489647526c7ea9f234ec3fb2f1e2b93db0d

SHA256
695ef1963ee3f325ca6dec0d78dc29f0d96f39527376396556cc60c23999bca5

SHA512
c3b59fac24473c6c15010d6c2a386ad16eb93779adce78c7fe39bd19b059aeb05f687bc80e3d6836e1a7c36ee0aa930ead0dac8a4617fbc817974c73465c20f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
564011f0a6cbb3fc1ba9edbc887ee2ad

SHA1
b2cb7ead46d2412e0ef93555eaa01a1b24d8670c

SHA256
3d33b3cffdaeeea60c95b9d707224f6d19af7f07428f003c089e11e8c128ce9b

SHA512
c7185649fc9646cb6e820c1f4d233c16d3f79859dbe8362256018e05dba950dd72fdcb7aa9d16f80593edbbf898dd521a54eb0906b52485b8ced019ecd8be5de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89d5b144f91f50c20f552c8047279b62

SHA1
5db609ddd5f9dfe2bc4f19ad6da791a895ee3ff0

SHA256
6c430909a671c34ac447f196bd51b9298043753e2574f5dae4c6b5bb0a421d1a

SHA512
4ecbd12065e02805db2c0267f4229be35b57556230a106793873a2e41d75c56a83bddee4b3647291b131a8ca436beeef5e60e6df69467597c33854f05039430a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adda66b8750e57fe9dd14c7fc7fa6fe6

SHA1
a28b63424976e1927d61e9ad7c645872e729c735

SHA256
9da165ff809ae13f35f9d66a235a7fe4a665dfb1e19b90b4850b8548c4fa15b8

SHA512
9db9fde9a18a4777e3b4e114f2dc6dfbf48554f89da758f4e431d316c1f0dd67b6596da9800dbcd908cf59e5985c1434f139d6d0366f3cec68cce3dbcfbd1d84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba4476eeae4aa3383adaf3a87a5c8d22

SHA1
f4d762433a7d3d3e87b74da2723d63f0edb3c37f

SHA256
1d9ed756c313bdb1be94b3e0629b3e6f4549ba3daec760f1c7d7b02a82e21e8d

SHA512
5eedabd4bc3315ca0e25467361f5186d44512b10b0449dbff4695f04d6479a80a882dd185bc7c002b8c9b15533dedb268498e8f915ded98e74024bd460d2cd74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3716f56b1b2c3b8e064648227e6bd6fe

SHA1
778c0b0b532b0a4b059b8125b79fb530940988c1

SHA256
baa976f9206a1d6d26bb985139b0cb515a29d82f0fcc28cdf2a7e85f9e9ffd64

SHA512
b2d5bb8ba4b9f3382a9163c69a33d67e6c27c1a1ebd01f69302b11689fe281891b56ba57b845d3839ca550ffe089c6725052c37e9b254776d43f12e1a5b3939a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15ca645d087534f5e32e1f9f7642d88a

SHA1
bd5c957fec152ceea63094752457a082c780b308

SHA256
4776eb3359b0ea22d4e2e973ad33f5c8d93bec123fb6669dc7a8c32e8ccf97b4

SHA512
987df3187a3194cc574f41f403c6f658e660d93beac7fcb7e2f6adc1205040b6dab207c78b7bb0377a73ca31cabee53a0c2ff0ff51709bf2f386af67772aed57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d3160f3214f386777a42a4545c0f2c8

SHA1
4b484ddb7222127471558eae2a35c7695cec9338

SHA256
c3a29b7d8ee380fe64bc7a52b1b4aa5bddb7f896b566b6f052b0f601e9f0f902

SHA512
40a67815e1946978c66587dead4e4d2b824dfb669668addccd33fb2e8435ecfc4868be83da73fbd67f4de9634f53d8e2e94620a1f023508286e283e89f38387c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f337919ce7b4c21cc18df30a87f2ccc

SHA1
8f4b6cf4bad4c9af5fea95467257ef05e0522cdb

SHA256
04a6290cddfa843f14f3730fcb6cd83901f6b5aa77022cf596c81be653a5ddc3

SHA512
917c3947a2ae9a6782112f6ca7a8d6b15ea310b99748fd61b1d2cb84c5dad3bfc0e0a859623193f9c7310eb1508261493cd74afd035813eae6fb53c8a147367b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\f[1].txt

Filesize
40KB

MD5
8224691466715bdd8afac3eafdc7a8cd

SHA1
9e5e4712a109daf5a60e0f62eb9b78b50a19ff07

SHA256
722ec289c5762a8a250617c14587434eb322210598ba2d7786ead725f871e37a

SHA512
812e80249903062fdcb551b8948a68b816397ff7b17b930d8eb75ed5948338497c23afb06eead70f460beb70f3813ddbc454843d067b97bc1f1a5d24c589fdc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5C93.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5CE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit