459feb43541c624e336921811355a234783a6764f636b2ba7421d270ae32f673

Analysis

max time kernel
141s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a1a696fbd263f983e33734a597a8dc8_JaffaCakes118.html
Size

58KB
MD5

1a1a696fbd263f983e33734a597a8dc8
SHA1

bcb528684775a3222ce159f2d8299e21d9a744d7
SHA256

459feb43541c624e336921811355a234783a6764f636b2ba7421d270ae32f673
SHA512

4086c0f6cb7ca05f098d618b26f9b9ead135a51f0858092cb27a049706494a43ab832259af24fc91a451ec07f2a0e7e1a603512326052ebd2b1d30492b6776a8
SSDEEP

1536:gQZBCCOdg0IxCzRu7fbf+fZflfnf4fSfwfyfJfhfzflf0fwf6fUf6fNfTMfoflfs:gk2y0IxZzGBdPwaoqxJrNMIC8CVIgtqf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9024c42656c9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45592EA1-3549-11EF-831B-46E11F8BECEB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff51666970d17c488789760c5c2f6f7e00000000020000000000106600000001000020000000e336924a7391ea36ecc98b9aefac94210ce779d6a6575870423273cf482d97b5000000000e80000000020000200000009269e21db56922c841c195e90e64703e43c8150511ca9127a0c1bc310faa37ec90000000a8969fd827250767994417551b24f3ff44aad266fc7478cfe5274ca24f8e1e32c9e76b186c891f9c896052e5ef8575aceeda6ce498cdf4914938ec3896801be612b41cc034606f8f7338645859cb57182fd8606b792921ff4e1cddf5bba8da2133a8a0bade5b916ac18fef6fad7aa98fb2ae50c80d2b0006b623867e34343033883f9dd18a1559811aff61d593b5daa7400000005b26ae0f975874237780b2e357573f7f12461765ef58ac01d3448ef037f9ed093a72090665f52f18534d5e9d6351fa7d257ac7efbfe26fcb5c1f71399ab7b45b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425739296"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff51666970d17c488789760c5c2f6f7e000000000200000000001066000000010000200000002b54734d72f5446e668c75a12b935f6f90931c97957917d364b3eefecfd2d85b000000000e80000000020000200000003328be18b9e77320af1e0f57e0547952659ad56bdd0654d598a42a13877a808b200000005a4a9fc68a6546c469b6713eec9a19bd79aa29bdd7551747b611f526e28e273b40000000a7fd6dc4a6d0e0e2de8ab01f7fb56fc63125a34c6616eedb4c81401b1d08d6d9d99f62df83be26482819f0b72cc56da7d6972056878c9c328ee7a454e54d404b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2988	3032	iexplore.exe	28
PID 3032 wrote to memory of 2988	3032	iexplore.exe	28
PID 3032 wrote to memory of 2988	3032	iexplore.exe	28
PID 3032 wrote to memory of 2988	3032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1a1a696fbd263f983e33734a597a8dc8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f404123040ad1b30d81583d436f4770

SHA1
2002f8f5cfa7b89bbbcbeae0c8634b428bc66a53

SHA256
7d65508792ab2605bfec69d437b5329bec51a559c0685ae1ed53603efa2fccf1

SHA512
de998726c395dbf37756105d0f011c52635e1f76d6496d4afd697d3d60678614f1b3fdc0819607caebc701b085bf8199a51ec94b6a8551ff266b49bccbdbf165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3328079c66fa2361b2226772a53f4da3

SHA1
0e2dc89fca597fdc666a84d572ad6742dd76c052

SHA256
27c849b5924c2b28c5e14b29a09a3f07894827505b08a625dc72a39fce98ec0f

SHA512
9e3c90de40697f8c53f8f7591b141d33e93f1d5164033e119f240d0699dbcb3485238e24e0b97a2085dca827ce8f608703db8f9eb5aa1f73d09fee2662559762

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29a6534781a3fd6538dddf690d8b129f

SHA1
a40a82431de4d2d570efba4f6384098c10d41ec2

SHA256
ea696ac8428d2fecb582efa429937faf8c47989fafdcdaa80420b0c6e1286d21

SHA512
c90c2e786581c20cb36d812709b826b3b0fabb62adac2659f98acbd69d0a7631594c7900d54b901bf2073baaacbe125601de20dd90e3961a6dd55a7852ccdcac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d12ed6ea0f874de95653014c19786fc7

SHA1
2ca24130926fa1b429827853aa01e2199da8e38d

SHA256
59c7578cb285ddc896acd0b047280a066132b7548d673643f1508b3ebed1aa8b

SHA512
e5378b65744baadbe592696d5173f10fa8ac04e0e99c7c84eeb68271b0afc3510013105aa7a76bd18fa1635b5b169e79a1e8d0be6f9778b2785ffb01667d31ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cbca07aff96aa45b8a0ad634b866c8b

SHA1
4d24c9f51897da65c626cecc230096fc382d6cac

SHA256
91193acd99e257e649586523e7a0ec68a23a870fcc510aac3778b3e1c5ae8813

SHA512
4a44ef5bc84624c33b856b2c2d501f358eaff04ed868c867b817872fc6bbb61c85f05a3db373ce953d7974b0da8f5077911a2ce7873fab328bd62c4edefcc998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b530731efd433cb82ed9460a96beb2df

SHA1
a7e4872b484e8a6a4b8fbe12a3f9b549f6065e5c

SHA256
6f6b26e1d127716e56a267819845e44c122ede48adcc414fdb41d74bfb0ec8fe

SHA512
c9a069c6dc21800db656014b838157032fe8a7b94348580c9537fe9a715c01d15fc51396476f5ac4433310bf12d56a8ca9771bdc5c72c82594fb463748877dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b81c65abe57d5b3df42932a3cb244503

SHA1
e508cca405f2ec28b9ccb21ee87e6e7d5556ed51

SHA256
6a2a4b3f73df463d69a889b501d611884ae2a7cddbd26febdbe4df70cd817b55

SHA512
cf6f3478eddfac2ae6114b80b881586daea692a24db41969762b8f7bb51f176550a132d02b3ed8482363b23f3964e1e37b3b8ae1353e7dbceb555a5b3172e067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0103053cea9f11cfbf99084d808d83f

SHA1
d414735fc864237cd0ee9ed5cc89e86ddb529657

SHA256
ba972d8bc0751063986ab1faed35533e6c9357a8e42f4e057f829fae8a009935

SHA512
4368cb8950dd983396f53d8b9f8c8b920eaf6de3504e3ecb498be9c9d4ef5a868f76e817eef3249923f06241ce41b7275ee434a250f0c043d8f75c230823013a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4a8bef101ee80567c30622acf576e3b

SHA1
266c6e6bccba0342226d7d0d4b554108b760314c

SHA256
d846bbc9677cdc265e5d2f45d704e774c3065dd69d7b956f755b05a50174941b

SHA512
51cd6031a603d5c1067b7dd9cebe2d63997315d941684dd4391ac6aa20f77d2ed42ffad0f445300ca9c6c17fe93d2f4322349f3eccc5065ba22bb7f83e2ab2c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e77fabd72b4a9f511cbb8ee9d684450

SHA1
af9fde315489f8abac02b453e536ddc271c50d3a

SHA256
42efbc36c57efa13de5c381ef4d308844892b9bb3c2b524635d2abefa48d7cef

SHA512
592abb04871e04c07623828068b1508e792eaead85a938533fecdd6af350dcb405fc3c917ce77aa7bedae14a4d2fccea8f3ed2d558236de5c39bb13b3564e1fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5c667083b94940707bdaae596218aa5

SHA1
6fd837d7d0d643b447baaaf682382769f8f7f52e

SHA256
36274fc8d73d68b6b7a49f05a0b97029e51dbcfd9bc69e1abc4a1acd93dbb4d4

SHA512
972dc3b772a8e1174c5cf7a30437eeb57bf36f24c54034a92b90bd67c70b03427475a0ba04fb432b8bda25b512469e552483bced56333a309cf772adac996dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95db90a7268d45870455ee5ff7d58c05

SHA1
83e16d3a7e09915e07a3981a8c3ea1c248b00c57

SHA256
bfeea51cf322530df22df2bc1d277dc18bce6f1568e156df5918bffab600b1aa

SHA512
6a26234462a151d1133d2f7440d7de66de355d520b21bc4106de0996983394be7182a562d4147c96c256475269c3f626bbcf115e61767419f6d0114458dd4f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93330d9ce48286523bfb377c645fc6ba

SHA1
2c2de6f5c4863cf608989bdd48e93d78e96098d8

SHA256
f9a576b7a16458dbd5a81eba7f30d9ac0bc9ba3e4cdc5842a15dad5aeca1434a

SHA512
7ae2faa8d62f087d4044603326ca0ff2645f2effb2bd9fc8ad09962abf5c05d1bbde939958affb365c1cbbdeed82abe270682b808f2c7fa2f673d00c422f8aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc4427bbeb2b2c6977744e83bbeaac9c

SHA1
82ff1f58e3202be9600d4a662dd6635c2d7f9ef6

SHA256
5c3532de7a1d273a44c0f0efd5bcace65eb7c60dfb259c52a1dd5b5cc59a2c1e

SHA512
18b913eee13afec5b4e48c6c3d90f041f96489da28522f1ac0a8a785406240898a49146197e5e8cab2fb250b3b0612fcd3d8765aa96ae442b5c22bc298a6fdaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
909cb157b71e05e77ed950d1fde25434

SHA1
3ae950ec705d77407491cccb1166a3a3d4799ac9

SHA256
600bebdd2daaf82baf4f6ac8ee489348c45c19d789da446670ab4ec380090bcc

SHA512
ba4fb1166b40a1f7f1a753286e532ec135c78a2ca0f9630328c72dd00e9fa9424803ec06fd1d27eeb3c9e4c2b4e632cb0aadded5a6d1d8b823abd219892f8798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B7F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C62.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit