371a0a4e67e9fcd95c1628c4147da5b9c4ee758ce6750245b78c8172e64d8a39

Analysis

max time kernel
136s
max time network
151s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23d1b6e29888df13d9186599a817f0d1_JaffaCakes118.html
Size

123KB
MD5

23d1b6e29888df13d9186599a817f0d1
SHA1

1680d01f01a411696105a7450e491511ac35469e
SHA256

371a0a4e67e9fcd95c1628c4147da5b9c4ee758ce6750245b78c8172e64d8a39
SHA512

0417f6ffdaa9229b6b7a2a011798dcaa8bb565e719dfc3db4fc88ba630637d14a093241c0c7bead70e7eca500ff09744829cb6750403f433e28caecf67ae004b
SSDEEP

1536:/eNYTaglCci1GfM92wT+ytSeOCX8qUCffE3:QgaglCci12YT90pGU9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40bd54d79fcdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426210723"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E45DA6F1-3992-11EF-9A64-5214A1CF35EA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006836d78557f86b624b9595b9482b8ced74b45fb7f6a795eedc2498ebc9f16da8000000000e8000000002000020000000a3709b9d3b3fe06d4437ed6103009c897068a25bf1027487c0fbf4f29b8c277d9000000042c4d131b32258fc34512775d0759382c834b770604eb356e5e57100e9de6d964913d3c008bb9761b421ee2baa7b9b532f00ae796fea79ed5bee544f259f04442d7530007df07741c71e2a230e169bd6eb06e995cccd8c27de8620491a1b47d6e675e17c89d1604b1254a46f7a4d6a2ec5edaa5eff59834b955c44a370b18bcc34a214018e9e9abdfd8b02445169ad5840000000d77bcfabf064c3adc8e9e8ef846e6eae98ddc283ffc5e175830a3a1722c065ccb62424e9a5bde8edb0fc579e14b3d793b7c248344aa3e697691c483960a86738	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009e9c984b387b1a48c429c021fc0f3938828e549de1b0254a8f095e2a297794a6000000000e800000000200002000000045727c0702a43f64eccdd0d332463c528bb1af88cdc819ad66e2b25fe5a8aae92000000021c146bbfb11080d4763d750649da6cc200ba8de03c5c3dc424bb4904061c567400000008d4a3667287f2db15ad4675974644e2a0c9cea0fdf934a21ae7dbe02e2af358bb1385c1a2f270af5cbf8ea9640a966affaf127f1f086769987db45c0e8a14bf9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2404	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2404	iexplore.exe
2404	iexplore.exe
2424	IEXPLORE.EXE
2424	IEXPLORE.EXE
2424	IEXPLORE.EXE
2424	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2424	2404	iexplore.exe	28
PID 2404 wrote to memory of 2424	2404	iexplore.exe	28
PID 2404 wrote to memory of 2424	2404	iexplore.exe	28
PID 2404 wrote to memory of 2424	2404	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23d1b6e29888df13d9186599a817f0d1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61ca29d7ae58993452b13c6221d04ed1

SHA1
d891872a7bbfa624c3bdc58529e50b0338011e0a

SHA256
6625fc1bd4a3b39a36a2a48106cc3d71367c6438388dea0334744b1c5d3206d7

SHA512
18485b6ab90f8ab40584ce123a6e421c31d9d63c79288e7011909bfbdf3934bc9e39634ffa75614a9849b5c93acf81357bd778d5e72e94b1f821dca665bb6ac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea2fcec845d7aadd0042dc76c003f915

SHA1
de22d89f69883aa4c01128cb8174b3daa225602c

SHA256
1a283d7ddb01cc0347c9f9a7d97382b4aee77223b68dbcfc290736932ad4e370

SHA512
2ef427189ccebdeb723c88ec47a16f931fef75cb04a8e4a873c9954d3fcf0e209c54fd67c6245e2e6c38ed8a4b80f0ff93e37565bde4e3a5c7fe7d7b3f860117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44b3ead247215eb4ab3b6e139240ca9a

SHA1
5a04e8d099ab983b0165c13cf655f1de08024712

SHA256
29dc372127d116ab1d9d3f9155f7025b22554d7593c3089c2323ce1190d55d53

SHA512
b2ea13f718fb8c0b2635cb72213b44d36ffce7aef34de8caf855a5906ae665d4c1e69c25a887acc1564866e8b06ea91b9df7f38c70b91340b670f8fb5adf22f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd742fcd5d57f69d50caeb90662ff592

SHA1
9a4d68f3af8bf1c92a4f8d289784ef602b0d954a

SHA256
a53d82ab84f63cfd91ee1bb8c304d2e82ec62ab7e23393fd0c5a1db74069caa3

SHA512
895cc17d60c03ef3f31b3f9b969cbfa55d43944b3379fa9b3e1236c347ce351739b85359d65c695ffb36d673a78c252600b59daaa9fffdbe458e13744f8b4c6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67d7f8ad7728d6d1990f835bd9f4f113

SHA1
3d319365c2d3ad72df7977846daa8be6c19a5064

SHA256
193d2c789af161b35542349a67a0ec4b3c6f6b520fa7896a7adec6bc5d961f2b

SHA512
803ae5347eba14f5c6ac87c24bb1880d5a008dd7531019365c2338b8ad6ebd283aef4bbb48c07eb0da854ac1c63360eca0c43601a453c973bcd299ec62dbd958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d247d48970cc51240184dd425146bf5

SHA1
fdd069250172cc1818f9cd0e55dd6f35e0ed4a57

SHA256
f7198403eca7bed8ec26d61795b59e7d15e767da7838eda792c918ba5e621fff

SHA512
2e004e48e741c468fd293070e5c42119eb7a97ae51194b9f4d0b05a452b2ca89ec8278c7f589f91e82a6807f9bfcba00643a27c739d21d1498d0e66da5b3a245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cbe5d28ea7080be25fc421efe03ee73

SHA1
fd1746d8f5f2924e01aa57f98089b1471dddafc2

SHA256
33e92a4debd9b94f2538b13dba6032e6536e5f24c9db3b356791c7e2bb8717c7

SHA512
707a809d459fbbe5da8105e01e6b485f77521efc48a88109ed3394814e9fef289d77a8aad5ba551d65aa010fc61fd2d6b56dae723a9523a4571fa1d35e5f4c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
723d8ed5a25c745ffd58eb05b5f106bc

SHA1
04ee47346fbd35aaaee2abfc302c5e9302981fab

SHA256
5cae45f89c837f9ef3f1bd7d864620c2dce54f4395cfac474e578b010aa6b383

SHA512
4091a87744126713f962aa2e5166df77f8d778f2a927ad18b2c971485a3f870a2adac9e197bcc9395356ebed7b4a64335b6ba8fe7e671eba7a0a57db7b523fb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2989a848c2c6221105baa1fd3cf76e8

SHA1
7804cea6b4db26efc2ec6ec17bb197c1c20ddd7e

SHA256
cc53d88e5d52a32881fe75cb14525c2003d3a723edf06f823b321a47d812d544

SHA512
e2936634ea83bc451829e038f03541a1b42933b21f9c08971ef59aaae0e4d7d84da8e51e3d42d3b783c5b79c8e68fdb8fe6188231c701a34e26323548080388c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f90aefc26f446493bbe0180277358e6

SHA1
513ceb427c4f0b404a6dbc1d633a92f2fc3492a8

SHA256
93b9a1e48c57c6e790e186d41acc55d38ac3f996b5c46f199bc2a3ced753968d

SHA512
4e3cde456f909becff0cc9bd1364252a74a780059463890247c1fc3614d6785e0146ff8413ea0ab1a5161d792de1dd44c1b4367ad2844f2f87d889bccd05a268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dbc6db4599596f1735af8fa492245ec

SHA1
6349dc2f408e0c5a772ccc1d26bf3d6b4765dee8

SHA256
b639c261df507cb30b3a12e119a26c1bd27f0900ae5f06374739a3c895bc0120

SHA512
24d0517985a59e6ed1769085e64ef1f61af5897a38185cf6c86598487fb91f211d375e4bbdbe750365d317147ef8bf43c41f62d07c153b6149b5938af98c71b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc5a458f15ad58da321bfaeb7c56e5f6

SHA1
476b8e45a479910284d6c0017bccedd6381e9f9f

SHA256
73fe730e60e3981d962f2f80db06ba9e9713d8619491f90e815a6996bf352a08

SHA512
4b446937ba7ecd5fce558159993faa86989dbc1bc4c40a9582297ed3cf51be88a91878b9aa42186c267bee7008693342351b6fed0fa09c5aa21f12edbf4bc5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0579dbc32a7d2106a2602d19d148478

SHA1
ed4a4cd3de6e72eb79a038bce9d970b3340b60cc

SHA256
b77a0e94099709a309fcde09a5ec36408afd99f6ba319191c35f9e09847b85f1

SHA512
31ee26f06c03a21eeaca28bee596c6e063d3ad20de307d0d0d57d79809b10799f8a57a8a2a74196c302fd341d21058ee49e30d37fb87400adff19ffe0ab91249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
debba0bd60954ad56f36ba2b87d7920e

SHA1
7678fd7a01643a9ab292c97e411d5e6f60f0708d

SHA256
489a9a956236df776f0e56428d4d304eb8c65f76fabf2725eb6446b28df31487

SHA512
dc34f7fdaa2dc6f617890d75b46b22611c97483ab6708f1c24cac48348a6c7af664f93729a910913ab06bc5f8896bea033f9f312d99286fd5672469bf161edd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e012e4dbc432ba446664a76d724f28e8

SHA1
040f4fe8be2e7640a13c25e108e5053f31f055aa

SHA256
19b8a5e62af6259c656bc9ce306d51044049ac18e8b70c30b90cb770e2e6797e

SHA512
86ef918fc785444eeaeff6c90717597ef9e06d5a00d0c48e7d703fdaee90368bf8b3a32571fbab2d1a90ade8c7560809df278a36eb9011a08695408f05a4cd5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8453dca9c18fe27407cd37a0dde40635

SHA1
90a5a0aa052ebae8d0324317736d4bf654cfd4cc

SHA256
a5d96ff6e828a36d03802bc9f14cb3281d4c7d4d555cbe72bbe4a5e01b1ad04d

SHA512
0cff55dcb63a0b96fb56413b4f2d90b2658540ec91a1a1f90f69045a9ff856c2a6ab31dc8a44872f40602c6b824d5662e5bfdbaf999f54e3f5f929640dff702c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ef2128ebfa83f780921338bd82b0edd

SHA1
c4e3ca92d5664461fc2e9b1113425c8df6921dcd

SHA256
3fb9e155dabdc6df94b8cc722ff1e5b7696219dc7e5fb3325b3921d90105bcdc

SHA512
e99b3901bb990bd2e996a861e0c3511cc38ea3b75bb7f6580c7b5705d451574a79eddc0592b3977aadbfe056756d177ef1bef7d35ffc4adaf762ceb8c566cd4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3B3E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B40.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit