084fdbe303a4c56d08f0465e0b8c4ca3ec9340c44fb887a313dec25288154721

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21530b4fe69a667a93d40a92e13a8d17_JaffaCakes118.html
Size

1KB
MD5

21530b4fe69a667a93d40a92e13a8d17
SHA1

f2384b8ed0c5fb5c10762b58df1341048066c87f
SHA256

084fdbe303a4c56d08f0465e0b8c4ca3ec9340c44fb887a313dec25288154721
SHA512

7854480f0e755901d81cd9dc1f855873e2a3b96973b7dfee53c54c9aa061cc10ada378dde0662f62ef5fbbeddf08c31ae725839bb9110fd31321ad9b6869fb3e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426148544"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20B47D41-3902-11EF-BF51-4E559C6B32B6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50cd6bf50ecdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000784f064aa0e6d8529080038a2037092efa488a3c9251d123d7c88b78208453e4000000000e80000000020000200000002ac5e2156b1a302a464eaec58dae2bfcf1b5b45cab480ad0784ff77360dbd775200000009bcb8b3dbf16f470ea583fc0ee22128e28d5a034d80accf050a13d2d472748794000000040b84ca05e75619cad9961ce4d430b57f2042662551c1567d79a4d6785e834fe33d1750a61d88ded2d938e269193c4f6232c8d0b1101cd10330f5b02d10fb918	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ba7420bc6d8b2f95ec024129a5d44180169edf034797d9be5adb84e200e1524f000000000e80000000020000200000000b78ebd6d7a6e605070cc943a9126423c226ee5e8425f8146d4d1b7820797e2990000000d7cb177a2f28e00023dddcc1db97cbe7fdc3993efa31ca55464c336d357b15e05f2e280a6950bc868c21b32d0bc8aadf1058b50c22fc90aac8cf6972cc581d52787259e82c5f0bc617cbfcb1440060b62b0ddef523c9c1382e175893026fe0062e5514c2d407c66241588556982d18c011acd1e842cb86a66d8bc24ae0398dc2257995d41828494c37f30300e76bb59540000000e25372182b12e40e9fea79d1a3df2553fc520145564af77b6cdbb7050dbef9fbb799e2c2da341982f0217bfcd234edd7bae81a308b757aec169fe2d4ecb9342a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2064	2980	iexplore.exe	28
PID 2980 wrote to memory of 2064	2980	iexplore.exe	28
PID 2980 wrote to memory of 2064	2980	iexplore.exe	28
PID 2980 wrote to memory of 2064	2980	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\21530b4fe69a667a93d40a92e13a8d17_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e3fa7da0ed32be0f7c77197ec6f3174

SHA1
93da871abc49f8a5a646a3e671a9bf4fd48cd0d6

SHA256
f1d12f3116079678ef19cb84726be92c64524a5b783074cafcfebbf9b42bc8ea

SHA512
6989d6927a614e35de47c341eb0dad86155df312f46a1a8e5c778c6159ef3505c4ccf14b97e6796767dd4dd98f21a96818bc345deae9ba31dc4bd463d13e56fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
945a309835822700e4309004af040134

SHA1
d580b461e5f7b538b4c32ee151b33d0b0b825b72

SHA256
055a08db3daef2681eeefde50eb1373b989d92f6e47ca9f7813799dc31530c0f

SHA512
15118a819f20d496ffdccc5b2aab9c3b892a6111d48164b20888023d69753b2b7a2b67a516556db3f3b307657963af3fc15afc267b7c886df119b67649c7f6a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6bda5473dabe6ec95dcc473fcf3713f

SHA1
56864f80165996f44589e67d62c40262b8f8d65a

SHA256
cc1b4764134b1ede8ef0b5447359315284af432898914d43842462e920271bc7

SHA512
b0590df2447f776eb4519921ebbb2ca16d27b7bc0e40d8c45939b583e6563a8d67b7f46456c749e4c778f1988a34a340920eff48a0e5480a1b359932acd0d461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4194dfb11f766d0ce6e58d56d4280da8

SHA1
9ca5132213f3b032c1b932af5c8fdb9964c41c8b

SHA256
fa9339c459bb99b8c1089158c7a4052914a1b55e62c6b2ede0de7deb5a24735b

SHA512
b2a6d8af112fb31f1dd4528643c6e81106c2fec8e3d118a0db85b2cf332907e5ba3c64c1500fce135ee2b9c8bfda878c4c1d007410a6500d9e2df8f2e85204c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c84666daf09cbc2ac2dc2f0a31ff86c

SHA1
d0a981bb7a3b446cb2f824ec1819427b5ecdd3c0

SHA256
119cbc080a1e1f5e3ddd76e484df2643e81176e2d77040d8e3c49e44ffecb05a

SHA512
166c283a30a090864e99f43ba32ecdb86b2b56e649149cb4bca2e36eac551fff3a984a4772694f227fa9e148c62f86fa6cdcd0de8f678f59720701de563aaecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64f75ae547a1544101f70984db0d1da2

SHA1
e1e6208d854ef005635ed1cf8f71656c7765dc47

SHA256
5a343ffe0cda2fe95f472faf27357914cf57525f6b193383dd5e2f77b8ccb193

SHA512
c4c58b114f38c67eea0df28e95664f3ae8540197622640a712452006d41db8f3df4ceccbf571db6e76729e4ae99ef2d70c9a668a02859ec456e3e7adb6843c22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a461ea446b585776e667faf6e48a5bc

SHA1
001318d2fbb787e4821b3fdca844d3fc97fd4baa

SHA256
ac418383181cb85eb6fc5c1ab9e95724fded35452997926a0e9600ac60551ee0

SHA512
369335702edad42b36715eba6f3717160a2ca8efaf4443d4def67d8cbf6215e3f0a5c4f67c6d7e69e230df3668d81d4d5f372114293f36182dc3ab5ed6077bb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9b8456336a9ff4fff7f7ad550a6a359

SHA1
d5a2afb07cf1f7dc3a41b90f713a79d83cb446d2

SHA256
b771b819dc9e6eecce97db63c090d0f9dcdb5e72a110497a49ed229a2ad91e96

SHA512
e4014fb8561d2b3e60f968346f4013aa4e3be2c1686b535f88160674d898c246591cf35918355d889234907e0ed3fe2cfb46219dd21aaf28044c695af987cfb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de1f8524904022fc912c607d85bc4fa5

SHA1
9db031ddf044c1ab307a5a7743e89e8a06385698

SHA256
4940abab6b0640923288e7b776d325b3c7585ec4ff2d1a46595ea7d88bd0e5cd

SHA512
a7ba4c20845eac3530c83549c62496087318911677784ca84f96fe6e4c1827071d023c906848cb0d72bcaa44a6bdb43ed0846233381c4d8c9969b18891aede89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1164d3ab70f883dd24235d78eb6d8419

SHA1
033b12500243b7afbb49b9025c7cf2fc5e91826c

SHA256
07dd80e1b5db7cab1b679adab7ca5ee289d5640a6a5c56e9d386a74916ed8065

SHA512
774d5d4788d53ec79ed5eb3a487c331d35dc2b1d39b6e40a399fcd50a74e1b57dfdf5aeb06e09be369acb4aaaba8f56c8a34904d552528a9aa659196fa0f1a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
888c37b109e9ad5679371674f8617823

SHA1
6d2bf814ccfbd7410a7c543f3bb075c8ebbf15b4

SHA256
42808e34d66ea81ab87b0b403df5620506065dc483b14b4dfc86cf69569f1584

SHA512
90237c8eeaf6bb5b2f588924adff32f4b16a00f760fe3c813530394364a73d42b92e3ff0601511aad255822366e8ce007eee3f95d83ae5de2e8d706973d86afa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca8c2ab467ea0a75452331a082595683

SHA1
b66b42b4f4bc92eb6824d873e459c732fd0309aa

SHA256
63e7c158c0c660b00f95dfc2a3b180462ef5959e83144143d9542a0bbf0c8fc5

SHA512
cc8b96e859786c91853f1cd23a164ffce4ea1be04d23c0dd80c3090baf46378060964905217aa9ee510ff07d2c5b7632951260516253662543affd335439bd80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ab7e2aaed8d75f624e2d34b5a3c53de

SHA1
3dcdc3665722d1e2a57783d512d717aab49130ad

SHA256
c97b15415c0cc45d3b28f52c79dc91a06f5e0ea0f004b44176602556ac1608b9

SHA512
3d60ebe91d241f92f47269fad2d545e4df05609e3638245083f904a70d20c1cbfeab8ea90a0509946a5a28813f607d7c6674e5283ca3095003ff96f6b20395e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fc8dde48a1cc0490bf37d60550578ac

SHA1
d098b74e5ecc134fa150d19f3c3eae3374644faf

SHA256
5df58c3809b6265692b4a779e923ae5d4907dbf6248e7a28aadcef96ac2215ae

SHA512
5b411e1a589d75f1f1a9b1881a5e55792bd4d82ee24851f59a0a2cb7e387177616244746a0928706eb20b4dcfc75fb01a883b6ded4d0ce287bbe119b44de84d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b029910eb7c0540dd529a33aa483e4ca

SHA1
beb80668a30c163d4b2604f2417cdb56218895a6

SHA256
15a620e3d761d60824339a0b45c46322ea51e4a8f7d5dfe014056865f754eeb8

SHA512
877874463df5426688278e7ba0d3bac24704e6ccea6f0a6c903f535ca83197e39098014bafe72bdc630fb85ebb328a9ecb0916655cf2b62de4013e7875e29c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3998.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3BD2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit