85388ea6464abb68b9dec2122332a637d9d9e43ab25f589ec399ef2a557ec3f9

Analysis

max time kernel
138s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22f9c8a959e54f9ef7ffbd587a347acc_JaffaCakes118.html
Size

18KB
MD5

22f9c8a959e54f9ef7ffbd587a347acc
SHA1

0df629a40cf0ea900d9db5a47a403db8bc66d3fe
SHA256

85388ea6464abb68b9dec2122332a637d9d9e43ab25f589ec399ef2a557ec3f9
SHA512

4cbf2d0b007d50011d5afa69644db18b16020829e12ddd24ee4bba001ae62b097044846ea66efb7c62a98119a1b3c9180633c88afda81e60b120f44c806769d5
SSDEEP

192:MPYbAvWtWPfk3iumbzObf6Gbf6OH10vkTbzDOkjRNElJEIk65vzjQUL13vTKBTpe:2TsNbOs/EleB65vttEt/HBvUAm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0059ea6264cdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{753B4011-3957-11EF-8963-EAF6CDD7B231} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ba73f43af52f7d5f4d4fbda9758226df10f7ef6254b83502888c3e8d0aae439d000000000e8000000002000020000000a86925a5ac4e600196819152355dd14ed742c973089523350a4403e718c8d12890000000838149b1c92002df80151448576a5199ca3476da602a6455695d9bee46c8b9879214a4f55487e7bd2a80e8bba10a132945c22a69811846aa7543fbde891d65e8a7243943e7ff7da37893153f87b06f44ef2848e23d1e48da5cc1e72310e76c1158f9e5c3b27229ef581ff634556d883c120290e469eb0b1bcf7947b04b531f8bcb1a2b43ecfcc86219d81900d74d3333400000002d704cfc0faaf57f43edd6e17bc38a7df153919176bab8c9872ef4e905025d57afa7f9344ae6550d06c69afb87c68a4f47c2d5b21527a2fb06b742dd16c774c4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426185195"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a64529bf880c24374e2afb7b9fc73cb66751feb87f9268bfa61f6ea317ccd374000000000e80000000020000200000004dbc8500873c8ad93b440e01db32318053081b9cee694e48e87d6feae4f660eb20000000803f87f4ebb790b04d7e179e3f760beb744c06061b04056d5408b2d0135c97494000000026d0c48becf25ef6a452437ac7c2a0d014473ac95c60bd05b0ed5375f190c4ee7f94bd33f9608f87918350638bf016bacc02b77b453fdc9bfb536fbe88468089	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3008	iexplore.exe
3008	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2788	3008	iexplore.exe	28
PID 3008 wrote to memory of 2788	3008	iexplore.exe	28
PID 3008 wrote to memory of 2788	3008	iexplore.exe	28
PID 3008 wrote to memory of 2788	3008	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\22f9c8a959e54f9ef7ffbd587a347acc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4754d3eca7bd1a5cc2db4c5e1bdd9bd4

SHA1
64a0d42ef79bd085b11396495a8f514cf3b302c4

SHA256
ce36023dd0324788799895cc64e66ab2d82a52ab6375289854f023ed9581c6b6

SHA512
57090cd151feada375335c7ddfb958906fc933ef6b4db00b89fa62b5c70db603c0e7b0c5ceb9e496d255aa956b986713cabc1da083666f0d692fe49be0a351f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97ecb70788ed0b1aca66a080803fed83

SHA1
acd566890c2bef023925ad2b81adbdbdf10c3368

SHA256
8246b668729da262aa96057abd9ce6a8df34c3532b7ad07a02d95d16ebf6fbfb

SHA512
99fa3d9a72c94d9a5ed47f8d00719b2686e6558bf17cc2b2da8f1a55282ea0662e7e81cbe5ab1905a2740eeb194faceba7403e3a6931afe4fe39ac525f28fb42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6c7fac9ea9a539dc5e538c5cd69cf5f

SHA1
86d12f9aaded7d9703377c6b76dac6e274d125d5

SHA256
6aab90c8ffb2a810738beedd37a3f8ec2ee785116b768972f3c10bf7653425b9

SHA512
f7a351b8b1e97439a0eaabd5b5c7ed570a36a9e3342173336675e304ecf396a6d1cb6de5b0e37ee77363854d00e770e1ce7945dad348e408720bb99904402f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebf8538b1a45fe5a6e4b541655c2edb9

SHA1
2230dfedb30c29dee99551d05177fa7b59050c74

SHA256
de2bcb104a1c489e3f6c8a9d272ae43126c4233e3769ea6d91935c654a1c7f38

SHA512
4aa79ba9a0a81ac0f024b6863c2357b0c49deea05a3d633f930565487de7baa6c4873d72fcb9341e4028b33b64f411bd93c7e032ebc456901f981f68d1019244

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7334050d8ed6c375dbf434145705f996

SHA1
20381664dd2bf523c87a86ee594b84c58c7f87db

SHA256
f8b1f000800d9ddabb6edb7b976a34e82216a7869db3412c53ab16532bcac40d

SHA512
353b4d4bdac30c98e43b89190a14d4a2c88188d5d85dc0e01e87a0b22ccfd20ab8cd60bf203948e92b75d999eb1d0dbfc81d126d81c7ace26c8314904b075d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b82cbf7c4fd02b17c71d128ebd9b9d0a

SHA1
b14c8d05c3c7cb6a3f6dfa9916606e85b7eb7d72

SHA256
33b933fe6d9badc206a6963278e51fd0881efc59c7416bee4a61b26c71827a3e

SHA512
d2fa7a96e86c819cf54da1e0e60e87ed0d4fe2c3ffa2d7f807f6e7cb3d56b860e403a349aecd3dd21dae2ad0e8ab37652bf0412c7c23014bd8981951a7a13324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9240d3ae477ee4d683ac99b62e143cf8

SHA1
ad46834011a81716227af12e710f7b88212427ca

SHA256
be88fa7be23a0a069fdbcd0c63df991ff7a8504ca3dd01d30bcd4f884bef9a9e

SHA512
7b10a7bae85a9fcca00f231b19768f30fff45f1ec2763ca50e6f505cd69251819a3b71ffd148e2fa3354eb20fa7a01692c74200cd76c60dde68ac185f92a5b16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
982b8556f13073d7ff8e612134303e13

SHA1
5926bef5aa58c8e38987b0a5e56e7dbd702ab227

SHA256
a38f82e1de18ff4881f84b1cba4d5a860b84c97b94b7f9242c4047e5002c2740

SHA512
479c24c0f3f926ecfd0465d5fb870264ab495d2659dcdf0bae0c97b11d7e2195de094ce22d3db39a3c2942fa6dda9382fad85d0d8516b49a58eac0e81050ce1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd8dcd75cf1d975a7a11002086415007

SHA1
f7ced50d795413864c5f46c620421538af65c6bd

SHA256
bc2f846dff442b6880b446913e28c8a1ac7dbe859f483dceed98471e247f26db

SHA512
b6d2bd2ef740731099225fd684e96a8c85a2773bca1081c313861772625062b1d0a0a262fa2f7a817fb531924a95a6e207dd6ab82527c83394ce9b461d6d9ea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fa7c5406871a7a2a2fcc4986ca03825

SHA1
89fe6904db733325ec8f46a55dc697c46dd58b74

SHA256
7a3074dd45d8b96f33cc0c6df3fe50038de3473dbd105e92760130b43ce3fa9c

SHA512
ffab18e99afb7c110f1f7619e2c175e316f367b756267435d41d44a2011e18df2b3a428cae34151c617cb9ad9e46ce5925754bbc1f41c5fb4e7770e4cc2f4bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
691090348df565dff1da54217034f34e

SHA1
8aa28cb63ce6b8d9834c9226e5adc84f3f0479e1

SHA256
d2fc75c3859a55ab7be348271d6621f5bb24779d77e56df8979626542f45e896

SHA512
30e9186a02984f13a97f284d3db213f8071bede3af7431dfb7069a29e69b5bda5e88e10a3468734e050841f9e5eb4cf4a8e900d3e0b2e1200f5b0abe9e0127f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0db8e8945cc15bee4b5395c5be631b6c

SHA1
7de6d4a23172d8687d98d02b53d00077b903107c

SHA256
89bfc4d4106551e1eab2e0335e29289f5199548dc4c1f325ada8691df4fc3896

SHA512
2ff14fdadae2b99d361458e7dbe7801b15b08ab369c12b63d6ecc4ec06f4dceba9e6459315824adf0e7201e0da2a4b0148fa6d982e4386c93403bca80ee755d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcf90eadefae30616a3dc6c2c93da5f1

SHA1
3af2abaee631546fe03add00e5f3c329bb53a31d

SHA256
1716b4d04b1d331b7d9b545a31316cb639125df35f85e35c46ba656cedc86e4a

SHA512
8abe2bc8bbfeca0ef98b01bc7201fc7fbd94f4adb9b8e261ad86ebe85077d4cbabe28ff1fb6f4c72e7839eb062f3e83c6d74c44168f3ca45ee928bbb32ccc667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4853988f7cfbfe2e4e1687e2713f942

SHA1
14865a8cb99e3808110afbb8aaa48269dd71d6fd

SHA256
ed26ae6cb0cc71402d9a7b38f12efdef183a1c4fc2f383b66730d49f975e2e41

SHA512
a97694e380d31de14eb979f8115bf4cf8f9bfc6a974e73094a97003b87e34597829a7772342ccb04b3bb21d825ea17fc208fa1efe73bdbd39b08eeca4c58c6f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae16d89dec9340e797555144f53ae61c

SHA1
889d59ec101395736ba2d096d1b38ca483a4263a

SHA256
80b8549ff788da52f87f1d3862a553a92a5203f0be6f758a736b92ed543311ee

SHA512
09089d8fce1d61904833b7fad8032ecac68428373e91b24afee378ccef7c49d788a5cfeca96870135a79f909cae6f4f0e8cf3b38d94f2f675b61f326af3eaa2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD9DD.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDB1D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit