18a225d4b6045e32a5759be43891b2f4fb3928fa20ba1dfc3950f353fc208f14

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

263cd030f3fe3269374b14ffc81855f4_JaffaCakes118.html
Size

6KB
MD5

263cd030f3fe3269374b14ffc81855f4
SHA1

1b13248dec614cd99d8c329472bba24dca8d86cc
SHA256

18a225d4b6045e32a5759be43891b2f4fb3928fa20ba1dfc3950f353fc208f14
SHA512

d5362dc8472a2c4e9ff2146e19e9e1ce0b58f13315c707d451a83af411949e975104655b1a8fa10b79c8244b1fa3cda71d9786eb2409226923ec4d86e89b5350
SSDEEP

96:uzVs+ux7bYLLY1k9o84d12ef7CSTU3ZcEZ7ru7f:csz7bYAYS/ib76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78B6EDE1-3A4A-11EF-BA91-7AF2B84EB3D8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b60dbfb52f55bfb91b8c23fc23ef62e35337608fbd147bc7d3629b7772d45840000000000e800000000200002000000063d76d7f78796ec28ce28ff876f7fd021ddd4305fcf222b8c6ff7dc18d0e4c68900000009baa117f978e5514b31427d6bcefc4c4fa771ddde029dd424d08749b80042166e0fc676d1fc048c05281866ea9c62cfb3e5d2b039565b88e9af809b9d9836b55a25c0b7361db5877ac982667ebc0bea8f64a0f0ee4395bbe090ffcb1928877bb2e91829e68eb922c06e8f437817b6889b143d8fb99f3d42e4942b93cf64686c7a5a84b42a63229fedf5244a17a579a5e40000000168a322dcc84ee08423c1f5ab4f13b5daa39168f20a95a17e08a8734fde4a9c893c088c10c772dfd8e84093ce9f16309d7ce3a5ac87890066a4524a2829bf325	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426289569"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dab44f57ceda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000007310d8d285b599a0768acddd66e83fb5c28ef82c1503e0e18e2395726bb01f5b000000000e8000000002000020000000d52d95444fbcac6c34aab775ce22d59e49ec24efe2060fcc8fd2fab872c6d21b200000009cea99665a74d914ff384d0dfd074521cb24816d5ed0b9fbbee9849f476cd97840000000a9985c1949ef413026c56eab93463c3c26643d6769b36102610697e2a9205239bd0e9f28c238d8f99f617c92884c047f830c4af41e8c308dd05f3fb8d5fbbcdc	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1928	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1928	iexplore.exe
1928	iexplore.exe
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2108	1928	iexplore.exe	30
PID 1928 wrote to memory of 2108	1928	iexplore.exe	30
PID 1928 wrote to memory of 2108	1928	iexplore.exe	30
PID 1928 wrote to memory of 2108	1928	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\263cd030f3fe3269374b14ffc81855f4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14fafcf80b7a79b2a1c86a275d919838

SHA1
275a5f833181b22ac0f456728007643ef5287707

SHA256
579778d98ce6a0af024c0dc241329a0ceaaaa3d64852f71d2bec9fed16e1460e

SHA512
8f7eace71678a8084c94686b4a627604a2d2008ad6248b89b36f6e58ed17b8116624c71ce1584f3575579bd023fa2d267314b83999094153989c09e9a263f613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90aacaccf874b9de7d779b33ea742f2b

SHA1
b1765df72adb834a6648ea9430881060606081f9

SHA256
a6fbc76d6fef06c7a9c0c68bf809cf12e30e28d183bd413e4d99139f0a920173

SHA512
3416db3d7687432dd55a389ea58aca06ee384dcdf8d9c49a7f94edcc3098d00bf58eac8886d6d851a62ec98a2fa8d6b966ce341396647d797f20e9c5d770a1c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bff4e78e3ff53989f9199a657e29cbe

SHA1
b21e6a2c1055fd145303fb38e3fbc8be9a3d1bb5

SHA256
a6278074851ac11b2b97101d2b36b72a88ccf6a9d56eade1729a97a32c43660f

SHA512
102b72b745358b7a051fb15524f7b0ec29aa0474812d277040415da02a01df6bcbd1b9b837c9069e9880511ef0247278919e81f2a14730160cc12005db470086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc8ab889f595a7408a3e6d3a765ad13a

SHA1
43285fe4da9f13eb9d9a011fb09414dc9910b501

SHA256
fc00e3715bbbb1eeddecfd31f4f73f8e9151fa1e3ada12c523568809135749bc

SHA512
db676d790857a31ccb5f0f244cdcdab4d787d45aa55a480ec7a7d0d89c6b04888d42f1e3164359da8fc55fbc4f682a340800833fa1e7399a9ad2b97f0922e65a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9232b5553253088cd0d71a243835dbc

SHA1
edd8e1462e2a677209317f7a3345f5db73946e5c

SHA256
1b3ae443a0fe02f72712bdf8c25b562ae0f7b72814b28ad5963e97b1cd70746a

SHA512
57499997424d8ef6059cf3b4d6bcfa1098f844e3406494d69c9eb8cec2ae6729fa466c74cb5be4e9671f13360fb77d9f091eb9b2005843f758f59d19d0faecd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f9bf3397bd7a299e66d00c918ed949b

SHA1
712ae0197d7ef68c0ba558a96b7320ab2c1a1918

SHA256
ddf6c4ed12f9bdb311b5144f657bedb643d36705f9978303f2935e015d3ff300

SHA512
45d95b525b875d3c2c21cb4085597c55ac1c621c6368b5ac71f332f0d4aa88dcbb69e4a3001750d4625cfafc6437e38263591d0fac163108b66e0fef4a340500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37875d82f8551f8415203bf712affbd3

SHA1
a764a52c84afc7322d8c02d42042dbc8445dd60a

SHA256
15fe26dceb4a0d8829f9dafd072cf4b89e34f040f520f7b04d39e9840abe6a85

SHA512
167aa39a770144fb01996292d255aaf438018efb02f8f5e484a725a1a30566b19193bcfb50827ea2a96e2ce524090a9d88dec896f57efe3d78b46244eaffc799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3555653b657282be88ff68ad8782bbf8

SHA1
dc67f406e68f0e6e38ec60fd14349776e325178b

SHA256
792ba95de78a5bd29c2b1c261ed36f5f4b8474e0bf8a5284a172dc436f64f794

SHA512
8fcaf40c486187d52f5e7cfadfda5bcae6d9c180fd60559999900c9c4c9350f7b0d34355d383a3d3be9b9ae3b6d98394072af33ac803f4a4ce0cc83dca345d78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fff20c52767e45ed1b901ca66dc7a0bb

SHA1
98d3ade8e30eace715fc62d944520543dfa85997

SHA256
059ba4b1ce3e5e6da0832d0ac56cf95583d465fb7c91b9995d0bff755833ad98

SHA512
39ee247cbb5bdd8894fd9bf6f9474b838ec15029448fde70cb5ae73042c800b6330619977d6f48742cd88b6a3fe0721d883db4db3192ac8fdb7d550df2028b26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fb2ef76f318aa7cedfb584da7d50929

SHA1
4185f0f3508c0291b15363b2df31994b3678c72f

SHA256
c08cdc24e1a0bbcae4909ebdf65fc25b1f33df9488aefd2d2ad50e34e748096e

SHA512
e21127c5642538be50277feb7799bac386a1988276c732d8347855060d480304ea34865907c5f4c072cc8ee5bd253f8acf81aaf8127bbe73b79b580a15b35f21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af24a132140f989dc01380f6a2b24de0

SHA1
d66c58f0834a38b7a83f78e6617320f379acd9fb

SHA256
d4c185cabea5477a402b438612352766c24c6631e8930f2c794ab968e43044ee

SHA512
c0819f3f58079a2a12c7d7b65ce6f8ccd8265ca409abd077dfcbacf54781971b10eeb24bcd137c4129eb4631f9613386d4d3fbdad2bd4ac683abc23e7a04cdc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5055231755a8a1d78dfb79c2b2d30dfb

SHA1
23900e6194028362359435bc5fcc4d5571ff0dbe

SHA256
c90e32d9ecdfc18dc412cce60e77c6dfc2044c9126c6271a96e9f0c70a344ca5

SHA512
57bd50010b502f9e930204c1e71ea6a24e254e0e40ddf3bcf2a01cd5b6e17d3d02b8d6e43180972be0c13e39a1782b61ef0f1392ca9c80065b6c4c2175fdb635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08b8bf97d531b88223427521383ae746

SHA1
7751fd747d67cb510120f472987f9a4fc4243935

SHA256
4cfb01cebf6a32e014a8a756a56697c5f11bc593259cf90fc11e6e709e69b25e

SHA512
16cbab40e3a8a85e4cbe712e8ff8894a174ba54b297befd1703a8d64244bd3e1681d937ad42c2ea03a810f303fd0252abb0cec97d7e24e5a68949c1e2e7bbb26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cfb1d2e43816a091b961ed9f004efff

SHA1
33652e5ab25bf6a2d8ccc7f9125a0edc83191acc

SHA256
b43fab292e858ac07a160ecf18654d30abababf29c29854e8835e2a97ad5650b

SHA512
256f84a2e694ca8ea04dbe0a89758c8accf8cb70ce8337cb000bdce77ce0ab1ed4680ea9dc253b6c3fa3528d9e94f75bb9b9ea18eed04c369303cb2668a27893

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fc4b42485b21ccae3cf67afb4b1c881

SHA1
cdd83ae4bb91531994db14db0ed97f6c5e128993

SHA256
e86078f4d85be4a20d1dfbe7be333aa37af8c8ff7de76d7625f340af9868939b

SHA512
15fc902dec34222de30bdd41f44657f4d2191f7b340b4cadceb975d81a5fd94d7bde292d699b3436a7ea8090fbb88b745b3e248fd6f30b4fcdb536ece2e97512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00728fc3609be445fc5a6e22532a7316

SHA1
6254e443fae27be8505c0c44908d1a55f8fb1761

SHA256
5efb46d37da7836a4afd68b7ad2bc0e83b74f96f01daf3f15b36f04b0c33c938

SHA512
41587e103f5abbeb0f5436bed6ab4cef2ac0f2c73e6cbf25d97ff4bd42e8f6c2f4e508921083365b93b2cdd5741137c5c233436d2bd43689f5b757d9c46be3e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8428b8e7b63d70138c499dc826d52ed6

SHA1
d6c61c1128f1ac8f046654bfcde5de2c662d5a95

SHA256
4e16239561a11c24eda9b0b6e4082667f8d80ff73fd27ee649064a3e9824cbab

SHA512
4be1f8a85ce6677b7754de2e347b43ee711c68f44dad499337825001d087d95fff080830d6b8625b5480f870df68be54fc0a3ee5437b41f511dead05c45c0800

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3DFC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4080.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit