4246b5e1e42923dfd8c40ecd9dbcf78183bffc0f15b34ce58eede7c24415d31c

Analysis

max time kernel
144s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c3f7ebb82d7c44f0aa0c379d2a054e7_JaffaCakes118.html
Size

36KB
MD5

2c3f7ebb82d7c44f0aa0c379d2a054e7
SHA1

14a9fa97b16a7c60b87d7e6d4373d119dd9af000
SHA256

4246b5e1e42923dfd8c40ecd9dbcf78183bffc0f15b34ce58eede7c24415d31c
SHA512

56961cb8dbdd3ff01d36d9a5c86415c0cd94b51435e3519dbd67f0f076740fd09788a07305662b3be0b85940c1542e63e7745b42ec0c668aa88cbbf050a55166
SSDEEP

768:S9S7TvqGl5qGZ2wQzRgOkmKJZH2JaGRXamidaGnEmehH2csw:S9S/vzl5zZ2wQzRTkFZWJRigGEFhH2cF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426627868"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000ec30c24815689a30886997c02d1cb13db3d285843a0867ad2b4f6ed9e7602dad000000000e8000000002000020000000e9f851efb9dfee7f230ca037be09975a542944a044d4769e2c2c2e5130fec3d7200000008f1efe1ea6ae7dfa19e4e1f9aa4da3b396342733f4e08ae8ab9a78a7d8112cd5400000003687513a3d0ce00eb354cdca169f1ba59e65b42da0d8a6508818e1a50757ef1757b869978c5f7d521ca3119f32a02cdc68c972811291cc17b4b61bdd99391bdd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e13ef86ad1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22E8D881-3D5E-11EF-83A8-4E15D54E5731} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000eebba5232f7bc0f3eecf8d56856b94fb6933426bfc32a38ebc465e9e09a149ed000000000e80000000020000200000005e6a34784fe8274fbc5afefec6057023306ccd870c1418c8f07b83641d3b88159000000075197fd1641d94dbc36be46c1655caf2893100f84112f890a77a39aea57124bf74edcfe8e48fa15ff897362035e1aa2cdaadd516f2767a77235566c94e1d1e52dae8ecca3f11b55559d83b70b16cc11babca16bbb42967e2b58f597443d5506a1c9a8f557891a0ec69ef96eb5cb5b27703a8c7ab4ac41bc7a7461ed1d52ba34ba4198615d49787c6ccc73c34cb152e8640000000e984a97ca006574d274b63a5498c71cab9490941c75450b1f42261d7993ebae6069b7cd8c4d08d82eddc41d5940d5990949a73c8c7c37bcc3c81b571b932bd29	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2344	iexplore.exe
2344	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2844	2344	iexplore.exe	30
PID 2344 wrote to memory of 2844	2344	iexplore.exe	30
PID 2344 wrote to memory of 2844	2344	iexplore.exe	30
PID 2344 wrote to memory of 2844	2344	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2c3f7ebb82d7c44f0aa0c379d2a054e7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdaafe88460077da3bd370de60dfab73

SHA1
c37408eadf10092c83a7753832fca694fef25a81

SHA256
7178c6aa49a88df7fc5269190f82d5ed61ad3d0750ace5a89ee6adc1f153545e

SHA512
44447ec92ed17fb7fe6f6849dab0e7b22aad252fe9ff441d0423b8972da43d627c2e0cc15d28585c7c1974645a92fff5f1f89c57ce2d82a0890fd1674ba3c85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3afe387621d5390950604c8ff93d3d83

SHA1
9f828feff07e73b726e52affced2dbd02fc32d95

SHA256
9828f03778466457e9a26de92dc067ab9eaf17902bf4f596e96e9e4925f8bd9f

SHA512
d7d35160932c3bb4f74f9bad24dcc1dffa1f2c46f7c4d3bd3f197ab99b7201caa79a53f7cfbb396e531babfa85db72c6933c9c2ac29ac4a6ee83128e228276e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a3fa7b4b094a244698f1d7170025d9f

SHA1
cd8c4a0434cd1d586b23b41ec5d3437caafbf889

SHA256
6c91b25dc20a95a4a02f526c3011377d7ec50fd211fcdc388173982c478e741d

SHA512
21de83a2744ca3548bdf8fd409b7079fc6326938e67c04394071b0c39a8c2549d34a7698b31c5e3d8954149fe9820f5705824691e34e6b02ceded2a16767229d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88070b4741c284a6a01270a39832f713

SHA1
172bb26fbd445e21128aa6100ace59c2711523fd

SHA256
4931ac994950ec8d83f77ef02fe6c7a694529a407c3e0ecf0a94383482cd0521

SHA512
cdd9a2f2dc8950d9cefc565ccfe41df175cd4710ada044656c81162c9ef6e045aa082edadcf71115530e26f442f0cd341a8054ffefb45522ab3159f93d8a9acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
946724413a3403f954f54f747e364954

SHA1
c0d05d13613bfef023bd36c538a0e7f00343e36e

SHA256
34b3ee3acb117abadacf032168d454ce2d14e755ad6ab42c84d5b107748bd0f2

SHA512
f4f68f16199171f678c6ab8db642f8faf386bfcc5683e9be7839cc516d8f0e4f2d96f78b522037edac19953d4383cedda19513f31e68830159fd91b1b849c0a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4112e974a89300a6bed4c04dc946c45e

SHA1
686776f75be989c0e0f0aa9e30409a35d40d6ed2

SHA256
36d71c3c21e82e5a596c1c12bd6f3b38ef43ef5970de930784950f0dba9f1adf

SHA512
e82f844ae882401ecb0dedad3935dcbec294bc60f5ff8c46bcae84457c79f2ac271fae53afd086d3daf94fdca3b456a0e07651672eab38a9f059a93ff0a187b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82daa8c70aa8311b8f2898d25ac194f7

SHA1
bb5b9a0af2cb229a28e46ded3b0e55337a77f3ea

SHA256
48bb16e7e104625fe2ce1819264614bef3a3887151dae999581d9bcead0cf4b3

SHA512
befe5d003f436def97ba4345ce26c56e44d55220c49ea0045e0b3e99a969e65fdde1245f1afc0a201141b5b20a78b5af14b831d0610cc97135c95b01d29221b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8e7a2dd2d73a775bae24284a90f9963

SHA1
c90fc9529b812e25547c925ba44b342c433ec7ef

SHA256
0dd7dcbeec338df2a1c618ffdc143641bd63d9d170772d66773d5ed80bd76ed5

SHA512
78e311d2e4226a3a6c0abbd662672ecf5f8d6a256a6ac7c5601cf228a0a1acd8ca70ccfaf327d70154cde87818429b1c4175702418466a03848f1b9aedd8bafa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c9579e5715479e09b8408856d21749e

SHA1
82e3b2c7309ce5ceacf897c7e8c70a252d04e963

SHA256
197af74be1ad3501c141cacd4e8f372642a4959f599d10e376b8ac299ff0162a

SHA512
e30263e202cff4ff963e4e30d6d7e585d7019bae528f6561b8c25e65517f358cb286d34288b994f4eacf0c72d1be55241c5d6e8fdd6253ea84aebc9b8e3cca44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2630bf393ffe5b146bb7cf6310826dac

SHA1
dd6d35a48b4fb9413c107ae63ce32cce4703587b

SHA256
8c57926aed6dad710946ed105893e1c439844484168e67d95afe6424d96a23b1

SHA512
1a3ebd8f025a8a45a853e2eab90b113d0583286c54d9a69757ebd02cfb088583d55210c959238ebb221952901834776dd5d2fc358a7f91410b99ea2219241e7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e9f2de4c8725f122c2e26379658e232

SHA1
56b7e7fae760a8e831ad5798c4f62e3cdceeefda

SHA256
c76273a5831bc73c2ce105be2d73b1a65faf684528423661524be1540441c2f3

SHA512
5034b968f2beb5db7b70bedca782cb3e3f647c9f6cb570bb7f38567a4fa6b7376facaddb7a0246d270f48a6ac658ff88fe7ffee58729bddd23516747c3753c33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21502001332b7dac260c5ff46ced28f1

SHA1
be3c5305eef583c434227c19f304a3442e40034b

SHA256
54390771f5fe1ff58aef15c295681001d588937ddcf118a16b45a3cff670fd7a

SHA512
55e81e4c6959c8e6c7c647db10a298e4af18fb06bf1640cc684f4590e3a5dc44bd1204da65097b9244cfd1f875efd74f3c2149b63fb85255662a3af952e278a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d17e8c541fe623b1a77b91b4a4a1280b

SHA1
0d8e2c7c6beba2f306d25b093692f456eb6f1a20

SHA256
7487f8a0428447943d9cbf9452b2271e07b51e080d883496e02807c21e7effde

SHA512
1dfacdafd8976a203aaddcd9def867865427cffd8a091b3e80423d976da9c61486d88009c0d5cdf0296553c54c38cccc1b684188f4130850cdef1b47c79b9f9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf7c03650ae17ad4ead69862b124bb9f

SHA1
039e3e77b5c34dc4b4286028c02a65f1afb5adfc

SHA256
3913950dbfc414c086eadf501b98e8b039338e9bcd651704b1d2d80554605f2a

SHA512
fc5fa743f6504663313f681bcd487ccc70c32b6c96891593123995762f4dd6e2ff8690f6e524acf135c46fa54c879abdd5caeace5356c705f5e1a05fee453358

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f74028a6b02328af54fd1dcf0a0fedbb

SHA1
0db916b7be3f73e0934d959badd8802a9de7a2bd

SHA256
abdec5435c3e257ce9c4f255647b34ee2423d88d21646e767ad4d937421e27dd

SHA512
c3a0147b4b112c8828006c9e04f7b69a0497e647ba56ef535b6d69f2f2d1e62246eb94d757799d69c93c4da977468407d831ad3b84343cc2893e4ffbbb29c0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c0eb98a211aed21825ca61f3290486e

SHA1
bcffe3846d8638c8a1414780c64146b2225857d8

SHA256
22c9182daa41374550363d5dad912086112b67281a45ebb188494a1fb3dc93d7

SHA512
cbe0928bb382cb931e05f8c62a4e6848617c06f214d88dc9e58f5ced01baab3ae1b4d72f73e9cd1ac4c3c888ee10d56f4ee0f587ff907f828ca4a5dfe67ddfc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cc4a2513497ac33db442ca3c7d767d6

SHA1
6b55baa8ede2545b5cb9075208e1e1ab9661926c

SHA256
a011a013db237eb9e7fcd79d45b646e127dada84a9cf11c90ae295dc4e41ae54

SHA512
f49690a8062dc97dbfe5a9eb843bd1803778c13c189080d07bfdb2c51b4a4ba2fa9b3e4a1dfb38c5107670dff89ddba1199906e0a44cd3967f3447cf230e4cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAA94.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAB54.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit