e0fad150f02155a2aed431291c1928aecedbe88c26bd336dffd4a7c1a58252f8

Analysis

max time kernel
143s
max time network
145s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 15:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cebc24179f0de4cb5592c4517ad106d_JaffaCakes118.html
Size

14KB
MD5

2cebc24179f0de4cb5592c4517ad106d
SHA1

3d7453b1bb02f824e82943b369ee68d959b6ed32
SHA256

e0fad150f02155a2aed431291c1928aecedbe88c26bd336dffd4a7c1a58252f8
SHA512

e219cd4b3e0d1c4fcfade3b0115f00d7602ead86fcf6ca2d6a9af85a377ac56459bc79330bc7011484d571180cc32f59c0a91747870e0b5a42984ec4010e7ac2
SSDEEP

384:o+hhPhNXclwMHiR3cvGPuBfcci/rGcIYFwGHB:prhSzSuqF/ZR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000050cfbe4e84b74198ad3678e9e1016e22f5823665797535a2b89ccc488345a8c8000000000e80000000020000200000003a577eefd3a5bdabf249e2f4e5fd6f678276ebc90c28a7baa8cbac239058e77920000000601b9cebaa152bf777ff76393d549101ee35918a5886c98cd18261c900c3862d4000000075085ddad6a1d641901032bbdd91e6e5640fede3722e6f3c1798088f704c40916fd5e5cc6562db11bff4ccab6be0018c703298bc67799f8ca9ffadef9516d3e3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c201f491d1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426644612"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F2100C1-3D85-11EF-9449-66F7CEAD1BEF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000018c5c408c26483b7ad4548867ee99833639bf4f85fc80b3228ee897d9f4c3c65000000000e8000000002000020000000091acf9f67f2565b99e1eba2662089af6f0f2a045979935eb70b4bc3616dff4590000000934539c261ee2422b3543d679026a6f2fe778b59c8b7b5f5cafabc9b41d8b0ba9aaf93a80a50068f3cbb4ec4929ab49eda1ca170be268b3cebfd3d3dfe8ad9816ee6fc09f56f5d6045c0388f2bbe0f7486c4d4d6cc3a58ca002b3841f6a912d81f6365ed0978f5a2b18b1372d865b0961b24548280cc6bf489c5a1c04c8ccdf962182f8f0ec659586cb0f97798e52e3640000000ab82602ec918a00333b72d2493e4e1b4e79aae9062aabb186bdee05ac82b486de993222ac4c5ac9a995bf6c6a8945b190d7f289e908412e3e9ab446893da8f14	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1540	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1540	iexplore.exe
1540	iexplore.exe
632	IEXPLORE.EXE
632	IEXPLORE.EXE
632	IEXPLORE.EXE
632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 632	1540	iexplore.exe	29
PID 1540 wrote to memory of 632	1540	iexplore.exe	29
PID 1540 wrote to memory of 632	1540	iexplore.exe	29
PID 1540 wrote to memory of 632	1540	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2cebc24179f0de4cb5592c4517ad106d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f4fec1a4faa4608687c7a8d982ac510

SHA1
5dc25243374a412f1cc5e870bf5d5238a6d3a74d

SHA256
6192d21416d6105b0ab0955f2756b519a5f7b2e55447f23bdd1ab9ab547e55f2

SHA512
d16b04f4e6ab8be28fff7b0085a496dc863208d3836704b8e8cef5c6a848f457b122e6034cb4ce4bc3ee6cf664ddfb18278763222181ef85ab4b2c34dab6bb5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd482587a25488c41fa2331e6f93f8a8

SHA1
3bb144efc28d69613c0e9578755164d4cdc561cb

SHA256
7f96ae41525b8a3d575948d379e1aeba1b5ddb6a056b120361446e12bc3b9dc5

SHA512
cc14e921f86f501a443ab7700f4586bd381b2d6aa40ec6752fe895e6c8c2e0950c4dddf80e53d478ec0d5369ddd40c94c67065ad8fc5cdc8a1354768c4937bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ac48749da8456215e078f1e1817ae5d

SHA1
221de6108538a42e190f3d7827cad6907bac8793

SHA256
bceb063b8d9d9507cd05e331a22958e3fa6cf532be41b22ea688785964bca0d8

SHA512
25e30bcd13b93cf5a59214b1e900c983f30e10eca68f316191b646bd04404c22b9c16325d431090145d64c5d9c0174eeb4758c92a2ad57382f962b57e84b9dca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
568cc1f16b09851d6318c82581312f7a

SHA1
d53984f854421ed44bfed4da71f7be9aee696a12

SHA256
5f3eeb6bcd2df280d000c02acba9bfa5c1dc282850bb535d80631a63a79afb6a

SHA512
61679eae8fcfc9ba9d1fe862bf1dfff5e22ee1f5961638b227cf152ef5bf32ca477b051445a125632f8bb54a9d1244c84ec745138223c34252bde42ca818a7a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abca6c91575b6caea0675f736f455257

SHA1
cf750997dc297cfc4a236f15e14615371d527767

SHA256
d8208190e65ebd9da8e0fd3c31f85a28a622afc1d5dc73326b6a8e8ec9dda15e

SHA512
4b34a276f635e4733b81c2b1143da41c99489425dab0db4e8b11eb8d5aa981192cb721cb53b2b91e8bd1258739862d9f2ef80b300c495a49036f72795924059b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6e331434732551531d2daeda9331a33

SHA1
5d21656f59724e7310ce72057dd67aaad6895062

SHA256
07967b63b8fdc4828a9b45eeff837518aaab2198b4f8d36b74a0efa2077ae32e

SHA512
5a548d6ce641b7ef0d18cca8e08de4fb0761b1c7cdddfaaffe21f9836cc861bbab750ed607a5696d0068fbea5b052161a65dc8265e3f6e61b6ef6826e89336d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0d1e0e4cc80db18ac39a9ddb6bc2446

SHA1
d733b20d84beae0a46d4a84fb2cb997b102f5dd0

SHA256
01a4878f46b5b168702e1aebcfe9448ba06743631083f05edc4de3b8e63f4948

SHA512
f906ee61c69fce685cf58a162fc2eb94e91f44b0409e09754b32810b3541c2753b2d7b8881ae1319bd75fd32eec20086f06cc4d35db565297dbf48cbc2da68a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99101d911ae5b7c81acb210e40a5697b

SHA1
e360b68a13a112690c5c4a6b27784298a9bf85d2

SHA256
6255701c94b440431b218ed0ccf80669f956c732fd9f4edded599ae6291b6566

SHA512
6759c59baa2c0aaa4cc3505f57e390a82149bdd8c07c433dc034674ba62a69c205041f1fb951958e41ba01fddf852eb2a85206f15fb918deffc8251f6916f235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb6e417245707d1550840f89b3cdbd1f

SHA1
4c6c71729864801e35151d829e537365ae6199db

SHA256
0259b0210aac6cb9db6a5e947eb24a00dbed0f723ed457c12bb56496fa14c76d

SHA512
a5b54f04d85389a7061f4894b7eb82d9e0a8f17aa05c0392b43800c45f0ba7063b2b0b53c766e1cfe40c76f9e36a2390f8dafc164839e0d55c684ab6f0da605e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1324414d78e4c0cbcd27b471b15412fc

SHA1
41aeec7492ca5c5fd260f0e0db113be478c5f3de

SHA256
f73a7907efa8f38824cdc7737e6c94f6bc04c839170c5fb2eac2e7702cfa7d0f

SHA512
888e37a28e8d4569f33a81d0b4f1820d5d66ebf8752c157edfb29619ea1c6a6355aa85a2a11f48fd57af26b3c2777d8cdc91a5ecb0b3b3fb49bcd792ea4ae2fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b178046ce1e096d082dc8e96c57e4c1

SHA1
347d1bdd2fd00ba58a1eb02b05dca686eb3eb7aa

SHA256
e5eec6cb542c5359d612070cb9fd5f82b746998102f89b472ba5deea16832cf0

SHA512
f7dbef3eff28923743d5ed10164a544ec08e92d8583e58bc465997c69ee6503e5ab94327e117ae831677f241cd12aa2907fdbee9e18330c8cebe866a2665f24c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c96a3f2cd3e0568b12391bef936fe19

SHA1
ecc6d81fee1b22812fe09ebcef88c8f260dfed28

SHA256
449869879c8badbc6966e6651ae5f4b0f00632b6a5b05de6c7f19d33736b94a9

SHA512
12995be89b0dd1198640c98983b3085db1ae81722161714e79d71cabdf824c8282c6d45eac1ed3b900b17106f14133bcd021cdd4077600f6c43d5e85a5306be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4d400785594edff36b6edeb4d5b4599

SHA1
9090b84236f98495bc37c442d93d8cb520d1a53b

SHA256
a0c93981b300593815580e26a40383687846d2f0e2ac8c9fd9ada61cbb704bcc

SHA512
937a6eab5e1d1144c63b7896a8abdc5c663c0694e9b523467a487e4d5088127352aae36500d83a2796c91bbc6c63909125fcd74d22b9f20e09cc0889a6e9489f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
527f4e4702433707afb0dbf973888af9

SHA1
a54a1827748bf799c3f2eaecee473c21348d0b56

SHA256
189e9dba0b636fb73fd827743ee0e180ffdeefa01f9741845e890f306120252d

SHA512
96b23b592488e375fc5ea7a99f8c08accb8c5573bda777333ef0aaa7ede0217ad4aff1c924852e8248dc60e3167f52bdc03f09d176eb61fa73a35a5abbaafc0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1abc39aadfcd120e83a05cfc1b186b2c

SHA1
f7b7c9e8d9b91223d177b9517ec3bd5434b1ecb7

SHA256
02bce800d19b57821983508e64a91c7080b3d3ab7f252432b25df56d15d93e89

SHA512
f75a81c75489a521c47006f9eeece01aa19d4c693a5e153d945c274628763daf9e181d2548a1bb15547762e3ecd0e2c4cd60b38490b9a4070c8f475a33879f58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c854ce270cde181699dac77ebaa2f70a

SHA1
74d5af94084399f7fa043049b92f6ee174325899

SHA256
86416779932f6518dbb089d20567fc01eed79494e0a485c541ffaf838934f154

SHA512
a509eacbd0545400f75f0407de6aa26275eaeb195cbb6ba05794811486cadd6560b5af1751556ed9db8020bda15f48d45aa55b8fdc710a11133c174e561b8106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df27c9bc654deb87f8b29ed3d8e2bc7c

SHA1
f81faa43419adba9434adca6e478c3119bb9e91d

SHA256
e8e85c79e70602b40e2086afda0f9afb0aa6763726bca6ad391889885687f8c6

SHA512
70a23953e0eb6ab20c71bcfbcf7f9fac70b45e13b39d77bb97666ded81713cdf70552ac1ac9afffc15e6d9d682eaf047585ebff2ecc5f1d5c3b0078d688b0de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBFC7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC087.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit